In this article, our Audit Partner, Bindi Palmer discusses these risks and how the annual external audit can explore and test an organisations vulnerability to them.
In first place, 66% of those interviewed said cybersecurity is in their top five business risks this year, while 15% said it is currently their single biggest risk.
There have been many high profile incidents of data loss – where large volumes of personal information have found their way into the public domain or into the hands of cyber criminals. The most common types of breaches were – fraudulent emails (72% of all breaches), viruses and malware (33%), organisational impersonators (27%) and ransomware (17%).
In the past year alone, according to recent research commissioned by the Department for Culture, Media and Sport (DCMS) some 45% of small/micro businesses have experienced some sort of security breach or cyberattack in the 12 months.
“External auditors should be extending their testing on IT controls and security. This means exploring risk areas and flagging any vulnerabilities found during the audit. This may also need to cover IT supply chains and cloud services, as well as how the organisation is upgrading legacy systems to stay on top of the continued cyber threats,” says Bindi.
Compliance risks were of only slightly less concern with 58% of respondents rating it in their top five risks and 13% seeing this as their biggest risk this year.
Every organisation must follow directives set by external bodies or through law. Coupled with the external requirements, organisations will also have their own ways of working which they want employees to follow. Compliance, put simply, is following the internal and external rules in place.
Compliance covers a very broad area and might include items such as GDPR, Bribery, Food safety, financial and non-financial reporting, building regulations and health and safety.
“Whether assessing that you are meeting regulations, or providing proper and balanced reporting in your statutory financial statements, your auditor should review that this is properly documented and has been risk assessed,” said Bindi.
In 3rd place, digitalisation was the single biggest audit risk for 9% of respondents, while 36% placed this in their top five risks this year.
Widespread advances in technology, commonly referred to as Industry 4.0 or the 4th industrial revolution, are rapidly reshaping business. New disruptive digital technologies can offer large gains in efficiency and effectiveness, but also create new risks. This might include operational, financial, regulatory, organisational and technological risks.
“Your audit is a good opportunity to review the risks that digitalisation pose for your organisation and the processes you have in place to mitigate them.”
“Also, digitalisation now provides a good opportunity for us, as your external auditors, to utilise advanced data analytics. This allows us to test whole populations of your data, meaning we can provide a more risk based audit.”
“As this technology is still fairly new to the market, you should check that your auditor has taken the progressive step to implement this technology and developing the skills needed within its team.” said Bindi.
4. Regulatory change
Regulatory change was the biggest risk for 8% of respondents, with 36% rating it in their top five risks.
Regulatory risk is the risk that a change in laws and regulations will materially impact a security, business, sector, or market. A change in laws or regulations made by the government or a regulatory body can have a huge impact on any organisation as a going concern.
“With most businesses now having a global supply chain, the exposure to regulatory risk is increasing. Your auditor can cover this risk through detailed discussions and relevant testing around the laws and regulations,” says Bindi.
5. Political uncertainty
In a close 5th, political uncertainty completes the top 5 audit risks in 2019 with 8% rating it as their biggest risk this year and 23% rating it in their top five.
It is not surprising given recent political volatility across the globe that political uncertainty features as a top audit risk this year.
One critical action your audit must ensure is that a robust enterprise risk management (ERM) framework is in place to help the organisation consider and establish processes to manage the range of challenges that may immerge.
“It is likely that political uncertainty is up there as the top business risk at this very moment, but it has consistently been in the top five over the past year.”
“When determining the impact of political uncertainty, you should cast your net as widely as possible. Whether from tax reform or Brexit uncertainty, a proper framework should be developed and then reviewed in your audit.”
“With regards to Brexit, your directors should consider the risks and how these can be managed so that ultimately it does not impact going concern,” said Bindi.
What are your top business risks?
How do these top 5 risks compare to your own risks? We’d be pleased to discuss your specific areas of concern and how our audit service can help bring reassurance and confidence to your organisation.
You can find out more about our audit and assurance services and contact our team here.
* Risk in Focus 2019, Institute of Internal Auditors, 311 organisational surveyed in September 2018