According to new survey findings, risks will continue to be largely unpredictable in 2021, and the shift to remote work wont be ending anytime soon.
The survey results, released by software platform AuditBoard, find that the risk landscape will continue to greatly fluctuate next year rather than returning to more stable pre-pandemic conditions, even if the coronavirus pandemic begins to subside. The responses illustrate the long-term changes audit and risk professionals will experience in their roles as a result of the pandemic, and how crucial those individuals will be in helping organizations overcome risk challenges despite gaps in enterprise risk management (ERM) programs.
According to the report, respondents expect the top risk in the coming year will be “economic conditions impacting growth,” followed closely by cybersecurity threats.
The findings come from a series of surveys conducted at AuditBoard’s recent Audit & Beyond virtual conference, which was attended by more than 5,000 audit, risk, and compliance practitioners.
A Permanent Shift to Remote Work
One of the biggest challenges the COVID-19 pandemic has created for audit, risk, and compliance professionals is the sudden shift to remote work. Performing audit and risk management tasks in a remote environment is a significant challenge without the aid of modern, collaborative technology. Recent Institute of Internal Auditors (IIA) polls suggest roughly three-quarters of audit teams are without a modern audit technology solution today. However, when asked by AuditBoard about the future of work, nearly two-thirds (59 percent) of respondents said they expect their team will work remotely for all or part of the workweek once quarantines lift. A small group (7.5 percent) said they expect their team will work 100 percent remotely on a permanent basis. This shift to remote work presents a major operational challenge for audit, risk, and compliance teams.
“Conditions this year have changed drastically due to the pandemic, and audit, risk, and compliance organizations have had to act quickly to adapt to the dynamic risk environment while maintaining operational continuity,” said John Reese, SVP of Marketing, AuditBoard. “AuditBoard survey responses overwhelmingly showcase how quickly the workplace mindset is shifting, and how important modern audit, risk, and compliance technology has become to support a more remote and connected future.”
Businesses Face Dynamic Risk Environment
During the keynote presentation at the Audit & Beyond conference, attendees were asked questions about the risks their businesses face as a result of the pandemic and looking forward. Responses reveal an evolving risk landscape with a variety of different business priorities.
- More than eight in ten (81 percent) of respondents said “risk will continue to be dynamic and unpredictable” in 2021 and beyond.
- When asked what they see as the most pressing risk facing their businesses in 2021, 28 percent of respondents said, “economic conditions impacting growth,” more than one-quarter (27 percent) said, “cybersecurity threats,” and 13 percent said “business continuity and crisis response.”
“Audit and risk professionals expect the 2021 business risk environment to be unpredictable,” continued Reese. “Specifically, they are most concerned with the potential risk of economic conditions, cybersecurity threats, and business continuity as their organizations are faced with a fast-changing external environment. Technology like AuditBoard will be a crucial enabler as organizations strive to understand and manage these risks at scale, and stay a step ahead.”
Amid Changing Strategies, Risk Management Programs Often Lacking
The pandemic has shifted risk management strategies for most organizations, but many organizations still lack a mature Enterprise Risk Management (ERM) program. COSO defines ERM as the strategies that organizations rely on to manage risk in creating, preserving, and realizing value.
- A full 79 percent have either made moderate changes (43 percent), redirected strategy in certain areas (29 percent), or made significant broad-ranging changes (7 percent) to their risk management program since the start of the pandemic.
- Despite these measures for managing the changing risk landscape, just 16 percent reported having a “robust ERM program” that impacts daily decision making and internal audit planning.
Audit Teams Becoming a Core Part of Business Response to Risk
Responses from survey questions directed specifically at audit attendees show how auditors are becoming an increasingly relied-upon asset for organizations as they navigate these risks.
- More than half (55 percent) replied that they agree or strongly agree that internal audit teams are involved with discussions of risk and potential responses to the crisis.
- The same sample of respondents was also asked how COVID-19 will change communications between audit teams and the rest of the organization. Close to half (44 percent) said that communications with audit committees will increase moving forward.
In a separate conference session, 84 percent of respondents replied that they are somewhat or very likely to expand risk assessment to new areas or processes and add new controls to mitigate additional risks as a result of the pandemic. 