Risk in Focus

Hot topics for internal auditors: the 2019 report

Risk in Focus puts a spotlight on priority risk areas that organisations face as they look ahead to next year. It reveals how heads of internal audit across Europe view today’s risk landscape.

Key findings

1. The single biggest risks that chief audit executives believe their organisation faces as they prepare their audit plans for 2019 are cyber security, compliance, digitalisation, regulatory change and political uncertainty.
   
   
2. As the frequency of cyber attacks on supply chains and cloud-based software providers rises, there will be an increase in assurance required around organisations’ exposure to third-party cyber security risk.
   
   
3. The two areas of compliance that internal audit most commonly expects to assess over the next 12 months are the GDPR and anti-bribery and corruption laws, which are being actively enforced and updated in a number of territories.
   
   
4. Recent protectionism in global trade, in particular tariffs brought by the US administration, represents a risk to organisations’ revenue growth. Boards/audit committees and their internal audit functions may choose to keep a watching brief on these developments.
   
   
5. There is a mismatch between where internal audit spends its time auditing and the perceived priority risks that organisations face. Therefore, boards/audit committees should re-evaluate whether internal audit is being used effectively to deliver risk-based assurance.

Download Risk in Focus 2019 (pdf)

Short on time? Watch this summary of the report

About the report

Risk in Focus provides a touchpoint for the internal audit profession that helps HIAs to understand how their peers view today’s risk landscape. Working hand-in-hand with boards, audit committees and other stakeholders, internal audit should already have a rigorous understanding of their organisations and the greatest financial, operational and strategic risks they face. However, it is vital that knowledge and thinking is shared within the profession to reinforce risk assessments and mapping and, ultimately, to support the provision of greater assurance.

While many audit functions will be preoccupied with business-as-usual operational audits, and all should be focused on areas specific to the assurance needs of their organisations, the hot topics in this report represent themes that are relevant across industries, with an emphasis on new and emerging risks. To be clear, this list is not exhaustive and we expect internal audit to take an appropriately risk- based approach to its work by addressing organisations’ greatest priorities. The topics listed herein should therefore be treated as a reference point rather than audit planning guidance.

The most sophisticated audit functions will not only test internal control systems but support their business in identifying risks looming on the horizon. We hope this report serves as a valuable resource for HIAs in evaluating risks they may not have considered, or contemplate from fresh angles risks that are already on their radar screens. Some readers may recognise themes from their own risk assessments and they should take comfort from this. It is confirmation that they are risk-aware. Others may find the highlighted topics help them to shape their forthcoming audit plans.

Methodology

Now in its third year, Risk in Focus is a collaborative effort between seven European institutes of internal auditors in France, Germany, Italy, the Netherlands, Spain, Sweden and the UK and Ireland.

As previously, we interviewed HIAs in all of these territories and across sectors as part of our qualitative research into priority risk areas that are expected to be addressed in audit plans for 2019 and further into the future. In addition, we also conducted a quantitative survey that received 311 responses. This research augmented the overall report by providing data on the biggest risks that HIAs believe their organisations face and where internal audit is spending time.

The hard data from the survey complements the qualitative research by showing, at the highest level, priority risks that organisations face, as identified by their HIAs, and quantitative results are included in the report. The interviews, meanwhile, allowed us to dig deeper and draw attention to more granular issues related to these broad priority risks.

Risk in Focus 2020

Risk in Focus 2020 is currently being prepared and will be published on Tuesday 10 September 2019.

Related content

Read the Risk in Focus 2018 report