Surveys look at the risk environment and how organizations expect it to develop in 2021
- Published: Monday, 16 November 2020 09:24
During ‘Audit & Beyond’, AuditBoard’s second annual user conference, more than five thousand audit, risk, and compliance professionals virtually convened for two days to discuss the dynamic state of risk in 2020 and its associated challenges. In a series of surveys that AuditBoard conducted throughout the conference sessions, it found that the majority of those surveyed believe risk will continue to be dynamic and unpredictable in 2021 and beyond.
In light of recent events such as the COVID-19 pandemic crisis, economic uncertainty, and the mass shift to remote working, survey respondents predict that the most pressing risks for businesses in 2021 will be economic conditions impacting growth (27.6 percent of respondents) and cyber security threats (27 percent of respondents). Secondary to these risks, respondents expect business continuity/crisis response (12.8 percent), data/privacy protection (9 percent), and fraud (8 percent) will also be significant risk areas continuing into 2021.
Regarding cyber security risk, over 70 percent surveyed indicate that they have had a cyber security incident recently, and over 20 percent have had an incident that resulted in significant deficiency or material weakness.
The long-term technological impact of 2020
Over one-third (35 percent) of those surveyed believe the most significant challenge audit teams face due to the 2020 pandemic is ‘technology’, second to ‘finance’ (26.1 percent), underscoring the importance of technology in enabling business continuity and collaboration in a remote business environment. Significantly, nearly two-thirds (59 percent) of survey respondents report their teams will have the option to work remotely for all or part of the workweek once quarantines lift. 7.5 percent said they expect their team will work 100 percent remote on a permanent basis, highlighting the long-term impact the pandemic has made in fundamentally altering organizational approaches to remote work and telecommuting.
Room for improvement: maturing enterprise risk management practices
The surveys also reveal that organizations are increasingly relying upon audit professionals to help the business identify and manage emerging risks. More than half (55 percent) of those surveyed state that internal audit has been involved in discussions of risk and response to the crisis, and nearly half (44 percent) state that communications with audit committees will increase slightly or significantly moving forward. In addition, 84.3 percent of respondents are likely to expand their risk assessment to new areas or processes to mitigate additional pandemic-related risks. Yet, these findings simultaneously reveal that the opportunity is ripe for audit professionals to gain a seat at the table by playing a more critical role in maturing risk management practices.
Of the attendees surveyed, only 16.1 percent report having an advanced maturity enterprise risk management program that provides input into daily decision-making processes as well as internal audit planning. Most survey respondents (52.7 percent) have mid-level maturity ERM programs that assist in internal audit planning, but not other decision-making.
The solution to providing more valuable risk insights that impact decision-making is to increase the frequency of risk assessments and advance the overall methodologies and systems for performing risk management. Fittingly, this aligns with the top three priorities for risk management in the coming year, which respondents identified as:
- Increase focus on strategic risks (24.6 percent)
- Enhance the quality, availability, and timeliness of risk data (24.5 percent)
- Identify and manage new and emerging risks (23.8 percent).
Attendees were presented with different sets of survey questions at select conference keynotes. As a result, the sample size of respondents varies from question to question. The percentages above represent the portion of attendees who responded a given way to a given question. Sample sizes for all response sets range from 700 to 2100 respondents.