— IA’s role in emerging topics such as ESG, cyber threats, and disruptive events (transactions, transformations, etc.)
— Broadening risk coverage as business model and digitization efforts evolve
— Integration and coordination across three lines of defense (e.g., common risk taxonomy, addressing the talent drain)
— Getting to the right Key Performance Indicators (KPIs) to measure value for the business
— Cybersecurity (e.g., ransomware incident response*, phishing, hacking, data theft)
— Business and operational resiliency (e.g., supply chain interruptions*)
— Third-party risk management
— Workforce* (e.g., contingent workforce, upskilling and reskilling talent, distributed tax implications)
— Regulatory compliance (e.g., more regulated environment, expanded role for IT)
— Mergers and acquisitions* (e.g., portfolio management, transformation of the organization)
— Digital transformation (e.g., ERP, continuous control monitoring)
— IT resiliency (e.g., data governance, data and asset management, IT talent)
— ESG initial program assessment*
— Cloud services and storage (e.g., data security, business continuity)— Fraud
— Culture*
— IA reporting content and delivery enhancements
— Blending methods for executing audits, including agile, D&A, etc.
— Operating with increased agility, especially during risk assessment and planning
— Staying close to the business in a virtual environment
— Holistic strategy for refresh of technology stack to enable IA
— Data-driven enterprise risk assessment
— Focus on automation
— Continuous monitoring
— Stronger integration of second and third lines on common GRC technologies
— Process mining
— More subject matter expertise in IA, especially when working with first and second line
— Improve IA brand
— Changing demographic of AC
— Improving AC chair connectivity
— Resourcing needs across the organization
— Consideration of IA resources with ESG experience
— Hybrid service delivery models (in-house, external expertise, low-cost markets, centers of excellence
— Better integration of IA IT resources across the organization
— Need for more specialized or mature capabilities around data analytics and insights
— Upskilling IT and enterprise technology acumen
— Refreshing talent strategy to mitigate impacts of talent drain and resource needs
— Overall shift in skill sets needed given shifts in IA delivery model
Bold indicates new or continued signals for IA focus
On the CAE Agenda Q1-2022
Download PDFOn the Chief Audit Executive's agenda
A pulse on what Chief Audit Executives (CAEs) are focused on, with a lens on top risks being considered.
The future of Internal Audit
Manage disruption while building stakeholder trust
Adapting Agile to internal audit
Adoption of Agile is not an all or nothing strategy. Explore how agile can be fit for purpose in IA.