• 1000

Annual risk-oriented audit planning is both mandatory and optional. In a changing world characterised by globalisation, climate change, geopolitical risks and advancing digitalisation, the primary task of internal auditing is to anticipate new risks and consistently align its own approaches and methods accordingly. The VUCA risks (volatility, uncertainty, complexity and ambiguity) lead to a challenging dynamic for the risk orientation of internal auditing, which is expressed in particular in risk-oriented audit planning.

The basic information and data for creating risk-oriented audit planning comes from past audits (98 per cent of the companies surveyed1), from the areas of risk management (89 per cent1) and compliance (85 per cent1) as well as from accounting and finance and business processes (> 65 per cent1). Individual influencing factors are also taken into account, such as IT and compliance issues, resource scarcity and external risks such as conflicts and embargoes. EHS (environment, health, safety) information is also included in the planning. The resulting risk-orientated audit planning can be adapted to changing circumstances over time.

More details to download: KPMG report "Internal Audit in the Spotlight" Opens in a new window
Mark Frederik Schmidt

Mark Frederik Schmidt

Senior Manager, Risk & Compliance Services

KPMG AG Wirtschaftsprüfungsgesellschaft
+49 89 9282 4907 Mark Frederik Schmidt Phone number
Submit RfP

KPMG Internal Audit Hot Topics

In our view, the following KPMG Internal Audit Hot Topics represent a selection of current topics, trends and drivers.

They can be divided into four areas of consideration:

Compliance

  • Whistleblower Protection Act - effective since 2 July 2023
  • FISG and GCGC A.5 Compliance - Adequacy and effectiveness of corporate governance systems 
  • Sanctions and embargoes - compliance with relevant regulations 
  • Risk management - Process-independent monitoring of the risk early warning system 
  • Stakeholder relationships - Business partner due diligence and know your customer

Operational

  • Resilience and business continuity - business impact analysis and business continuity strategy
  • Dealing with external risks - identification, assessment, management and monitoring of external risks
  • Finance transformation - new ERP, automation, digitalisation
  • HR transformation - diversity, talent management, employee retention

IT and Digitalisation

  • Cybersecurity and data protection - measures to prevent cyber attacks and data loss
  • AI governance (ChatGPT) - requirements for deployment and use, IDW PS 861 as guidance
  • DAC 7 - Compliance with e-invoicing and tax obligations
  • Hybrid working - data protection and security requirements

ESG

  • ESG - Governance - Integration of ESG risks into the company-wide risk management system 
  • EU - LkSG - Readiness and compliance with legal requirements
  • CSRD Readiness and Maturity - Proper ESG reporting
  • EU Deforestation Regulation - Supply chain and due diligence 
  • Corporate Social Responsibility - Assessment to achieve CSR goals
  • Perfluoroalkyl and Polyfluoroalkyl Substances (PFAS) - Readiness for future requirements
  • Carbon Border Adjustment Mechanism (CBAM) - Compliance with requirements in connection with CO2 border adjustment levy

Further interesting Insights for you

Man in cave looks up to the sky
Man in cave looks up to the sky
Internal Audit category
Internal audit: from control body to value driver
Internal audit: from control body to value driver
Internal audit: from control body to value driver

Digitalisation expertise, body of trust, trusted advisor: what matters for internal audit in volatile times.

Digitalisation expertise, body of trust, trusted advisor: what matters for internal audit in volatile times.

What matters in internal auditing in volatile times.

Mann schaut konzentriert auf Laptop
Mann schaut konzentriert auf Laptop
Datensicherheit und Datenschutz category
Data protection in the focus of internal auditing
Data protection in the focus of internal auditing
Data protection in the focus of internal auditing

When the GDPR comes into force, it will have far-reaching effects on a large number of areas of the company, including internal auditing.

When the GDPR comes into force, it will have far-reaching effects on a large number of areas of the company, including internal auditing.

General Data Protection Regulation - Recommendations for Action by Internal Audit

Roboterkopf
Roboterkopf
Intelligent automation category
Intelligent automation in internal auditing
Intelligent automation in internal auditing
Intelligent automation in internal auditing

Innovative technologies make it possible to improve business models and make companies more agile and responsive.

Innovative technologies make it possible to improve business models and make companies more agile and responsive.

Many companies already use forms of automation in their processes.

Auditor change category
The new Global Internal Audit Standards
The new Global Internal Audit Standards
The new Global Internal Audit Standards

The standards are a further development of internal auditing practice and have an impact on the interaction and working methods of internal auditing.

The standards are a further development of internal auditing practice and have an impact on the interaction and working methods of internal auditing.

The standards have an impact on the interaction and working methods of Internal Audit.

Audit category
Internal audit: key component of good corporate governance

An important component of good corporate governance: forward-looking internal audit.

1 KPMG Internal Audit im Spotlight