Over half of key stakeholders including audit committees, company boards, and chief financial officers are looking to internal audit teams to take on more risk-related work, according to AuditBoard.
The study revealed that these expanding expectations are coming at a time when internal audit has limited bandwidth for advisory-related services — and increasing risk demand and insufficient risk management capacity are creating a risk coverage gap for the business.
Change and unpredictability from economic, geopolitical, regulatory, and cyber risks are unrelenting, and if not managed from a position of strength and preparedness, they can lead to significant negative consequences for enterprises, including damaging financial and reputational impacts, penalties from noncompliance with regulations (averaging $14M per non-compliance event), lost revenues or market share from third-party risk incidents (averaging $1B per third-party incident); and material weaknesses that can lead to losses in market value and investor confidence.
The most critical impact, however, is also the most common: In most organizations, management simply isn’t getting the information needed to…
