• 1000

Annual risk-oriented audit planning is both mandatory and optional. In a changing world characterised by globalisation, climate change, geopolitical risks and advancing digitalisation, the primary task of internal auditing is to anticipate new risks and consistently align its own approaches and methods accordingly. The VUCA risks (volatility, uncertainty, complexity and ambiguity) lead to a challenging dynamic for the risk orientation of internal auditing, which is expressed in particular in risk-oriented audit planning.

The basic information and data for creating risk-oriented audit planning comes from past audits (98 per cent of the companies surveyed1), from the areas of risk management (89 per cent1) and compliance (85 per cent1) as well as from accounting and finance and business processes (> 65 per cent1). Individual influencing factors are also taken into account, such as IT and compliance issues, resource scarcity and external risks such as conflicts and embargoes. EHS (environment, health, safety) information is also included in the planning. The resulting risk-orientated audit planning can be adapted to changing circumstances over time.

KPMG Internal Audit Hot Topics

In our view, the following KPMG Internal Audit Hot Topics represent a selection of current topics, trends and drivers.

They can be divided into four areas of consideration:


  • Whistleblower Protection Act - effective since 2 July 2023
  • FISG and GCGC A.5 Compliance - Adequacy and effectiveness of corporate governance systems 
  • Sanctions and embargoes - compliance with relevant regulations 
  • Risk management - Process-independent monitoring of the risk early warning system 
  • Stakeholder relationships - Business partner due diligence and know your customer


  • Resilience and business continuity - business impact analysis and business continuity strategy
  • Dealing with external risks - identification, assessment, management and monitoring of external risks
  • Finance transformation - new ERP, automation, digitalisation
  • HR transformation - diversity, talent management, employee retention

IT and Digitalisation

  • Cybersecurity and data protection - measures to prevent cyber attacks and data loss
  • AI governance (ChatGPT) - requirements for deployment and use, IDW PS 861 as guidance
  • DAC 7 - Compliance with e-invoicing and tax obligations
  • Hybrid working - data protection and security requirements


  • ESG - Governance - Integration of ESG risks into the company-wide risk management system 
  • EU - LkSG - Readiness and compliance with legal requirements
  • CSRD Readiness and Maturity - Proper ESG reporting
  • EU Deforestation Regulation - Supply chain and due diligence 
  • Corporate Social Responsibility - Assessment to achieve CSR goals
  • Perfluoroalkyl and Polyfluoroalkyl Substances (PFAS) - Readiness for future requirements
  • Carbon Border Adjustment Mechanism (CBAM) - Compliance with requirements in connection with CO2 border adjustment levy

Further interesting Insights for you