A business risk survey has found that the war in Ukraine, coupled with the cost-of-living crisis, has significantly changed business attitudes on the risks they face with geopolitical tensions exacerbating and intensifying a wide range of business-critical risks.
The research is revealed in the annual Risk in Focus 2023 report, published by the Chartered Institute of Internal Auditors (CIIA), in partnership with thirteen other Institutes of Internal Auditors across Europe. The report tracks the risks faced by organisations year-on-year and this year received a record-breaking 834 responses from Chief Audit Executives (CAEs) working in all sectors of the economy across Europe.
Cybersecurity has topped the business risk poll for the 5th year running, but the big story coming out of this year’s Risk in Focus research is that geopolitical and macroeconomic uncertainty is the newest and most dynamic risk rising-up the agenda.
Rising four positions from seventh most severe risk last year, to third place this year. Yet despite its growing prominence and severity, only around one in ten (8.15%) are spending any major time or effort auditing the impacts of this risk on their business.
With the war in Ukraine raging on, the spike in global energy prices, inflation, as well as growing tensions between the West and China, CIIA expressed its alarm over the gap between awareness and action taken on this rising risk and is urging business leaders to act now to mitigate the risk of further unforeseen major geopolitical disruption in the future.
Other key findings from Risk in Focus 2023 include the following:
- Changes in laws and regulations was cited as a top five risk by 44%, slightly down on the 46% that said the same a year ago.
- Digital disruption, new technology and AI was cited by 38% as a top five risk, down from 45% a year ago, moving it from third to fifth biggest risk, as the aftermath of the Covid-19 pandemic and the war in Ukraine continued to push it down the risk rankings. Rocketing inflation, pressure to increase pay and supply chain disruption, may mean that in 2023 many businesses do not have the funds to carry out their digitalisation plans.
- With record-breaking temperatures recorded across Europe this summer and the consequent drought, 37% of CAEs now cite climate change a top five risk, compared to 31% last year – marking the fifth year in a row that this risk has risen the risk rankings.
CIIA CEO John Wood said: “Our latest Risk in Focus research highlights the perfect storm of high-impact interlocking risks now being faced by businesses, throwing many into a permanent state of crisis.
“Following hard on the heels of the pandemic, Russia’s invasion of Ukraine has intensified supply chain failures, caused a spike in energy prices and fuelled inflation, exacerbating geopolitical and macroeconomic risks. At the same time businesses are grappling with an increasingly weaponised cyber-attack landscape as well as major recruitment and retention challenges. Meanwhile, the climate emergency threatens to snowball into the next big crisis unless organisations prepare now for the impacts of climate change, with extreme weather events like the record-breaking heatwave this summer, likely to be the new normal in the future.
“We urge boards to get a grip on the situation and seek the support of their internal audit functions to help them navigate more risky, uncertain, and volatile times ahead.”
Risk in Focus 2023 sets out a series of recommendations for how organisations can tackle these risks including:
- Boards should work with their internal audit functions to assess whether the assumptions the organisation has made about the nature of key risk areas are still valid today and fit for the circumstances likely to arise in 2023.
- Boards should work with their internal audit function to focus on systemic risks that create vulnerabilities in many parts of the organisation simultaneously and ensure risk assessment and risk management efforts provide the board with clear oversight of such risks.
- Boards should work with their internal audit function to assess whether the organisation has effective and timely mechanisms in place to spread information on new cyber threats, countermeasures, and advice throughout the business.
- Boards should work with their internal audit functions to better understand the company’s goals and maturity on climate-related sustainability and assess how far this is reflected in the business and action plans on different levels.
- Boards should work with their internal audit function to evaluate whether the organisation’s human resources strategies are aligned with its vision and mission, and whether they are suitable for these times of scarcity when it is key to attract and retain employees within the organisation.
The full report is available here.