Internal auditors are facing a host of risks during the COVID-19 pandemic in business continuity, crisis management, cybersecurity and other areas, according to a new report.
The report, released Monday by the Institute of Internal Auditors, follows up on a similar report released last year, and discusses the top 11 risks facing organizations. For the report, the IIA surveyed members of corporate boards, executive management teams and chief audit executives.
The report found that 93 percent of CAEs rated business continuity/crisis management as highly or extremely relevant, compared to 87 percent of board members who ranked those risks as highly or extremely relevant. Far fewer members of the C-suite identified them that way, with only 63 percent describing business continuity/crisis management as highly or extremely relevant. Members of corporate boards and C-suites who responded to the survey rated their level of personal knowledge lowest when it comes to cybersecurity.
Mike joined Simply Business in April 2018 and is Vice President of Insurance Panel and Partnerships and a member of the US Executive Leadership Team. In his role, Mike is responsible for driving product growth with new and existing panel insurance carriers as well as expanding Simply Business's distribution reach through strategic partners. Collaborating with insurance carriers, Mike's team helps bring new insurance products to market that benefit business owners while meeting small business customers where they are via distribution partnerships.
Mike brings 20 years of commercial property and casualty experience to Simply Business, having had previous underwriting and distribution roles at Liberty Mutual Insurance. Mike earned his bachelor's degree in finance from Bentley University in 2003 and his CPCU designation in 2009. Mike resides in the Greater Boston area with his wife and two sons.
Chana R. Schoenberger is the editor-in-chief of American Banker. Previously, she was the editor-in-chief of Financial Planning after joining Arizent in 2020.
In her prior role, she was the managing editor for U.S. wealth management at J.P. Morgan. Before that, she was a columnist and freelance journalist, and previously worked at Bloomberg News, Dow Jones/The Wall Street Journal, and Forbes. A graduate of Harvard College, she received her master's degree as part of Columbia Journalism School's Knight-Bagehot Fellowship in Economic and Business Journalism. She is now based in New York City after stints in Tokyo and Canada.
Follow her on X at @cschoenberger.
Holly Sraeel is Founder of The Most Powerful Women in Banking and SVP of Strategy and Content, American Banker Live Media, leading content creation and innovation for the events and live media portfolio and introducing new multimedia and invitation-only experiences for senior executives that drive critical conversations and action around corporate strategy, innovation and financial performance. She is part of the company's operational leadership team and is focused on developing cross-platform programming that creates higher levels of engagement for subscribers, community participants and partners across the company's brands, including American Banker, The Bond Buyer, National Mortgage News, Accounting Today, Digital Insurance, Financial Planning and Employee Benefits News.
Sraeel is an award-winning editorial director, media executive and content strategist with expertise in developing influential content, communities, and events for C-level executives in the banking and financial services, insurance, and technology industries. Prior to joining Arizent, she held several content leadership and strategist roles, including for B2B media consultancy New York Ventures, capital markets management consultancy Opimas, Oxford University-incubated startup Wise Responder, and as cofounder of Genesys Partners' Agility First Forum.
This new role marks a return to the company for Sraeel. In her previous 12-year run, she was a member of the executive team and was pivotal in driving new cross-platform editorial, events and business innovation as SVP of Brand Management; Group Editorial Director of Banking and Technology magazines; and Founder, President and Editorial Director of The Most Powerful Women in Banking,™ the company's first-ever, community-based media platform, now part of Arizent's flagship American Banker.
Sraeel is an early honors graduate of Marist College with a Bachelor of Arts degree in Communications and a concentration in journalism.
Other risks discussed in the report include sustainability, disruptive innovation, economic and political volatility, third-party risks, board information, data governance, talent management, and culture.
“This is the second year we’ve done this survey,” said IIA president and CEO Richard Chambers. “The most revealing headline was that boards thought their organization was in a lot better position to address risk than management. That’s a little bit unsettling.”
This year, the COVID-19 pandemic exposed risks to business continuity and crisis management in particular. “The most revealing insight was that COVID and the aftermath is front and center in how management, boards and auditors are seeing risks in their organizations,” said Chambers. “Business continuity and crisis management are very high on their list of the key risks. Two years don’t make a trend, but it doesn't surprise me that there is closer alignment between management and auditors on the risks their companies are facing. When everybody is focusing on a looming storm, you’re more apt to have agreement. From that standpoint, COVID and the crisis we’re facing with the pandemic has allowed for management and auditors to see risks in much the same way.”
Talent management and innovation are seen as big risks by management. “Management has insights into the risks they face, but I also recognize that management isn’t always forthcoming about the risks they face because it could be a reflection on how well they’re managing,” said Chambers. “You can’t always get a candid assessment.”
That’s why it’s especially important for internal auditors to keep corporate boards informed about such risks. “I’ve always been one who believes that internal auditors can be the eyes and ears for the board when they’re not around,” said Chambers.
Cybersecurity has become even more of a risk for many companies with so many of their employees now working from home, with access to corporate systems available around the clock and few eyes watching other workers in their remote offices. Cybercriminals can also take advantage of the remote access if it’s not secured.
“When the workforce is distributed, people are working from home, and people are not as careful with the data they are sharing,” said Chambers. Cybersecurity also ranked high in last year’s survey, but he sees a clear correlation between COVID-19 and why cybersecurity risks are seen as even higher this year.
The IIA issued the report at a time when many internal audit teams are making their audit plans for next year. “We think it will be very revealing to them and a good source of information as they look at their own risks in their companies,” said Chambers.
