Institute of Internal Auditors (IIA)
Overview: Risk is part and parcel to modern economic theory. Indeed, nearly from the beginning of organized society, the push to recognize, leverage, and manage risk has driven humankind to excel. As social, business, and government institutions have become more complex, global, and entwined, mastering the art and science of risk management has become ever-more imperative — and elusive.
Last year, The Institute of Internal Auditors published OnRisk 2020: A Guide to Understanding, Aligning, and Optimizing Risk, which for the first time brought together essential perspectives of boards, management, and chief audit executives (CAEs) — the three key players in risk management. Through a series of interviews with members of all three groups, along with a survey of CAEs, OnRisk 2020 offered a unique and insightful examination of the interactions and views of those who most directly affect risk management. The inaugural guide was designed to improve alignment among these three risk management players by measuring their views on top risks, based on personal knowledge and organizational capability to manage those risks. OnRisk 2021 adds key players’ views on organizational risk relevance as a factor in measuring alignment.
Observations gleaned this year show improved alignment on key risk knowledge and capability, but potential misalignment on how relevant some risks are viewed. The report also examines where organizations turn for assurance over risk management.
No examination of risk in 2020 would be complete without addressing the influence of COVID-19. Beyond the obvious fallout from shuttering the global economy for extended periods, response to the pandemic contributed to generally improved alignment among risk management players on business continuity, risk management, and communications. The pandemic also exposed the strengths and weaknesses of how organizations manage disruption. However, COVID-19’s most influential long-term impact may be the marked acceleration of technology’s positive and negative effects on cybersecurity, talent management, economic and political volatility, and disruptive innovation.
