What are the top risks internal audit leaders need to know about in 2024?
In their Focus on the Future report, Audit Board has conducted several surveys and presented data reporting the top risks Internal Audit leaders should keep top of mind.
With new and changing risks presenting themselves, internal audit practices need to be responsive and transformative.
The traditional perspective on internal audit transformation frequently relies on introducing new procedures checklists, and instruments (like AI, analytics and continuous monitoring) to improve capabilities.
The report shared the highest risks for organizations to incorporate into their part of their 2024 internal audit plans, which include:
Cybersecurity: Continuing from 2023, cybersecurity has been identified by internal audit teams as the greatest risk for 2024. According to the 2023 vs 2024 top risk survey performed by Audit Board, 81% of internal audit leaders rated cybersecurity as a “very high” or “higher than average” risk in 2024, compared to 83% in 2023. One reason cyber remains a top risk is that the U.S. Securities and Exchange Commission (SEC) unveiled a new cybersecurity rule in September that mandates the evaluation and disclosure of significant incidents within four business days. Additionally, a number of states have followed California’s lead and implemented new data privacy laws modeled after the General Data Protection Regulation (GDPR) of the European Union.
Changing Economic Conditions: The second top risk in 2024 is changing economic conditions. Examples of these changing conditions include the highest inflation rate in nearly 40 years in 2022, the global pandemic and unrest in the Middle East.
Ability to Attract and Retain Talent: Retaining and attracting talent is the third highest risk, according to the “Focus on the Future” report. This has been a steady issue since Covid began.
Regulatory and Legislative Changes: Regulatory and Legislative changes are the fourth highest risk according to the “Focus on the Future” report. Environmental, social and governance (ESG) regulatory and standard-setting activity is increasing globally, in addition to the new cyber and data protection regulations. Potential legislation governing social media and artificial intelligence are also on the rise. As a result of the recent upsurge of new laws and regulations, businesses are experiencing increased uncertainty as they learn more about the regulations’ meanings, applications and potential long-term effects.
Additional Top Risks: The other top risks identified for 2024 include disruption from digitalization and/or new business models, third-party management and IT aspects not covered by other risk areas noted. Digital risk and the requirement for efficient integrated risk management throughout the organization will continue to be more and more pressing.
Misalignment of Internal Audit Plan to Key Risks: Internal audit teams should continue to adapt to the changing risk environment. The survey on key risks for 2024 and planned audit coverage for each risk illustrate significant exposure gaps, as some top risks were not identified as top priorities in the audit plan. If ignored, the risk exposure gap can have impactful effects on a company. Specifically, the areas identified where the risk ranking significantly exceeds audit coverage in 2024 are:
- Changing economic conditions: this is expected to receive little coverage from IA’s: ranking 10th in planned coverage. Firms should look to be more aware of these conditions as they stand as the second greatest risk in 2024.
- Attracting and retaining talent: this is the third greatest risk for IAs in 2024, yet it is ranks 12th in planned coverage.
Internal audit needs to consider the critical risk areas affecting the business in order to comprehend the risk exposure gap and align resources and skillsets appropriately. IA leaders should continue to strategize and create plans surrounding the significant risks the business will face in 2024 to ensure appropriate alignment of the internal audit function.
About Schneider Downs Risk Advisory
Our team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.
Explore our full Risk Advisory Service offerings or contact the team at [email protected]
