— IA’s role in emerging topics such as ESG, cyber threats, and disruptive events (transactions, transformations, etc.)
— Broadening risk coverage as business model and digitization efforts evolve
— Integration and coordination across three lines of defense (e.g., common risk taxonomy, addressing the talent drain)
— Getting to the right Key Performance Indicators (KPIs) to measure value for the business
— Cybersecurity (e.g., ransomware incident response*, phishing, hacking, data theft)
— Business and operational resiliency (e.g., supply chain interruptions*)
— Third-party risk management
— Workforce* (e.g., contingent workforce, upskilling and reskilling talent, distributed tax implications)
— Regulatory compliance (e.g., more regulated environment, expanded role for IT)
— Mergers and acquisitions* (e.g., portfolio management, transformation of the organization)
— Digital transformation (e.g., ERP, continuous control monitoring)
— IT resiliency (e.g., data governance, data and asset management, IT talent)
— ESG initial program assessment*
— Cloud services and storage (e.g., data security, business continuity)— Fraud
— Culture*
— IA reporting content and delivery enhancements
— Blending methods for executing audits, including agile, D&A, etc.
— Operating with increased agility, especially during risk assessment and planning
— Staying close to the business in a virtual environment
— Holistic strategy for refresh of technology stack to enable IA
— Data-driven enterprise risk assessment
— Focus on automation
— Continuous monitoring
— Stronger integration of second and third lines on common GRC technologies
— Process mining
— More subject matter expertise in IA, especially when working with first and second line
— Improve IA brand
— Changing demographic of AC
— Improving AC chair connectivity
— Resourcing needs across the organization
— Consideration of IA resources with ESG experience
— Hybrid service delivery models (in-house, external expertise, low-cost markets, centers of excellence
— Better integration of IA IT resources across the organization
— Need for more specialized or mature capabilities around data analytics and insights
— Upskilling IT and enterprise technology acumen
— Refreshing talent strategy to mitigate impacts of talent drain and resource needs
— Overall shift in skill sets needed given shifts in IA delivery model
Bold indicates new or continued signals for IA focus
On the CAE Agenda Q1-2022
Download PDFAdapting Agile to internal audit
Adoption of Agile is not an all or nothing strategy. Explore how agile can be fit for purpose in IA.