The impact of the coronavirus has reshaped risk ranking across Europe, according to the most recent survey of heads of internal audit in the region.
The three most notable risk that have risen up the list of concerns for businesses – according to Risk in Focus 2021, published by the European Confederation of Institutes of Internal Auditing – have been financial, capital and liquidity, and human capital risks. Supply chain, outsourcing and other party risks have fallen substantially in the rankings. “One reason for this may be that what started out as a supply-side concern at the beginning of 2020 soon became a demand issue, the emphasis shifting to companies’ ability to continue as a going concern and remain solvent as the world entered a recession,” the report said.
While some businesses have benefitted from the pandemic, many have struggled to survive. Collapse in demand have led to severe cashflow shortages.
“Companies’ priorities in 2020 have been to assess liquidity risk by taking an enterprise-wide view of receivables, payables, inventory, taxes and – perhaps most important of all – cash and cash equivalents,” the report said. “The primary objective has been to stem financial outgoings and secure income, to the extent that is possible when vendors and customers are all doing the same.”
These risks can be understood from both short-term and long-term perspectives. For example, even companies with strong balance sheets (i.e. high levels of assets, especially cash, versus low liabilities) may have to consider their financial sustainability in a potentially challenging trading environment through 2021, said the survey.
Banks and financial institutions have not suffered from serious liquidity issues – especially in comparison to the 2008 financial crisis. But the report warned that this situation may be short-lived: “Capital risks will rise if loans in hard-hit sectors such as consumer discretionary, dining and leisure default in vast numbers, which will depend on the depth and duration of the recessionary environment.”
One chief audit executive taking part in the survey that underpins the study said: “I want to know how financially resilient we are and what has been put into place in terms of changes to processes, projects, investments and so on. In relation to audit, what I want to know is how well controlled the important processes are – the budget process, the cost management process, budget defining, budget responsibility.”
Top risk areas
The three risks that topped the poll were cybersecurity and data security; regulatory change and compliance; and digitalisation, new technology and AI. Not surprisingly, the report noted that widespread shifts among employees to work at home had increased cyber risk.
“Staff awareness and understanding of information security risk is absolutely essential,” the report noted. “This applies to protocols around the use, management and storing of confidential data to prevent data leakage, and applies to ensuring workers know how to spot cybercrime to avoid people succumbing to phishing and spear phishing (targeted at a specific individual) attempts which can result in costly malware and ransomware attacks and fraud by deception.”