A majority of audit and risk professionals believe the risk environment will continue to be dynamic and unpredictable in 2021, rather than returning to more stable pre-pandemic conditions, an AuditBoard survey finds.
The top risk they cited for the coming year was of “economic conditions impacting growth,” followed closely by “cybersecurity threats.”
The responses also illustrate the long-term changes audit and risk professionals will experience in their roles as a result of the pandemic, and how crucial those individuals will be in helping organizations overcome risk challenges despite gaps in enterprise risk management (ERM) programs.
A permanent shift to remote work
One of the biggest challenges the COVID-19 pandemic has created for audit, risk, and compliance professionals is the sudden shift to remote work. Performing audit and risk management tasks in a remote environment is a significant challenge without the aid of modern, collaborative technology.
Recent Institute of Internal Auditors (IIA) polls suggest roughly three-quarters of audit teams are without a modern audit technology solution today. However, when asked by AuditBoard about the future of work, 59% of respondents said they expect their team will work remotely for all or part of the workweek once quarantines lift.
7.5% said they expect their team will work 100% remote on a permanent basis. This shift to remote work presents a major operational challenge for audit, risk, and compliance teams.
“Conditions this year have changed drastically due to the pandemic, and audit, risk, and compliance organizations have had to act quickly to adapt to the dynamic risk environment while maintaining operational continuity,” said John Reese, SVP of Marketing, AuditBoard.
“AuditBoard survey responses overwhelmingly showcase how quickly the workplace mindset is shifting, and how important modern audit, risk, and compliance technology has become to support a more remote and connected future.”
Businesses face dynamic risk environment
Respondents were asked questions about the risks their businesses face as a result of the pandemic and looking forward. Responses reveal an evolving risk landscape with a variety of different business priorities.
- 81% of respondents said “risk will continue to be dynamic and unpredictable” in 2021 and beyond.
- When asked what they see as the most pressing risk facing their businesses in 2021, 27.6% of respondents said, “economic conditions impacting growth,” more than one-quarter (27%) said, “cybersecurity threats,” and 12.8% said “business continuity and crisis response.”
“Audit and risk professionals expect the 2021 business risk environment to be unpredictable,” continued Reese.
“Specifically, they are most concerned with the potential risk of economic conditions, cybersecurity threats, and business continuity as their organizations are faced with a fast-changing external environment. Technology like AuditBoard will be a crucial enabler as organizations strive to understand and manage these risks at scale, and stay a step ahead.”
Amid changing strategies, risk management programs often lacking
The pandemic has shifted risk management strategies for most organizations, but many organizations still lack a mature ERM program.
- 79.5% have either made moderate changes (43.1%), redirected strategy in certain areas (29.3%), or made significant broad-ranging changes (7.1%) to their risk management program since the start of the pandemic.
- Despite these measures for managing the changing risk landscape, just 16.1% reported having a “robust ERM program” that impacts daily decision making and internal audit planning.
Audit teams becoming a core part of business response to risk
Responses from survey questions directed specifically at audit attendees show how auditors are becoming an increasingly relied-upon asset for organizations as they navigate these risks.
- 55% replied that they agree or strongly agree that internal audit teams are involved with discussions of risk and potential responses to the crisis.
- The same sample of respondents was also asked how COVID-19 will change communications between audit teams and the rest of the organization. 44% said that communications with audit committees will increase moving forward.
- In a separate conference session, 84.3% of respondents replied that they are somewhat or very likely to expand risk assessment to new areas or processes and add new controls to mitigate additional risks as a result of the pandemic.