On the CAE agenda: Q4 2021

Quick insights on ransomware, ESG assessments, and digital acceleration in the IA function.

Michael A. Smith

Michael A. Smith

Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

+1 214-840-6019

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393

Strategy & Value Management

  • Broadening risk coverage as business model and digitization efforts evolve
  • Integration and coordination across three lines of defense (e.g. common risk taxonomy)
  • Getting to the right KPI to measure value for the business
  • IA’s role in disruptive events (transactions, transformations, etc.)

Risks & Responses

  • Ransomware incident response*
  • ESG initial program assessment*
  • System implementations
  • IT resiliency
  • Supply chain*
  • Data governance and data management
  • Supply chain digital risk
  • Cost containment
  • AI; Machine learning
  • Cloud services and storage (e.g. data security, business continuity)
  • Fraud risks
  • Culture risk*
  • Distributed workforce risk (e.g. tax implications)
  • Automated governance*

Operational model

  • Operating with increased agility, especially an agile risk assessment and plan
  • Staying close to the business in a virtual environment

Modern workforce

  • Need for more specialized or mature capabilities around data analytics and insights
  • Upskilling IT and enterprise technology Acumen
  • Overcoming talent drain and resource needs through hiring and retention
  • Overall shift in skillsets needed given shifts in IA delivery model

Digital acceleration

  • Data-driven enterprise risk assessment
  • Focus on automation
  • Continuous monitoring
  • Stronger integration of second and third lines on common GRC technologies to improve alignment of processes and data across the audit, risk, and compliance technology ecosystem
  • Process mining

Stakeholder engagement

  • Resourcing needs across the organization
  • Improving AC chair connectivity
Bold indicates a newly added topic