Internal audit leaders expect new risks to emerge post-pandemic

COVID-19 stretched organizational resources and unleashed new risks on a global basis, prompting an ongoing pivot by internal audit departments to address the evolving challenges, according to a survey by AuditBoard.

Cybersecurity continues to be a daunting risk as organizations grapple with unrelenting attacks, but emerging risks involving the workforce, third-party oversight, regulatory changes, and business continuity are becoming increasingly in focus.

Internal auditors meeting many challenges through transformation and resiliency

The survey of internal audit leaders across North America, including those at major Fortune 500 companies, revealed:

• Cybersecurity and data protection are considered top risks by 90% of respondents.
• The turn to greater remote operations has brought multiple rewards and increased use of new technologies, but also challenges, especially in the areas of organizational relationships and talent retention.
• The post-pandemic risk landscape is quickly changing, with economic conditions; third-party risks; environmental sustainability concerns; diversity, equity, and inclusion (DEI); and more emerging as critical areas of focus for enterprises over the next few years.

“COVID-19 created what is arguably the greatest disruption for organizations as well as for internal auditors, due to their enterprise-wide role,” said Richard F. Chambers, AuditBoard Senior Internal Audit Advisor, who authored the report.

“The pandemic heightened risks in virtually every facet of enterprise operations. We’re glad to see that internal auditors have met many of the challenges through transformation and resiliency.”

The survey shows that internal audit is responding to existing and new challenges by increasing resources, a trend that’s expected to continue through at least 2025. For example, in 2021, twice as many internal audit leaders (36%) reported increased budgets compared with those seeing declines (18%), and nearly three times as many (29%) increased staff as decreased staff (10%). Over the next two years, 52% forecast budget increases and 46% expect to expand their teams, with an emphasis on highly sought skills.

Other findings

• Analytical/critical thinking and communications rank as the top two “critical skills” needed for effective internal auditing, with greater attention being placed on cybersecurity, data mining/analytics, and business acumen.
• 51% of internal audit leaders hired remote staff during the past 18 months, while 26% saw their team members “poached” by other organizations.
• 40% said remote operations weakened some relationships between internal audit and stakeholders within the organization, prompting refinement of communication and assessment strategies.
• Over 80% of internal auditors expanded their use of specific technologies to enhance their work, particularly with data extraction/analysis and cloud-based audit management software.