Risk in Focus is an annual barometer of what CAEs perceive as their organisations’ risk priorities and what is preoccupying their thinking as they prepare their forthcoming audit plans. Risk in Focus is a vital point of reference for the internal audit profession, not just in Europe where the annual surveys and interviews are carried out, but worldwide.

Risk is not solely the domain of internal audit, of course. Therefore, while the report may serve as a valuable document for CAEs and internal auditors in helping to shape and challenge their own audit plans for 2020, we hope it serves as an important benchmarking and consultation tool for a wide stakeholder group. Indeed, this report is as relevant for boards and audit committees as it is for risk managers and other assurance providers.

Inevitably risk assurance is an idiosyncratic exercise that meets the specific needs of an organisation. Rotational audits should now be a thing of the past, internal audit instead striving to be risk based and agile, responding to and pre-empting emerging risks and stepping into its trusted advisor role whenever called upon. For this reason, the following topics should serve as a resource for CAEs to inform, challenge and sense-check their next audit plan, and provide context for discussions with senior management and the board.

The 10 priority risk areas internal audit should address in 2020 are:

  • Cybersecurity & data privacy: rising expectations of internal audit
  • The increasing regulatory burden
  • Digitalisation & business model disruption
  • Looking beyond third parties
  • Business resilience, brand value & reputation
  • Financial risks: from low returns to rising debt
  • Geopolitical instability & the macroeconomy
  • Human capital: the organisation of the future
  • Governance, ethics & culture: the exemplary organisation
  • Climate change: risk vs opportunity

We are happy to share the forth edition of Risk in Focus defining hot topics for Internal Auditors.

This report is also relevant for boards, audit committees, risk managers and other assurance providers. A board briefing is available here.