COVID-19’s existential threat to organizations combined with the extreme measures taken to cope with the deadly virus created new cyber vulnerabilities. For example, the newly ubiquitous work-from-home environment introduced the monumental task of enforcing cyber-safety protocols for entire offsite workforces. The perceived relevance and urgency of cyber-related risks was heightened further by changes to operations, mitigating the vulnerabilities of popular communications software, managing customer and vendor relationships strictly online, and internal audit’s inability to perform on-site visits.
About 9 in 10 (87%) board members and CAEs (93%) ranked business continuity/crisis management as highly or extremely relevant. However, far fewer members (63%) of the C-suite identified it similarly. Board and C-suites respondents rated their level of personal knowledge lowest when it came to cybersecurity. That may reflect continued uncertainty about a risk that is constantly evolving.
Other key observations:
- All respondents rated disruptive innovation and talent management as among the most relevant risks. Yet, C-suite respondents ranked their personal knowledge and the organization’s capabilities related to those risks as among the lowest.
- Board members and CAEs were largely aligned on their perception of the relevance of risks included in OnRisk 2021. However, management relevance rankings were lower overall with an especially large gap in the perception of governance and economic and political volatility.
- Responses were tightly clustered in ranking organizational ability to manage risk. Responses to COVID-19 were likely the reason.
About The Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The IIA’s global headquarters are in Lake Mary, Fla. For more information, visit www.theiia.org or www.globaliia.org.
SOURCE The Institute of Internal Auditors