New Risk Assessment Game Plan

It's halftime and we need a new Risk Assessment game plan. 

As I prepare this piece, we sit at the halfway mark of 2020. For most, if not all, of us who provide Internal Audit and Risk Management services to our organizations, it is clear the risk assessments, audit plans and risk management projections we so diligently created just six to nine months ago are no longer worth the paper, presentation slides or spreadsheets they are written on. The pandemic has changed the game and we need a new game plan. I have yet to hear of an audit or ERM risk assessment completed prior to March 2020 that included the risk factors of global pandemic, world-wide economic shutdown, business closures or overnight transition to remote workforces.

Now is the perfect time to not only rethink our 2020 risk assessments but also to re-examine our overall approach to Internal Audit and ERM Risk Assessment in general. Implementing a new risk assessment game plan now will be critical to our success during the remainder of 2020 and into 2021.

Internal Audit Risk Assessments

The first half of 2020 is in the books. However, most Internal Audit shops haven’t made much of a dent in their 2020 work plans. Updating or re-calibrating your Internal Audit risk assessment right now is highly recommended before restarting your audit activity.  The entire risk landscape for most organizations has changed dramatically over the past four months with new and emerging issues that now warrant attention from Internal Audit.

• Remote workforce risks
• Diversity and inclusion programs
• Environmental, Health and Safety Risks
• Business continuity programs
• Emerging fraud risks
• Emerging cyber risks

Enterprise Risk Management (ERM) Risk Assessments

For organizations with existing ERM programs there are undoubtedly a few new risks on the radar that weren’t there just a few months ago. For organizations without ERM programs in place, now is a perfect time to start discussing the benefits of these programs with Senior Management and the Board. One immediate change companies should consider is to conduct and update their ERM risk assessments on a more frequent basis, in addition to ensuring their ERM risk assessments are addressing these new strategic risks:    

• What new business strategies should the company be considering?
• How should we address workplace health and safety differently?
• What have we learned about our company that can be leveraged going forward?
• How are new expectations affecting our environmental, social and corporate responsibility strategies?
• Will our internal controls over financial reporting remain effective?
• Have we strengthened our cybersecurity practices to address new threats?
• Are we prepared for a resurgence of COVID-19 and potential lockdown?
• What are the new and emerging “people risks” within our org

Ed Williams, CIA, CRMA
Sr. Audit Manager
Risk & Compliance Services
+1 303 324 6106
ed.williams@jeffersonwells.com

About the Author

Ed is a Sr. Manager and Subject Matter Expert in the Jefferson Wells Risk & Compliance practice. He brings a deep background of 25 years’ experience practicing and consulting in the areas of Internal Audit, Enterprise Risk Assessment, Sarbanes-Oxley Compliance and Anti-Fraud Programs.  

Ed has held CAE positions at multiple public, private and non-profit organizations and has extensive experience reporting to Boards of Directors and Audit Committees.  He is a frequent trainer and educator for the IIA, ACFE, MISTI, Colorado State University and many client organizations.   

We welcome the opportunity to discuss your needs in this area and share our thought leadership to help your team. www.jeffersonwells.com