The latest enterprise risk management news from around the world

Gartner has released its 2023 Audit Plan Hot Spots Report which identifies the top 12 risk focus areas for chief audit executives (CAEs) to help them identify risks to their organizations and plan audit coverage for the coming year.

Cyber threats and IT governance are the top risk areas for internal auditors to address in their audit plans for 2023 but adjacent hot spots, such as third-party risk management, contribute to a challenging outlook.

While most CAEs indicated that they will address cyber security in their plans next year, only 42 percent of survey respondents expressed a high level of confidence in their ability to provide adequate assurance in this area.

Gartner’s annual report is based on a survey of 112 CAEs completed in August 2022, additional structured interviews with CAEs and IT Audit leaders, as well as data and insights generated from cross-functional Gartner research throughout 2022.

The top risk focus areas identified from this process are:

2023 Audit Plan Hot Spots

  • Cyber threats
  • IT governance
  • Data governance
  • Third-party risk management
  • Organizational resilience
  • Environmental, social and governance (ESG)
  • Supply chain
  • Macroeconomic volatility
  • Workforce management
  • Cost pressures
  • Culture
  • Climate degradation

Rethinking organizational resilience

Three key themes drove the risks this year including a ‘renationalization of resources’ and a ‘triple squeeze’ of growing cost pressures, supply chain risks and labor / labour scarcity. The final theme, the need to ‘rethink organizational resilience’, is unique as its own distinct risk area and a driver of a multitude of other risks, says the report.

The ability to withstand crises and disruptions may become more critical next year, and many organizations still take a limited view of resilience, mostly focused on business continuity and IT disaster recovery. This narrow view of resilience fails to account for additional risks impacting resilience including greatly increased economic volatility and impacts from climate degradation.

“Rethinking resilience is a key theme that underlies a diverse set of risks facing organizations in 2023, including economic volatility, climate degradation and third-party risk management,” said  Leslee McKnight, vice president for the Gartner Legal, Risk and Compliance practice. “Currently less than one third of audit leaders are highly confident in their team’s ability to provide assurance over organizational resilience risk, and more concerning, less than half plan to cover organizational resilience in audit activities in the coming year.”  

McKnight further noted that the increasingly interconnected risk landscape increases the chances for cascading risks, where one risk causes additional risks to manifest for an organization, a scenario that few organizations are actively planning against today.

More detailed analysis is available to Gartner clients in the full report 2023 Audit Plan Hot Spots.  Nonclients can complete free registration to read more here.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.