To enable trust and add value, Internal Audit must remain agile and address contemporary risks. KPMG’s Internal Audit team have worked through key focus areas for Internal Audit to consider when undertaking Internal Audit planning.
Key areas of focus
The Australian economy has rebounded strongly over the past 18 months since the last lockdown period of negative growth in the September quarter 2021. Since then, Australia's unemployment rate remains low at 3.5% in February 2023. Wage pressure combined with general cost pressures has resulted in inflation increasing to its highest levels in nearly 40 years. The RBA has responded by raising the cash rate by 350bp since May 2022, to further slow demand and bring inflation back towards the target band. The short-term economic outlook is one of a significant slowdown in consumption and investment activity, with production slowing and profits squeezed.
From an organisational perspective, it is likely working capital pressures will increase as debtor days blow out and input costs rise.
The pandemic remains a global threat (including effects of long Covid) as does the climate crisis and the ongoing conflict between Russia and Ukraine. Other emerging risks and issues that are more prominent include demographic shifts accelerating in China, supply chain disruption, monetary policy response to rising inflation and consequent cost of living impacts.
Further, energy markets and energy transition will continue to be impacted, including through continued disruption to energy trading from the Ukraine war resulting in government policies to limit rising energy prices, and country competition for the capture of value in the clean energy transition.
Covid has accelerated remote and flexible working, whilst also impacting the free movement of workers, resulting in our highest levels of labour force participation. Whilst uncertainty exists around potential macroeconomic impacts of impending recession, including freezes on recruitment and headcount reduction, talent remains a key issue for organisations.
As we emerge from the pandemic, organisations are grappling with a number of shorter-term people and talent challenges, including:
- Culture
- Learning
- Return to the office
- Technology
- Retention of talent
- Talent acquisition
- Wellbeing and psychosocial obligations
An organisation’s trustworthiness and the culture of trust that underpins it are fundamental to its success. Gaining and maintaining the trust of key stakeholders such as employees, customers, investors and regulators is critical, but this is no longer enough. It is critical that organisations understand and respond to the sentiment of direct and indirect stakeholder groups.
Organisations that fail to articulate and embed a compelling employee value proposition, who are not aware of the preferences of consumers or who fail to meet compliance and performance expectations will find themselves battling to maintain brand integrity, competitive advantage and market relevance.
While technology advancements continue to be central to an organisation’s growth and efficiency agenda, customers and employees are increasingly concerned about the protection and use of their personal information. 2022 saw high profile, significant data breaches resulting in widespread community impacts and increased awareness of the vulnerabilities to malicious attacks. Organisations face increased financial penalties for serious or repeated privacy breaches, as well as reputational ramifications, if privacy, security and data practices are not effective.
Organisations must determine, both legally and ethically, what data to collect, retain, for how long, what controls protect it, and what and how are decisions made based on it.
The current economic, geopolitical and environmental landscape facing organisations highlights the importance of robust and resilient systems, and the critical workforce which support it. Events such as the pandemic and Ukraine conflict demonstrate the interconnectedness of risks and the concentration of risk when events occur. In a rapidly evolving and uncertain environment, it is imperative that organisations manage and adapt to what were previously viewed as unprecedented scenarios, now happening more frequently.
The complexity and pace of regulatory change continues as technology, disruption, ESG and protection of individuals (privacy, consumer finances, psychosocial safety) drive regulatory bodies to respond quickly with new compliance requirements. Regulatory reforms, both proposed and enacted, reflect increasing efforts to enhance organisational resilience and in response to emerging technologies which don’t fit within current regulations.
Organisations must recognise that change will continue for some time to come, and in addition to adapting to regulatory change, organisations must proactively develop - and more importantly maintain - a standard, agile, compliance management framework aligned to emerging technologies and scaled across jurisdictions as both their footprint and regulatory expectations grow. Similarly, leading organisations are investing in automation to transform their operations, processes and even business models to drive resilience and agility.
Cyber risks remain a top focus area for organisations. The business landscape in which cyber risk exists is fuelled by an ever-growing volume of sensitive data moving across interconnected and integrated networks. Recent high-profile cyber incidents have spotlighted the need for secure and resilient systems to protect this sensitive data.
The Australian Cyber Security Centre (ACSC) notes in their 2021-2022 Annual Cyber Threat Report that Australians report a new cyber incident every seven minutes, presenting cyber risks that can result in serious regulatory breaches, financial impacts, and loss of consumer trust. Organisations must understand what these risks are and take action to mitigate them – the most prevalent threats being phishing, social engineering and ransomware, leaving data and systems vulnerable.
Many organisations are grappling with the risks and opportunities of digital disruption in one way or another.
Technological advancements, such as artificial intelligence (AI), blockchain, cloud computing, and the Internet of Things (IoT), continue to drive digitisation. In customer service, the use of chatbots is providing instant and personalised support to customers through messaging platforms, websites, and mobile apps. The rapid growth of generative AI applications, such as ChatGPT, represent significant business application through the automation of human tasks and processing of complex data. In supply chains, machine learning has transformed the way demand forecasting activities are completed, identifying patterns to predict future demand.
More countries are moving toward global best practice and investors are demanding higher-quality disclosures with evidence of progress towards ESG goals. Mandatory ESG requirements will come into play, as the International Sustainability Standards Board (ISSB) finalise their comprehensive global baseline of Sustainability and Climate Disclosure Standards. This momentum will require the development of comparable metrics, access to quality data and data management strategies to assist monitoring and measuring ESG delivery promise and performance.
COP27 has placed a significant emphasis on prioritising a shift to a decarbonised economy with energy transition at its heart. Organisations must understand the transition risks to achieving their ESG objectives.
