CAE Pulse October 3 2024

In This Issue

 

 

GenAI and ESG Join Traditional Topics on List of Audit Planning Priorities for 2025

In its 10th year, Deloitte report for financial services sector spotlights evolution of trends.

In a new report for internal auditors in the financial services sector, Deloitte projects which issues will be top of mind for 2025. This is the 10th year the audit and accounting firm’s financial services arm has assessed planning priorities, and the research examines how the list has evolved.

“The Financial Services landscape in 2024 continues to be driven by increasing regulation, which is impacting many firms’ cost-base due to the need for more robust and well-controlled processes,” Deloitte’s UK web page on the report reads. “This is compounded by wider economic volatility stemming from ongoing global conflicts, a higher interest rate environment, and elections taking place across 70 countries worldwide, including in the UK.”

Some key topics highlighted in the 2014 report a decade ago have remained the same, including model risk management, third-party risk management, and financial crime. However, as internal audit functions evolve to keep pace with change, they are dealing with numerous new challenges, including generative artificial intelligence (GenAI). For the second year, the report devotes a section to environmental, social, and governance (ESG) reporting, discussing not only increasing regulation in that area but also the importance of ESG in decision-making.

“With notable increases in the quantity, quality, and breadth of reporting and disclosures due over this and coming years, driven by regulations such as the Corporate Sustainability Reporting Directive (CSRD), ESG continues to be a focus area,” the website reads. “Regulation aside, firms should be mindful of the strategic decisions required to effect change as well as report accurately.”

The report is divided into three downloadable segments. One is on banking and capital markets, one is on insurance, and one is on pensions, wealth, and asset management.



KPMG Study: CEOs Are Increasing Cybersecurity Investments with Growth in GenAI

Global study also shows how leaders are handling geopolitics, M&As, and return-to-office.

With the use of generative artificial intelligence (GenAI) on the increase, 69% of CEOs participating in a survey in the U.S. are increasing their investments in cybersecurity, according to a new study by KPMG. About 21% expect to see a return on those investments in one to three years, with 68% anticipating that the return will take three to five years. However, audit executives and their counterparts in the C-suite should know cybersecurity is only one risk that is keeping CEOs on alert.

CEOs are also actively monitoring geopolitics, economic uncertainty, and longer-term structural changes to the U.S. economy such as the dynamic labor market and potential policy shifts on taxes and regulations, according to a press release. The report on the KPMG 2024 U.S. CEO Outlook is part of a larger study that surveyed more than 1,300 CEOs at large companies globally, including 400 in the U.S.

The study also looked at the appetite for mergers and acquisitions (M&A), confidence in meeting net-zero climate-related goals by 2030, and sentiment about return-to-office strategies. The top three trends U.S. respondents identified as those that could negatively impact the prosperity of their organizations over the next three years are the cost of living, cybercrime and cybersecurity issues, and talent.

“CEOs’ primary focus remains anticipating and staying ahead of the compounding and interrelated risks,” said Paul Knopp, KPMG U.S. chair and CEO. “CEOs are strategically allocating capital to address cyber and geopolitical risks that can cause abrupt business disruption in the short term while making long-term investments in GenAI and M&A to spur future growth.”

Among other findings of the global study:

  • 78% of respondents are confident in the growth prospects of their company.
  • 85% are confident in the growth prospects of their country.
  • 74% are confident in the growth prospects of the global economy.
  • 86% say they will reward employees who make an effort to come into the office with favorable assignments, raises, or promotions.
  • 72% say GenAI will not fundamentally impact the number of jobs at their organizations but will require upskilling and existing resources to be redeployed.
  • 27% said the use of GenAI will create more jobs than it eliminates.



Auditor Independence Rules Are in the Spotlight in Latest Report by the PCAOB

Publication includes observations, good practices, and oversight tips for audit committees.

Maintaining independence between audit firms and their clients has increased in priority in recent years, with the Public Company Accounting Oversight Board (PCAOB) announcing in May 2023 that it was adding a section on it to its inspection reports. The latest PCAOB Staff Spotlight highlights inspection observations related to auditor independence.

The 29-page report, issued Sept. 16, outlines why independence is key for providing investors with unbiased third-party assurance that an entity’s financial reporting is reliable. The audit firm and its personnel must be free from any obligation or interest that compromises its work with the client, its management, or its owners.

“Although auditor independence is a critical element of an audit firm’s quality control system, PCAOB inspections show it is an area of common deficiencies year after year,” the report reads. “The PCAOB is committed to providing timely and relevant insight on issues identified during inspections. This Spotlight highlights recent staff observations on independence, including common deficiencies which resulted in the issuance of comment forms, good practices, and other reminders, that can help audit firms and audit firm personnel comply with PCAOB and U.S. Securities and Exchange Commission (SEC) independence standards and rules.”

The PCAOB staff has observed that an increasing number of comment forms have been issued related to independence issues in all inspection categories over the last three inspection periods (2021–23), the report says. The biggest increase in the number of comment forms in 2023 involved potential noncompliance with SEC or PCAOB rules, most likely driven by the increased scrutiny of independence requirements in inspections. The percentage of independence-related comment forms increased from 7% in 2021 to 14% in 2023.

The report examines inspection categories and also outlines good practices. Additionally, it includes a section of tips for audit committees in their role overseeing the external audit firm.


Internal Auditors at EU Financial Institutions Prepare for New Rules Under DORA

Three Lines Model will be key to complying with the Digital Operations Resilience Act.

By January 2025, financial institutions in the European Union (EU) must comply with the new Digital Operational Resilience Act (DORA). It is designed to create a strong security pillar that enables organizations to survive digital disruption.

recent article by Dutch information services company Wolters Kluwer explores the pivotal role internal audit will play in strengthening operational resilience under DORA. It gives details about the basics of DORA, including its purpose and scope. DORA applies to financial institutions including banks, insurance companies, investment firms, payment service providers, credit rating agencies, and crypto-asset service providers.

“The principal goal of DORA is to develop an integrated regulatory environment that will improve the operational resilience of financial entities,” the article reads. “It provides comprehensive standards for managing and mitigating Information Communication Technology (ICT) risks. By standardizing these requirements, DORA tries to ensure strong digital resilience across all EU-based financial entities.”

The European Confederation of Institutes of Internal Auditing (ECIAA) is cited in the article as saying DORA calls for the ICT risk management structure “to follow the Three Lines model where internal audit’s primary objective is to provide independent assurance and advisory services that will assist the financial institution in identifying and addressing potential risks and vulnerabilities.”

To achieve this, internal audit needs to work in close collaboration with other stakeholders including risk management, IT, and compliance, the article says. It gives specific areas where this synergy can be essential, including risk assessment and identification, policy and framework development, incident response planning, and continuous improvement.


Three Types of Dysfunction Can Derail the Effectiveness of a Leadership Team

Harvard Business Review article outlines how to reverse course and boost performance.

Under pressure to show strong performance at their organizations, despite numerous challenges worldwide that are affecting results in today’s business landscape, C-suite executives can often overlook a critical factor in success: the health of their leadership team. A recent Harvard Business Review addresses how a dysfunctional team can derail strategic intention — and what to do to get back on track.

The authors of the article interviewed more than 100 CEOs and senior executives over multiple years for their research. They found that there are three main patterns of dysfunction:

  • The shark tank, characterized by infighting and political maneuvering. This environment pits ambitious leaders against each other to see who will make it to the top team. While competition can be healthy and drive results, too much of a good thing can lead to battlegrounds for personal agendas and unproductive power struggles.
  • The petting zoo, characterized by conflict avoidance and an overemphasis on collaboration. Sacrificing vigorous debate and competition for harmony can harm organizational performance. Leaders need to be able to spar actively to solve tough problems. Without that, “an atmosphere of ineffectual niceness reigns.”
  • The mediocracy, characterized by complacency, a lack of competence, and an unhealthy focus on past success. When neither competition nor collaboration is emphasized enough, the team can lack the skills or motivation to drive performance. Executives operate in silos, which leads to a lack of synergy, duplicated efforts, and missed opportunities.

The article outlines how to reverse each of these types of dysfunctions and turn groups into high-performing teams. Lifting a team to a new performance level takes diagnosing the specific pattern and then adopting a targeted approach to address it.


How You Set the Tone Under Pressure Affects Your Effectiveness as a Leader

Inc. magazine article gives tips on handling stressful workplace situations head-on.

High-pressure situations are inevitable for audit executives and other top-level business leaders. How you handle them affects not only the immediate outcome but also your team’s confidence in your leadership.

That’s the premise of a recent article in Inc. magazine titled “Staying Composed Under Pressure: How Leaders Set the Tone in Tough Situations.” Leaders who remain calm when things go wrong, a deadline is missed, or an unexpected issue pops up are sending a message to their team members that challenges are manageable and there is a path forward. Leaders who panic or respond impulsively, on the other hand, create an environment of uncertainty, which can be demotivating.

The article gives tips on how to demonstrate leadership under pressure, including these:

  • Acknowledge the problem. This openly sets the stage for finding solutions.
  • Focus on solutions instead of the problem. Instead of dwelling on what went wrong, letting the problem paralyze you, shift the focus toward action.
  • Take responsibility. Own the challenge, which creates a culture of accountability and shows you are not trying to deflect blame.
  • Communicate clearly. To help reduce the anxiety of your team members, keep them informed about what is happening and what steps are being taken.

The article also suggests ways to manage stress and maintain mental clarity:

  • Take a step back. Take a brief moment to assess the situation before you jump in and take action.
  • Prioritize and delegate. Everything might seem urgent but focus on the most critical tasks in handling the issue and assign tasks to your team members while you address high-level needs.
  • Take care of yourself. Stay grounded by getting rest, taking breaks, and practicing mindful techniques such as deep breathing. This will allow you to stay healthy and clear-headed.