As a business owner or manager you are fully aware of the need to constantly be alert concerning risks and threats to your organization. It is no longer enough to conduct an annual risk assessment of your business and assume you are covered until the next year. With never-ending changes to the business landscape comes the need for an ever-increasing awareness and vigilance in crafting risk responses that not only fit current risks, but also allow management to be agile in responding to newly emerging risks.
With limited resources and countless other demands on time and staff, just managing daily operations can be an overwhelming task. This can be especially true for smaller enterprises. Failing to properly assess and respond to persistent risks could threaten the very existence of an organization. Internal auditors can come to the aid of an organization’s leaders in all regards with respect to the development of strategies and processes that will allow management, not only to reduce their exposure to current risks, but to stay ahead of emerging risks.
A chief concern of all modern companies is that of cybersecurity threats, and the imperative for all organizations to secure the consumer data with which they’ve been entrusted. This risk has evolved from being primarily a financial or reputational risk to that of a compliance risk as new laws are continually emerging to protect consumer data in the wake of numerous cybersecurity breaches, some involving high-profile companies. While larger companies can often survive and recover from such breaches, albeit with great reputational damage and punitive financial consequences, the majority of smaller businesses never fully recover and are often ruined by a single occurrence of a breach. Cybersecurity threats, both well-known and emergent are enough to keep any business owner awake at night, but those who are prepared and have the knowledge to counter such threats, can rest easy. Through proper monitoring and treatment, owners and managers who are risk aware and vigilant can maintain the proper defenses to greatly reduce their exposure to these threats. Internal auditors can also play a vital role as management consultants in both the prevention of and response to a cybersecurity incident.
Also related to the emerging cybersecurity risks regarding the protection of consumer data is the increasing burden of mandatory regulatory guidance. These regulatory requirements represent a risk to businesses, in that scarce resources must be devoted to the compliance function to ensure conformance with new laws and regulations. Failure to comply with these regulations could result in more fines and sanctions or even the loss of contracts as is the case with those who provide services for the U.S. Federal Government. The costs of compliance, therefore, must not be seen as an excess, but rather a cost of doing business, provided that these costs do not outweigh the benefits realized by the compliance function. Most people are aware of the European General Data Protection Regulation or GDPR that became law in 2018. This landmark legislation regarding consumer data protection mandated that all businesses define their practices regarding the way in which consumer data was to be collected, processed, and secured in addition to requiring greater transparency with customers and reporting requirements, should consumer data be leaked. The regulatory requirements surrounding data protection are rapidly increasing in the United States as well, for example in 2020 the California Consumer Privacy Act (CCPA) went into effect, with other states considering similar regulatory action.
Another risk to organizations — large and small — is the pervasive trend toward the increased digitalization of all aspects of life. Organizations of all sizes must take heed to regulatory changes involving this trend as regulators develop and design the proper framework for this area of growth. As investment in new technologies such as IoT, robotics, Robotic Process Automation (RPA), machine learning, artificial intelligence and digital data, and analytics processes takes place, internal auditors will be ready to assist with the development of an all-encompassing digital transformation strategy, and then work to assess if all objectives have been met through the implementation process. The internal auditor will also be called upon to assist in the design and implementation of the proper governance and control frameworks for all of the new systems and tools related to the digitalization of the organization. With the trend toward digitalization of an increasing number of processes also comes the move toward more advanced auditing procedures through similar technology which will allow for the move toward Continuous Auditing and Continuous Monitoring, providing greater information and insights for making decisions.
With these rapidly emerging trends and their associated risks, there has never been a time when businesses must be more nimble in making decisions and developing the proper responses to the risks that threaten to overwhelm them. Now is the time to act to stay ahead of the curve and be on the cutting edge of the emerging trends in terms of risks and technologies. Internal auditors have many tools at their disposal to assist organizations in meeting these demands.
For more information on McKonly & Asbury’s Internal Audit and Management Consulting Services, or for questions regarding this article, please contact Brian Johnson, Senior Consultant at firstname.lastname@example.org.