INSIGHTS AND ACTIONS – CAEs In the midst of one of the most volatile and dynamic periods in a century, stakeholders are signaling the need for greater assurance on risk management. Internal audit must respond. In the coming year, CAEs should: ANTICIPATE EMERGING ESG REPORTING REQUIREMENTS. • Get ahead of any new requirements by understanding processes and controls in their own organization. • Advocate for adoption of established sustainability frameworks. • Leverage COSO’s Internal Control – Integrated Framework to begin evaluation of controls around non-financial reporting. IMPROVE THEIR KNOWLEDGE OF ORGANIZATIONAL RISK AREAS WITH HIGH RELEVANCE-CAPABILITY GAPS. • Identify any risk on the OnRisk list or company list where personal knowledge falls below a HIGH rating. ACT AS A CONDUIT BETWEEN BOARD AND EXECUTIVE MANAGEMENT WHEREVER MISALIGNMENT EXISTS. • Perform organizational risk analysis, leveraging the OnRisk methodology. • Determine alignment on risk areas that are most relevant for the organization. • Concisely share relevant highlights from OnRisk 2022 with the board and executive management to foster dialogue on how the examined risks relate to their organization. SUPPORT GREATER FOCUS ON CULTURE AND TALENT MANAGEMENT RISKS. • Be cognizant of potential misalignment as the organization transitions to a post-pandemic world. • Provide assurance or advisory services related to Culture or Talent Management. For example, support board or executive management in the analysis of data resulting from employee surveys, exit interviews, or diversity and inclusion initiatives.
www.theiia.org 23
