Earlier this month, we discussed five of the "top-of-mind" risk issues that have (or should have) recently triggered the attention of boards, audit committees and senior executives. Since then, risks and incidents continue to make headlines - whether it is extreme weather conditions causing severe disruption and testing crisis response plans, or regulatory challenges facing audit firms in China. This is quickly becoming the norm. Over the next few years, companies around the globe will continue to face obstacles posed by the rapidly changing business environment and intensifying regulatory scrutiny.
As the second part of this series, we will dive into the other five risk areas from CEB's Audit Plan Hot Spots for 2014 and discuss what they mean for companies in the year ahead.
The remaining Hot Spots (from the full set of 10) that companies should be prepared to address include:
6. IT Governance - Many organisations have accepted the use of employee-enablement technologies such as mobile devices and various social media and cloud platforms. The line dividing corporate and consumer technology use has eroded as a result. For example, 86% of individuals use the same smartphone for personal and work activities. Greater consumerisation of IT will render obsolete existing IT governance structures oriented toward legacy systems, platforms, and other corporate technologies. Audit responses should include reviewing all policies relating to employee enablement technologies including BYOD. On average, corporate IT departments control around 60% of the IT spend, but it's not all bad, as innovation is often the driving force within the decentralised spend.
7. Third-Party Relationships - 80% of executives have questioned the stability of their supply chains, as major disruptions reduce share price by 7% on average. Meanwhile, 38% of CAEs reported significant control issues in their employer's third-party management. Particular concerns arise from the risks from multi-tiered supply chains (key suppliers and their own suppliers) and ineffective inspections of suppliers by independent auditors. Audit responses include interconnectedness reviews and reviewing the third-party audits conducted by external companies.
8. Project Management - The types of projects that organisations are undertaking are critical to their on-going success and include new systems implementations, transformation initiatives, and knowledge worker capability enhancements. Project management costs have increased 30% over the last five years due to a growing number of smaller projects and greater project diversity. CAEs have noted this trend and 50% have reported a significant issue in project management. Key audit responses include project health-check audits conducted to assess on-going project performance (not just post implementation) and project governance reviews.
9. Intellectual Property - The percentage of market capital that intellectual property (IP) assets represent relative to tangible assets is growing. For example, IP is estimated to have been 45% of the United States' 2012 GDP. Product, design and intellectual innovation will continue to magnify the growing importance of IP. Lapses in IP protection, however, can severely weaken a firm's competitive advantage and result in significant financial losses. Auditors are reviewing IP document and patent filing processes, as well as employee IP training and IP infringement response plans.
10. Crisis Response Management - The accelerating speed of technological change, growing interdependencies between markets and the effects of instantaneous social media are rapidly undermining the effectiveness of traditional crisis response plans. Indeed, a recent study indicates that reported readiness for addressing crises has dropped, from 66% in 2011 to 59% in 2013. An audit of the existence, regular testing and updating of the crisis response plan is an essential response, and confirming the ability of the organisation to deliver timely communication.
As I mentioned above, the accelerating pace of business change and intensifying regulatory scrutiny are the key macro-trends that will continue to affect companies over the next 12 to 24 months. These Hot Spots provide a solid framework for addressing the key risk areas that could have significant consequences for businesses' performance. Securing buy-in from the entire organisation on usable and relevant policies, training and other controls will be critical for companies' audit teams in helping to avoid exposure to these risks in the future.
Ian Beale is a senior director in CEB's Legal, Risk, Audit and Compliance practice in London.
Find out more about CEB best practices and insight for Audit Leadership teams here.