Hot Topics for 2019 Internal Audit Plan
Hot topics for internal auditors: the 2019 report from the IIA
Risk in Focus puts a spotlight on priority risk areas that organisations face as they look ahead to next year. It reveals how heads of internal audit across Europe view today’s risk landscape.
- The single biggest risks that chief audit executives believe their organisation faces as they prepare their audit plans for 2019 are cyber security, compliance, digitalisation, regulatory change and political uncertainty.
- As the frequency of cyber attacks on supply chains and cloud-based software providers rises, there will be an increase in assurance required around organisations’ exposure to third-party cyber security risk.
- The two areas of compliance that internal audit most commonly expects to assess over the next 12 months are the GDPR and anti-bribery and corruption laws, which are being actively enforced and updated in a number of territories.
- Recent protectionism in global trade, in particular tariffs brought by the US administration, represents a risk to organisations’ revenue growth. Boards/audit committees and their internal audit functions may choose to keep a watching brief on these developments.
- There is a mismatch between where internal audit spends its time auditing and the perceived priority risks that organisations face. Therefore, boards/audit committees should re-evaluate whether internal audit is being used effectively to deliver risk-based assurance.
About the report
Risk in Focus provides a touchpoint for the internal audit profession that helps HIAs to understand how their peers view today’s risk landscape. Working hand-in-hand with boards, audit committees and other stakeholders, internal audit should already have a rigorous understanding of their organisations and the greatest financial, operational and strategic risks they face. However, it is vital that knowledge and thinking is shared within the profession to reinforce risk assessments and mapping and, ultimately, to support the provision of greater assurance.
While many audit functions will be preoccupied with business-as-usual operational audits, and all should be focused on areas specific to the assurance needs of their organisations, the hot topics in this report represent themes that are relevant across industries, with an emphasis on new and emerging risks. To be clear, this list is not exhaustive and we expect internal audit to take an appropriately risk- based approach to its work by addressing organisations’ greatest priorities. The topics listed herein should therefore be treated as a reference point rather than audit planning guidance.
The most sophisticated audit functions will not only test internal control systems but support their business in identifying risks looming on the horizon. We hope this report serves as a valuable resource for HIAs in evaluating risks they may not have considered, or contemplate from fresh angles risks that are already on their radar screens. Some readers may recognise themes from their own risk assessments and they should take comfort from this. It is confirmation that they are risk-aware. Others may find the highlighted topics help them to shape their forthcoming audit plans.