In This Issue
- Digital Disruption and Climate Change Top List of Fastest-Growing Risk Areas
- IFRS Guide Helps Organizations Apply Global Standards to Sustainability Disclosures
- PCAOB Target Team Reports Findings from 2023 Inspections on Emerging Risks
- Wolters Kluwer Looks at Audit’s Role in UN Sustainable Development Goals
- It Might Be Time for Internal Audit to Hand Over Some Sarbanes-Oxley Duties
- How You Handle Stress as a Leader Can Affect Your Team’s Performance
Digital Disruption and Climate Change Top List of Fastest-Growing Risk Areas
However, Internal Audit Foundation study shows audit plans do not prioritise them.
Internal audit leaders worldwide are focusing on the two fastest-growing risk areas across industries: digital disruption and climate change. Over the next three years, those concerns are expected to outpace other risks.
That was among the findings of the latest Risk in Focus research by The Internal Audit Foundation, based on feedback from more than 3,500 internal audit leaders worldwide. Digital disruption risks are expected to increase by 20 percentage points and climate change by 16 points, according to a press release from The IIA.
Despite the findings, most audit plans do not currently prioritize those two fastest-growing risks, indicating a gap between evolving threats and current areas of attention, the research shows. In fact, digital disruption and climate change were not named among the top five areas where internal audit functions allocate the most time and effort. Internal auditors globally are focusing predominantly on cybersecurity, governance and corporate reporting, and business continuity.
“To ensure both short-term success and long-term sustainability, organizations and their internal audit functions must adapt risk management practices to keep pace with the changing risk landscape,” says Anthony Pugliese, president and CEO of The IIA. The Risk in Focus report offers a comprehensive view of the current risk landscape and how it is expected to evolve in the coming years. It includes a global summary and separate reports broken out by geographic region, including Africa, Asia Pacific, Europe, Latin America, Middle East, and North America.
Among other findings:
- Worldwide, about 39% of respondents ranked digital disruption as a top five risk, with the number expected to jump 59% in the next three years.
- In North America, 48% of respondents ranked digital disruption as a top five risk, with the number expected to jump 70% in the next three years.
- Worldwide, respondents expect this risk area to rise from fourth to second in the highest-ranked risk areas over the next three years.
- About 75% of respondents said artificial intelligence (AI) has introduced new risks to watch, especially related to cybersecurity. It has also impacted other risk areas, including human capital, fraud, communications, and reputation.
- Globally, about 23% view climate change as a top five risk today. But nearly 40% say it will reach the top five in the next three years, climbing from 13 in the ranking to 5.
- Climate change was ranked as a top five risk by 33% of audit leaders in Europe, compared with 30% in Canada and only 9% in the U.S.
IFRS Guide Helps Organizations Apply Global Standards to Sustainability Disclosures
Some companies are beginning to comply voluntarily to meet the demands of investors.
Even though not all governments have started requiring companies to report their activities around sustainability, investors are increasingly pressuring organizations to do so. A new guide that could be useful for audit executives and other top leaders is designed to help organizations determine how to apply global standards in their reporting.
Published by the International Financial Reporting Standards (IFRS) Foundation, the guide is titled Voluntarily Applying ISSB Standards. The International Sustainability Standards Board (ISSB) is responsible for developing IFRS Sustainability Disclosure Standards to provide a global baseline of sustainability disclosures that inform economic and investment decisions, according to a FAQ on the IFRS Foundation site.
Besides helping organizations apply the ISSB Standards, the guide assists them in communicating their progress to investors, according to a press release. To support those preparing the disclosures, the report highlights two elements: tools that allow for a phased-in approach around “climate-first” reporting and mechanisms that provide adequate measures to address the range of capabilities and circumstances among organizations.
Key elements of voluntary frameworks already in use around the world are incorporated into the ISSB Standards, and the new guide highlights resources to understand them better. The frameworks include the Task Force on Climate-Related Financial Disclosures (TCFD) recommendations, Sustainability Accounting Standards Board (SASB) Standards, Climate Disclosure Standards Board (CDSB) materials and the Integrated Reporting Framework. The goal is for companies to navigate away from these frameworks and standards to one single guiding source, the ISSB Standards.
The guide is the latest in a series of publications designed to support the implementation of IFRS S1, which applies to sustainability-related financial risks and opportunities, and IFRS S2, which pertains to climate-related disclosures. The full range of educational materials and supporting documents is available on the IFRS supporting materials page.
PCAOB Target Team Reports Findings from 2023 Inspections on Emerging Risks
Annual review focused on crypto assets, multi-jurisdiction audits, and unusual events.
A target team of inspectors from the Public Company Accounting Oversight Board (PCAOB) has issued an annual Spotlight report from 2023 focused on emerging risks and other topics that can affect audits by outside firms. The team gathers information across audit firms by conducting in-depth interviews and reviewing procedures.
The focus of the latest report was on risks related to three areas:
- Crypto assets. As a result of crypto asset market disruptions and the corresponding emerging risks, the target team gathered information about certain audits of public companies with material crypto asset activities. This included obtaining and analyzing information about the audit firms’ client acceptance and continuance processes, risk assessment procedures, use of consultation and subject matter groups, guidance and tools, and audit execution, including the extent of procedures conducted by the engagement teams to determine the relevance and reliability of information obtained from blockchains.
- Multiple-jurisdiction or multi-location audits. Because of ongoing geopolitical turmoil and some companies switching from China-based audit firms to those in the U.S., the target team selected this as a focus area.
- Significant or unusual events or transactions. Examples included data breaches, gains or losses from cybersecurity lawsuits, interruptions to operations from natural disasters, and early retirement of debt and/or restructuring.
The report discusses the target team’s findings for each of the three risk areas. Each of the three sections addresses the questions team members aimed to answer, inspection results, observations, and good practices.
Target team inspection activities for 2024 will focus on the following topics: initial audits by a successor auditor; risk assessment; auditor’s assessment of a public company’s use of artificial intelligence; biotech startups; audit firms’ use of shared services centers; and cash flow statement, segment reporting, and earnings per share. Results will be presented in a future Spotlight.
Wolters Kluwer Looks at Audit’s Role in UN Sustainable Development Goals
Common SDG assurance framework is in the pilot stage to assess effectiveness.
With all the activity in recent and future years around sustainability reporting for public companies, internal audit leaders and their teams are still trying to determine how they fit into the big picture. A new report examines internal audit’s role in helping organizations implement the United Nations Sustainable Development Goals (SDGs).
The article by Dutch information services company Wolters Kluwer, titled “Sustainable Development Goals (SDGs) — Internal Audit’s Role in Assuring Organizational Responses,” first gives a history of the SDGs along with a section on who uses them and how. It discusses a lack of structure around how implementation of the SDGs is measured and monitored.
“As yet, there is no common SDG assurance framework,” the report reads. “The UNDP is developing one which is currently being piloted. This will be an important source for those implementing SDG alignment processes, as well as those such as internal audit assessing their effectiveness in decision-making.”
The goals cover a wide range of social, economic, and environmental issues. They include everything from no poverty, zero hunger, good health and well-being, and quality education to gender equality, clean water and sanitation, affordable and clean energy, and decent work and economic growth.
Each goal is supported at a global level by specific targets, 169 in total, that focus on delivering progress by 2030. Governments and some sectors, such as education, have embraced them. However, many corporations have not, the report says.
It is becoming more important because of the interest of investors, the article says. A 2023 survey found that 75% of investors tracked investments using SDGs in 2022.
Internal audit can help by first understanding the risks associated with SDGs, which typically fall into three categories:
- Reputational risks around misleading or inaccurate public disclosure known as “greenwashing,” or the newer term “rainbow-washing” which refers to the multicolored chart of SDGs.
- Financial risks, sometimes stemming from loans based on ESG commitments that are not met.
- Regulatory risks, especially those stemming from misleading stakeholders.
The report outlines how internal audit can play a role in SDG assurance. It offers questions auditors can ask about how SDGs are used in either decision-making or reporting in the organization.
It Might Be Time for Internal Audit to Hand Over Some Sarbanes-Oxley Duties
There would be advantages to distributing across the three lines, Wolters Kluwer article says.
Internal audit was a natural choice to oversee an organization’s compliance with the Sarbanes-Oxley Act when the measure was implemented in 2002. Today, it might be time for the first and second lines to pick up some of the responsibility instead.
That is the premise of a recent article by Dutch information services company Wolters Kluwer, which asserts that if an organization were like a busy restaurant kitchen the internal audit team would be the head chef, making sure every dish is top-notch before it goes out to customers.
“But with so many quality checks to do, the head chef can’t focus on coming up with new, interesting dishes or keeping an eye on everything else going on in the kitchen,” the article reads. “By giving some of the quality checks to the sous-chef, the head chef can focus on leading the kitchen to greatness. In the same way, by letting the first and second lines handle some of the SOX compliance tasks, like updating control documents or self-assessments, the internal audit team can make the entire organization run smoother.”
The article quotes the Internal Audit Foundation’s 2024 North American Pulse of Internal Audit report, which showed that 69% of respondents from publicly traded organizations said their internal audit teams still manage the Sarbanes-Oxley program. Technological advancements have transformed compliance management, with automated workflows and data analytics reducing manual efforts, the article says, so the work could be handled by other functions rather than audit. For organizations without a dedicated Sarbanes-Oxley program management function, some duties could go to a department or process owner, the first line, or a risk or compliance function, part of the second line.
“While the benefits of transitioning SOX activities to the first and second lines are clear, the process itself can be complex and fraught with challenges,” the article reads. “Organizations must carefully navigate these challenges to ensure a smooth and successful transition.” The article lists specific activities that could be handled by others in the organization and includes recommended strategies for a smooth transition.
How You Handle Stress as a Leader Can Affect Your Team’s Performance
Are you ensnared in a web of unrest, or do you accept challenges as they come?
In a world where stress has become a way of life, people often mistake the concept of stress solely with events. Actually, stress is not the list of daily challenges, but instead the result of how we face adversity.
A recent article in Psychology Today explains the concept this way: “When faced with an unpleasant challenge, our minds may conjure a familiar thread of thoughts: ‘I don’t like this. Something feels wrong. Why can’t things change?’ This inability to accept the moment as it is—that’s the crux of stress. Whenever something must change for you to be happy, you’re making life stressful.”
The article contrasts the outlook of two CEOs — one who puts his head in his hands and laments about all the issues he’s facing, and another who smiles and tackles each challenge head-on. One is ensnared in a web of stress, while the other dances through her day with grace and resilience, the article says.
The most successful leaders accept challenges. That doesn’t mean they like or love the situation. It means they receive the challenge as it is. “Picture a sturdy three-legged stool: one leg representing your body, another for your mind, and the third your spirit. Years of performance research have taught us that the optimal stance for peak performance is achieved through this triad,” the article says.
This is important because the personality strengths of an organization’s leader parlay themselves into every level of the corporation. So do the weaknesses.
“Above all, the successful CEO understands that their role is not merely to lead but to foster a thriving community that values cooperation over competition,” the article says. “This approach encourages a culture of problem-solving rather than blame, creating an environment where everyone feels empowered to contribute their best.”
Pulse Check – ERM Function Oversight
Pulse Check Report — ERM Function Oversight
One of the most common questions we’re asked is how internal audit leaders maintain independence and objectivity when tasked with overseeing other functions like ERM. For our latest Pulse Check, we asked just how common this trend is among our ALN members — and what safeguards they to preserve independence!