Insight

On the CAE agenda: Q4 2021

Quick insights into what IA leaders are discussing with their stakeholders across the core elements of their CAE agendas

Michael A. Smith

Michael A. Smith

Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

+1 214-840-6019

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393


Strategy & Value Management

  • Broadening risk coverage as business model and digitization efforts evolve
  • Integration and coordination across three lines of defense (e.g. common risk taxonomy)
  • Getting to the right KPI to measure value for the business
  • IA’s role in disruptive events (transactions, transformations, etc.)


Risks & Responses

  • Ransomware incident response*
  • ESG initial program assessment*
  • System implementations
  • IT resiliency
  • Supply chain*
  • Data governance and data management
  • Supply chain digital risk
  • Cost containment
  • AI; Machine learning
  • Cloud services and storage (e.g. data security, business continuity)
  • Fraud risks
  • Culture risk*
  • Distributed workforce risk (e.g. tax implications)
  • Automated governance*


Operational model

  • Operating with increased agility, especially an agile risk assessment and plan
  • Staying close to the business in a virtual environment


Modern workforce

  • Need for more specialized or mature capabilities around data analytics and insights
  • Upskilling IT and enterprise technology Acumen
  • Overcoming talent drain and resource needs through hiring and retention
  • Overall shift in skillsets needed given shifts in IA delivery model


Digital acceleration

  • Data-driven enterprise risk assessment
  • Focus on automation
  • Continuous monitoring
  • Stronger integration of second and third lines on common GRC technologies to improve alignment of processes and data across the audit, risk, and compliance technology ecosystem
  • Process mining



Stakeholder engagement

  • Resourcing needs across the organization
  • Improving AC chair connectivity
Bold indicates a newly added topic