The year 2020 undoubtedly was defined by the global pandemic. This had huge economic impacts that forced companies to adjust rapidly on various fronts. All crises provoke some level of introspection, whether personal, organisational, or societal. The Covid-19 pandemic has taught us that new risks can emerge at lightning speed and profoundly impact across-the-board.
The Institute of Internal Auditors (IIA) released an insightful report, ‘OnRisk 2021’, which yields valuable clues on risks for 2021. The Big-4 Accounting firms, Gartners, etc, released yearly predictive reports on emerging risks. The information and observations offer organisations the opportunity to carry out their introspective examinations of risk management.
“The definition of risk is the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is part and parcel of modern economic theory. As social, business, and government institutions have become more complex, global, and entwined, mastering the art and science of risk management has become ever-more imperative — and elusive” – The IIA.
The top risks for 2021 identified in studies and surveys are business continuity and crisis management, cybersecurity and data governance, disruptive innovation, talent management, and fraud.
Business continuity, crisis management, and cybersecurity are the top-rated risks for 2021. The expanding reliance on technology and data drives these two risks to the top of the list. The pandemic tested the organisation’s ability to resilience in the face of what has been an unseen crisis scenario. There are significant existential challenges, from cyber breaches, crisis resolution, scandals, and succession planning.
The growing sophistication and variety of cyberattacks continue to wreak havoc, often resulting in disastrous financial impacts. The cybersecurity threat depends on the weakest link in the organisation, and the weakest link is always people.
Some cyberthreats are heightened by the sudden relocation of employees to less secure work-from-home environments and an intense shift to e-commerce brought on by the pandemic response. Phishing attempts and malware infections are seen as the most likely threats to arise, which shows the criticality of staff behaviour, training, and awareness in mitigating cyber risk. This risk examines a company’s ability to prepare, react, respond, and recover.
Data governance is surfacing as high risk with business reliance on data expanding exponentially, complicated by advances in technology and changes in regulations requiring strategic management of data collection, use, storage, security, and disposition. The pandemic caused to collect sensitive personal information from employees and customers than ever before.
Yet, data governance practices are regressing, with fewer dedicated resources to data privacy.
Disruptive innovation and talent management are the most relevant risks. We are in an era of innovative business models fuelled by disruptive technologies. The impact of continued disruptive innovation had sustainability risks when vulnerable to competition. Organisations that embrace new technology and become leading-edge trailblazers will be best positioned to succeed.
This will require 21st-century management that not only understands and leverages disruptive innovation but also nurtures it. This risk examines whether organisations are prepared to adapt to and capitalise on disruption.
Talent management is emerging as a major risk with a new phase in identifying, acquiring, upskilling, and retaining the right talent to achieve objectives. Companies should sharpen focus on mapping and forecasting to understand and anticipate human capital requirements. In the near term, sourcing in-demand talent will be more complicated by enabling safe working environments. Further, candidates may also be reluctant to move roles, giving up the security of their current position to join an unfamiliar organisation amid economic uncertainty.
Fraud, bribery, and the exploitation of operational and economic disruption are the forces that are putting businesses at heightened risk of financial crimes. First, there is an increase in ploys to capitalise on using sophisticated digital techniques. Second, the efficacy of controls is likely to have been weakened. It may be more difficult to spot suspicious transactions or dubious customers given the disruption to operations and fraud monitoring activity. Old-fashioned concepts like the segregation of duties are a little more difficult to achieve with process workarounds that people can take more easily in a remote working environment.
As we look ahead to 2021, internal audit’s enterprise-wide perspective has never been more necessary to obtain a top-down viewpoint for insights into the business and its risks during what remains a significantly challenging future. Internal audit understands how disciplines, procedures, and protections are embedded in the company’s control environment and what has changed – intentionally or unintentionally. Risk management needs to be continuous to sense and anticipate what might happen and how it could affect the organisation, and the agility to respond promptly and effectively. The success and sustainability of organisations will seriously stay on this step.
* The author is board member, chief contact person and past president of the Institute of Internal Auditors, Qatar.
Sundaresan Rajeswar
