rethinking organizational resilience is a key area

Gartner has released its 2023 Audit Plan Hot Spots Report which identifies the top 12 risk areas for chief audit executives (CAEs) to help them identify risks to their organizations and plan for audit coverage. audit for the coming year.

Cyber ​​threats and IT governance are the top risk areas internal auditors need to address in their 2023 audit plans, but adjacent hotspots, such as third-party risk management, contribute to a challenging outlook.

While most CAEs indicated they will address cybersecurity in their plans next year, only 42% of survey respondents expressed a high level of confidence in their ability to provide adequate assurance in this domain.

Gartner’s annual report is based on a survey of 112 CAEs conducted in August 2022, additional structured interviews with CAEs and IT audit executives, and data and insights generated by Gartner’s cross-functional research throughout throughout 2022.

The main risk areas identified from this process are:

2023 Audit Plan Hot Spots

  • Cyber ​​threats
  • IT governance
  • Data governance
  • Third-party risk management
  • Organizational resilience
  • Environment, social and governance (ESG)
  • Supply Chain
  • Macroeconomic volatility
  • Workforce management
  • Cost pressures
  • Culture
  • Climate degradation

Rethinking Organizational Resilience

Three key themes fueled risks this year, including a “renationalization of resources” and a “triple squeeze” of rising cost pressures, supply chain risks and labor / labor shortages -work. The final theme, the need to “rethink organizational resilience,” is unique as a distinct risk domain and a driver of a host of other risks, the report says.

The ability to withstand crises and disruptions could become more critical next year, and many organizations still have a limited view of resilience, primarily focused on business continuity and IT disaster recovery. This narrow view of resilience does not take into account additional risks impacting resilience, including greatly increased economic volatility and the impacts of climate degradation.

“Rethinking resilience is a key theme that underpins a diverse set of risks that organizations will face in 2023, including economic volatility, climate breakdown and third-party risk management,” said Leslee McKnight, vice president. Gartner’s legal, risk and compliance practice. “Currently, less than a third of audit leaders are very confident in their team’s ability to provide assurance on organizational resilience risk, and more worryingly, less than half plan to cover organizational resilience in audit activities in the coming year.”

McKnight further noted that the increasingly interconnected risk landscape increases cascading risk risks, where one risk causes additional risks to manifest for an organization, a scenario few organizations are actively preparing for today. .

A more detailed analysis is available to Gartner clients in the full 2023 Audit Plan Hot Spots report. Non-customers can register for free to learn more here.

Aubrey L. Morgan