Training insights – Cross-border contagion
A week is a long time in geopolitics – but that’s all the more reason for internal auditors to stay up to date with the critical questions they need to ask management and the best ways to ensure their organisations are protected. So much has happened in the past year, and with each new development the risks have shifted and, in some cases, grown. It can be hard to keep up.
This is why the Chartered IIA is revisiting its Geopolitical Risk and the Role of the Internal Auditor course and relaunching it as a standalone half-day course, designed to give senior internal auditors a broad overview of the current sources of geopolitical instability and suggestions about where to watch most closely for signs of emerging trouble that could impact the global economy, financial and commodities markets and supply chains.
The new half-day format is intended to make it easier for people to attend, while still providing a global overview of risk hotspots. It is an opportunity to consider the widening array of potential business impacts of geopolitical changes and gain practical ideas to discuss within their own organisations.
“There’s so much going on geopolitically at the moment – plus the uncertainty of general elections in the US, the UK and elsewhere – and internal audit should be keeping a close eye on everything to see what could happen, how it could escalate and what the impacts could be,” says Derek Leatherdale, director of GRI Strategies, who leads the course.
“We will focus on the geopolitical issues currently having the most impact on the global macro-economic environment, such as the war in Ukraine, the conflict in Gaza and regional escalation, and we’ll consider risks of increasing tensions between China, the US and Taiwan, and Eurozone stability in the face of complex and intertwined economic, fiscal and political dynamics.”
Firms will have different exposures to each of these issues. Many will be indirect, but all have the capacity to cause significant impacts on business. Developments in some areas are also generating new business opportunities for firms nimble enough to take advantage.
How can internal audit help?
Internal audit leaders can deepen their understanding of geopolitics and the potential impacts on their business. They can use this to validate whether their organisations and their boards understand how fast geopolitical crises can evolve. Are they factoring in rapidly changing political and economic situations in the markets where they operate or where they have important customers or suppliers? Are teams anticipating second- or third-order impacts in other markets? Are they discussing these risks at the right level? Who monitors developments in their organisation and how does this feed into internal decision-making and risk management?
Given all the experience organisations have had in the past few years, it might be assumed that the answer would be yes, but this seems optimistic. And it’s not easy.
“An important element of this course is to provide attendees with guidance about the questions and ideas that internal auditors can raise with the board and senior managers,” Leatherdale says. “For example, it’s easy to assume that the risk function is paying attention to geopolitics, but this isn’t always the case.”
One attendee at a Chartered IIA event last year said that his organisation had a presence in Ukraine, yet it was totally unprepared when Russia invaded. Internal audit then found that geopolitical risk was nowhere on the organisation’s risk register and was never discussed formally.
This underscores, Leatherdale says, why internal auditors who have doubts about their organisation’s knowledge of, and focus on, geopolitics could consider reviewing their risk function’s approach to the subject. The course will suggest ways to raise the issue and ideas for practical solutions that could increase corporate understanding and preparations.
Practical matters
“Internal audit is the only function able to bridge that gap between what the board is thinking and worrying about and what individual teams in the organisation are actually doing,” Leatherdale points out.
“So this course will start at the strategic level, but will also offer practical advice and specific questions that will help to ensure there isn’t a huge gap between what the board thinks and wants, and what is being done in reality.”
For example, he explains, many boards have a strategy day once or twice a year, to which they invite a former political figure or diplomat to give them a view of geopolitics. However, this is sometimes seen as the “light entertainment” part of the day and the information is not communicated further or used beyond the boardroom.
Internal audit could encourage boards to get more regular updates and then to set up formal ways to communicate it further. The CAE could ask whether the head of risk attends the session and whether the board has identified what impact assessment work they expect to see after the briefing. Who will follow this up and review progress?
Some organisations may find they already employ people who come from security or intelligence backgrounds and now work in, for example, cyber security roles. Such people may already know as much, or more, about geopolitical risks than any visiting “expert”, yet their expertise is confined to one area of the organisation. Internal audit is in a good position to facilitate briefings or to find a way to incorporate these people into broader, cross-business groups designed to boost awareness, understanding and resilience.
“If internal audit identifies this kind of opportunity, it highlights the function’s role and value to the organisation and adds real value at little cost,” Leatherdale points out.
Who’s it for?
This course is aimed primarily at senior internal auditors in the UK and Ireland, however it could also be useful for those leading internal audit teams overseas who do not have access to such a course locally. Previous attendees from UK entities that are part of global organisations have found it useful to share the insights they gained from the course with other internal audit teams across the group. In addition, it would be highly relevant to any internal auditor leader who also has responsibility for the risk function. It is a live virtual course, so attendees can take part from their own desks.
“It’s about giving internal audit leaders a menu of options that could support geopolitical awareness and resilience across the organisation. Everyone should leave with relevant, practical guidance on the topic that they can take into their own roles and organisations,” Leatherdale says. “Highlighting these risks and finding ways to share and increase knowledge of them across the organisation should also boost the profile of the internal audit function.”
What delegates said:
“I really enjoyed this course on Geopolitical Risk and the Role of the Internal Auditor. the course was comprehensive and covered a wealth of areas that I might not otherwise have thought of. The instructors were very knowledgeable and provided a lot of guidance on areas for further reading and research that have proved very helpful afterwards – including helping to equip me for a transition into a new Group Risk role focused on emerging risks.”
Louise Jeffers, Risk Strategy and Emerging Risk Manager and former Professional Practices Audit Manager, Experian
“The course gave valuable expert insight into key global geopolitical developments. Derek also provided ways of thinking about business impacts and practical ideas for how internal audit and risk teams can support their organisations in building geopolitical resilience and agility. With 2024 likely to be a pivotal year in global politics, this course is increasingly critical in helping internal audit practitioners to stay at the forefront of a key strategic issue for their boards and senior management teams.”
John Kennedy, Group Director and former Group Head of Internal Audit, BSI Group
“The course gave valuable expert insights into key global geopolitical developments. Unlike other courses on this topic, Derek also provided ways of thinking about the wide range of business impacts and how risk and internal audit professionals can enhance their approaches to identifying, managing and assuring these risks – ultimately within the context of a Geopolitical Risk Management Framework.”
Past attendee (name supplied)
Further information
For more details see Geopolitical Risk and the Role of the Internal Auditor, or view all our Training courses , or view and download our Training Brochure.
There is also a revised half-day course available on Sanctions: It’s a World of Pain Out There.
The Chartered IIA has published a report entitled Navigating Geopolitical Risk: Building Resilience Requires Collaboration in a Changing World.
Its recent reports on Supply Chain Security and Resilience and on Supply Chain ESG Risks may also be relevant.
This article was published in March 2024.