Published on November 9, 2023, 4:09 am

The Gartner 2023 Audit Plan Hot Spots Report has highlighted the top 12 risk focus areas for Chief Audit Executives (CAEs), enabling them to identify risks and plan audit coverage. These hot spots provide valuable insights into the key areas of concern for organizations in the coming year.

The list of hot spots includes cyber threats, IT governance, data governance, third-party risk management, organizational resilience, environmental, social, and governance (ESG), supply chain risks, macroeconomic volatility, workforce management, cost pressures, culture, climate degradation, and rethinking resilience.

According to Leslee McKnight, Vice President for Gartner’s legal, risk and compliance practice, cyber threats remain a perennial concern for CAEs. However, the drivers of this risk have evolved due to new geopolitical conflicts and the increased potential for state-sponsored attacks. CAEs need to revisit their mitigation plans and adapt them to address the evolving nature of cyber threats and comply with stricter disclosure requirements in case of a breach.

In addition to cyber threats, other adjacent hot spots like IT governance and third-party risk management pose challenges in mitigating the full array of potential risks facing organizations in 2023. While most CAEs plan to address cybersecurity in their audit plans for the next year, only 42% expressed a high level of confidence in their ability to provide adequate assurance in this area.

Three themes drove risks in 2022: the “renationalization of resources,” a “triple squeeze” comprising growing cost pressures, supply chain risks, and labor scarcity; and the need to rethink organizational resilience. The latter theme stands out as a unique risk area that drives many other risks. It highlights the importance of organizations developing comprehensive resilience strategies beyond business continuity and IT disaster recovery.

Looking ahead to 2023, McKnight emphasizes that rethinking resilience is a key theme underlying various risks such as economic volatility, climate degradation, and third-party risk management. However, less than one-third of audit leaders are highly confident in their team’s ability to provide assurance over organizational resilience risk, and less than half plan to include it in their audit activities for the coming year. This indicates a need for organizations to be proactive in addressing the interconnected nature of risks and examining the potential impacts of cascading risks.

Overall, the Gartner 2023 Audit Plan Hot Spots Report emphasizes the critical areas of concern for CAEs and provides valuable insights that can help organizations prioritize their risk management strategies. By focusing on cyber threats, IT governance, and other key risk areas, organizations can enhance their resilience and ensure robust audit coverage in the coming year.


Comments are closed.