To enable trust and added value, Internal Audit must remain agile, effectively and quickly address emerging risks and efficiently complete and report on audit topics. The KPMG Internal Audit team outlines the key focus areas for 2024.
When developing the strategic audit plan for 2024, the Internal Audit function (IA) should ensure that it is effective and efficient in helping the organization meet the challenges and opportunities that lie ahead. This implies that IA must remain agile, act decisively to identify new risks, as well as execute its audit missions timely and with the necessary skill set.
KPMG's Internal Audit team has developed a list of key focus areas for IA functions to consider in 2024.
Macroeconomic and geopolitical considerations as well as regulation
Internal Audit must have a sound understanding of the macroeconomic and geopolitical factors that can significantly impact organizational stability and performance. IA should consider the implications of regulatory changes for organization’s international sales activities. This includes for example:
- Trade compliance requirements.
- Restrictions to export specific technology.
- Country-specific risks that affect local sales and profitability.
- Currency fluctuations that can negatively impact gross and net margins.
Furthermore, the geopolitical context should be included in the assessment of potential fraud risks by considering publications such as the World Economic Forum’s (WEF) Global Risk Report. IA should have a comprehensive understanding of interdependencies. Finally, IA must consider the overall design (methodology), setup (completeness of framework), application (effectiveness) and continuous improvement (evolution) of the organization's compliance management systems (CMS), which put the organization's global regulation and local enforcement into perspective.
People, talent management and organizational trust
An effective people and talent management plays a pivotal role in building and maintaining organizational trust and is the foundation of a “happy” workforce. IA can contribute to the long-term goal of increasing employee well-being by addressing topics such as alignment of the workforce base with the organization’s long-term strategic growth objectives (i.e., workforce planning needs vs. actual availability vs. organizational readiness vs. approved FTE budgets); the design and effectiveness of internal programs related to talent management, succession planning and employee development (i.e., diversity and retention programs); or the consideration of how internal governance structures provide appropriate accountability for the factors that impact the organizational trust and publicly stated commitments (i.e., ambition vs. actual enactment vs. public perception).
Resilience and cybersecurity
Resilience and cybersecurity are important components of an organization when dealing with external, imminent and hard-to-predicting threats. Resilience addresses the level of readiness and flexibility for potential disruptions caused by internal or external incidents, while cybersecurity protects against digital threats that can affect the organization’s entire IT infrastructure (i.e., production and industry systems, ERP-systems, intellectual property and innovation etc.). The effective and efficient setup, alignment, and execution of these programs ensures that the business can withstand and recover from actual incidents, maintain operational continuity and minimize damage. IA can support the effectiveness of a resilient organization by assessing how the dynamic nature of cybersecurity risks is being dealt with by the IT organization on a recurring basis, reviewing and testing measures and response plans to protect the organization’s assets (i.e., annual testing of the resilience organization, continuous improvement process) and benchmarking the internal setup against best practices.