How are boards, executive management and internal audit aligning around risk management? The Institute of Internal Auditors (IIA) has released its second annual report, “On Risk 2021: A Guide to Understanding, Aligning and Optimizing Risk,” an insightful read.
“Observations from OnRisk 2021 go beyond noting the obvious fallout from lockdowns, economic uncertainty, and worksite disruptions spurred by COVID-19. It examines how the pandemic has generally improved alignment among risk management players on business continuity, risk management, and communications. It delves into the virus’s potential long-term influence on accelerating the use of technology. It explores how embracing technology will affect cybersecurity, talent management, disruptive innovation, and other risks,” says Richard Chambers, president of the IIA said in an announcement on Internal Auditor online.
Some noteworthy metrics in the report:
- Business continuity, crisis management and cybersecurity are the top-rated risks for 2021
- 87% of board members surveyed ranked business continuity and crisis management as highly or extremely relevant, while more than 93% CAEs rated it as highly or extremely relevant
The OnRisk 2021 report’s methodology applied qualitative and quantitative surveys to measure how boards, the C-suite, and internal audit teams view 11 key risks facing organizations in the coming year. It measured respondents’ views on their personal knowledge of each risk, the capability of their organizations to manage each risk, and how relevant each risk is to their organizations. “The data shows improved alignment on risk knowledge and capability, but potentially troubling dissonance on risk relevance,” Chambers said.
The IIA’s methodology employed qualitative interviews of 30 board members, 30 C-suite executives, and 30 chief audit executives (CAEs) from 90 different organizations. Further support came from a quantitative survey of CAEs, which drew 348 responses.
Ironically, the OnRisk 2021 report showed that a significantly lower percentage of management respondents are confident in their organizations’ abilities to manage this key risk. This continues to align with a BCM benchmark report conducted by SAI Global in the spring, just as the pandemic was emerging. We found that business continuity professionals are challenged with a lack of resources and executive buy-in at a point where their role and organization are being put through its biggest tests and operational resilience is more important than ever.
Additional interesting findings by the IIA's OnRisk 2021 report stress the importance of an active business continuity practice:
- The report highlights that business continuity and crisis management and cybersecurity will be the top risks for 2021. Unprecedented challenges brought on by the COVID-19 pandemic as well as expanding reliance on technology and data drove these two risks to the top of the list. They often were paired as some cyber threats were heightened by the sudden relocation of employees to less secure work-from-home environments as well as an intense shift to e-commerce brought on by the pandemic response.
- Close to 9 in 10 (87%) board members ranked business continuity and crisis management as highly or extremely relevant, while more than 9 in 10 (93%) CAEs rated it as highly or extremely relevant.
- Not surprisingly given the events of 2020, nearly all board members and CAEs see this risk as highly relevant to organizations. A lower percentage of management respondents see this risk as highly relevant and a significantly lower percentage of management respondents are confident in their organizations’ capabilities to manage this key risk.
Learn more about our Business Continuity Management solutions.