Unprecedented challenges brought by the COVID-19 pandemic and greater reliance on technology and data collection are driving business continuity/crisis management and cybersecurity as top-rated risks, according to The Institute of Internal Auditors (IIA). OnRisk: A Guide to Understanding, Aligning, and Optimizing Risk 2021 offers a unique and insightful examination of the interactions and views from those who most directly involved in risk management – boards, executive management and internal audit.
A unique combination of quantitative and qualitative research provided a robust look at 11 top risks facing organizations. Business continuity/crisis management and cybersecurity were the two most relevant risks amongOnRisk 2021 respondents.
COVID-19’s existential threat to organizations combined with the extreme measures taken to cope with the deadly virus created new cyber vulnerabilities. For example, the newly ubiquitous work-from-home environment introduced the monumental task of enforcing cyber-safety protocols for entire offsite workforces. The perceived relevance and urgency of cyber-related risks was heightened further by changes to operations, mitigating the vulnerabilities of popular communications software, managing customer and vendor relationships strictly online, and internal audit’s inability to perform on-site visits.
About 9 in 10 (87%) board members and CAEs (93%) ranked business continuity/crisis management as highly or extremely relevant. However, far fewer members (63%) of the C-suite identified it similarly. Board and C-suites respondents rated their level of personal knowledge lowest when it came to cybersecurity. That may reflect continued uncertainty about a risk that is constantly evolving.
Other key observations:
- All respondents rated disruptive innovation and talent management as among the most relevant risks. Yet, C-suite respondents ranked their personal knowledge and the organization’s capabilities related to those risks as among the lowest.
- Board members and CAEs were largely aligned on their perception of the relevance of risks included in OnRisk 2021. However, management relevance rankings were lower overall with an especially large gap in the perception of governance and economic and political volatility.
- Responses were tightly clustered in ranking organizational ability to manage risk. Responses to COVID-19 were likely the reason.