The top risks facing organisations, as based on the responses of over 300 chief internal auditors working across Europe, are:
Cybersecurity: 66pc
Compliance: 58pc
Data security and protection: 58pc
HR and people risk: 42pc
Regulatory change: 37pc
Digitalisation: 36pc
Innovation: 28pc
Culture: 25pc
Outsourcing and third party: 24pc
Political uncertainty: 23pc
Dr Ian Peters MBE, Chief Executive of the Chartered Institute of Internal Auditors (IIA) said: “It is not surprising that organisations are most concerned with cybersecurity, compliance and data protection in a post-GDPR world. Cybersecurity has been a high-priority risk for a number of years and this shows no signs of abating. However, companies are pushing to move away from legacy systems and, as approaches to managing cyber risk mature, attention is turning to third-party defensibility. High-profile cyberattacks such as Petya and WannaCry are becoming more and more prevalent and this means that organisations are only as strong as the weakest link in their IT supply chain.”
A major obstacle to mitigating cyber risk is the piecemeal approach organisations have taken to their IT infrastructure planning and development over decades. Poor governance and oversight of IT functions has meant businesses have gradually built siloed systems, according to the Institute. For the full report visit http://www.iia.org.uk/riskinfocus.
Methodology
The research is published in the latest annual risk report ‘Risk in Focus’ produced by seven European institutes of internal auditors, covering eight EU countries. In the first half of 2018, seven institutes of internal auditors from France, Germany, Italy, the Netherlands, Spain, Sweden and the UK and Ireland distributed a quantitative survey to Chief Audit Executives (CAEs). The survey received a total of 311 responses from CAEs in all territories and across a broad cross-section of industries.
Respondents were asked to score the biggest risks their organisations face from five to one, with five being the top risk and one being the fifth biggest risk.
