On the CAE Agenda Q1-2022

Strategy and value management

— IA’s role in emerging topics such as ESG, cyber threats, and disruptive events (transactions, transformations, etc.)

— Broadening risk coverage as business model and digitization efforts evolve

— Integration and coordination across three lines of defense (e.g., common risk taxonomy, addressing the talent drain)

— Getting to the right Key Performance Indicators (KPIs) to measure value for the business 

Risks and responses

— Cybersecurity (e.g., ransomware incident response*, phishing, hacking, data theft)

— Business and operational resiliency (e.g., supply chain interruptions*)

— Third-party risk management

— Workforce* (e.g., contingent workforce, upskilling and reskilling talent, distributed tax implications)

— Regulatory compliance (e.g., more regulated environment, expanded role for IT)

— Mergers and acquisitions* (e.g., portfolio management, transformation of the organization)

— Digital transformation (e.g., ERP, continuous control monitoring)

— IT resiliency (e.g., data governance, data and asset management, IT talent)

— ESG initial program assessment*

— Cloud services and storage (e.g., data security, business continuity)— Fraud

— Culture*

Operational model

— IA reporting content and delivery enhancements

— Blending methods for executing audits, including agile, D&A, etc.

— Operating with increased agility, especially during risk assessment and planning

— Staying close to the business in a virtual environment 

Digital acceleration

— Holistic strategy for refresh of technology stack to enable IA

— Data-driven enterprise risk assessment

— Focus on automation

— Continuous monitoring

— Stronger integration of second and third lines on common GRC technologies

— Process mining

Stakeholder engagement

— More subject matter expertise in IA, especially when working with first and second line

— Improve IA brand

— Changing demographic of AC

— Improving AC chair connectivity

— Resourcing needs across the organization 

Modern workforce

— Consideration of IA resources with ESG experience

— Hybrid service delivery models (in-house, external expertise, low-cost markets, centers of excellence

— Better integration of IA IT resources across the organization

— Need for more specialized or mature capabilities around data analytics and insights

— Upskilling IT and enterprise technology acumen

— Refreshing talent strategy to mitigate impacts of talent drain and resource needs

— Overall shift in skill sets needed given shifts in IA delivery model


Bold indicates new or continued signals for IA focus