View from the institute: Be prepared – Change, change and change again
Change may be constant, but there are times when all the building blocks of our working lives seem to collapse and reform simultaneously, leaving us little time to take stock and refocus. We are living through one such period. Blink, and you are liable to have missed something important. In just a few months we have seen change at the top – a new prime minister, a new government, a new king – as well as unusual volatility in the financial markets, a plunging pound and soaring inflation and interest rates.
Pundits are everywhere, drawing many (often conflicting) conclusions. It seems likely that the UK is in recession, although at the time of writing the figures have not yet been released. The ongoing war in Ukraine shows signs of escalating, a new right-wing government in Italy could have implications for European unity, and countries across Europe face a winter of energy shortages and soaring bills. Further afield, the US and China are rattling sabres over Taiwan, and Pakistan has suffered devastating floods, prompting more concern about the impacts of climate change. There are warnings of a humanitarian disaster in Sri Lanka caused by financial collapse and fears that others in the region will fall into similar difficulties if they are unable to pay back huge Chinese loans.
Rapid change piles the pressure on internal auditors, who must reassess continually what it means for their organisation and the risks it faces. Rapid change plus recession too often means they are expected to do this with fewer resources. Never has the phrase “do more with less” been truer. Richard Chambers, former CEO of IIA Global, recently highlighted in a blog that 50 per cent of internal audit functions have had more than two vacancies for more than three months.
Furthermore, continual disruption and uncertainty has widespread, sometimes unpredictable, effects on everyone else – from staff members and colleagues to customers and shareholders. Internal audit must also watch for behavioural shifts and try to understand what further impact these may have.
In this issue we look at how global conflicts plus increased domestic financial pressure increase the risk of cybercrime. Other forms of crime are also likely to rise, along with strikes and even outbreaks of civil disobedience. Financially stressed employees and those uncertain about their future or facing rapid disruption at work may also suffer mental health problems or make mistakes caused by unfamiliarity, pressure or distraction. Customers and suppliers will be nervous, affecting sales and payments.
Those in senior management may have to reprioritise or make tough decisions that need to be communicated to staff and markets sensitively and with minimal reputational and other risk. They may be stressed and struggle to take in rapidly changing information about risk while also tracking exchange rates, suppliers and energy bills.
This can affect decision-making and working relationships, which can make it even more important for internal audit to find the best ways to communicate important risks to the right people and ensure that messages are received and understood.
At the same time, internal audit teams must stay abreast of changes in the profession itself. The pandemic sparked rapid developments in the way that teams worked together and renewed impetus to reconsider the best ways to audit remotely, plan more flexibly and responsively and to report faster.
Many of the risks emerging now are interconnected and global. Things happening overseas may affect suppliers and customers now, but many of them are likely to hit closer to home in the future. We must become better at spotting emerging events from a distance, sharing positive experiences and preparing our teams and our businesses in advance.
Those that have done well so far must not revert or stop looking to adapt and improve now. Those that have not changed sufficiently in the past couple of years have further to go and must move much faster to remain relevant. Business as usual is no longer good enough.
The global institute is currently looking to support and encourage internal audit development with its revised International Professional Practices Framework (IPPF). Further information and consultation will take place into 2023, with the expectation that the revised framework will be launched in 2024. The Chartered IIA will support this development and, of course, will also continue to produce and host discussions, debates and thought-leadership on the myriad shifting risks besetting all of us.
Our Risk in Focus 2023 report highlights the issues that our members see as most critical now, and charts how these are evolving – and how they are expected to change in the next few years. We are planning further support over navigating sanctions, among other emerging and rapidly developing risks.
We also need to share and celebrate the good news. The positive side of rapid change is that all internal audit functions should have stories of their own transformations and of the challenges they have navigated successfully. As we open nominations for the next Audit & Risk Awards, we want to hear all these stories. It’s important to us and good publicity for you, but far more importantly, stories of internal audit success are valuable to colleagues across the UK and Ireland.
Internal audit cannot provide all the answers, but internal auditors should at least be asking all the right questions at the right levels. Strong governance becomes more vital at times of flux and stress. Those who watch to see where the cracks are forming elsewhere, and ensure that management and staff have contingency plans and guidance in place to cope with sudden shocks, can add real value even when the blocks are tumbling in all directions.
This article was first published in November 2022.