Data-driven risk assessment: Signals of change and the risk agenda

Getting the right information at the right time is paramount today, as leaders and executives anticipate the impact of significant events.

The internal audit function (IA) knows its stakeholders and takes the time to foster a relationship of trust attuned to client needs. However, only about 28% of CAEs believe information gathered from audit is comprehensive enough to take immediate business action on.1 Amidst an evolving risk landscape in a digital environment, data analytics enabled audit can underpin the three lines with the right resources to build trust.

Getting the right information at the right time is paramount today as leaders and executives anticipate the impact of global and other significant events. For many, this means considering risk and impact to the IA plan more frequently; increasingly, IA is seeing a shift towards assessing risk more often than annually, with approximately 60% of IA functions now performing their risk assessments semi-annually, quarterly, or more often.2

Layering internal and external data, along with technology into risk assessment and IA planning, provide better risk insights with efficiency, consistency, and quality. Use of data analytics is a powerful tool for the IA function to help assess risk and provide insights to assist management decision-making on process improvements and control effectiveness. IA has become more dynamic, data-driven, and enabled by technology, as it delivers a balance of enhanced assurance and risk insights.


  1. Gartner Audit Leadership Council “Audit at the Speed of Business” Scaling Assurance in a High-Change Environment 2021.
  2. Polling results from KPMG CAE Share Forum held May 2022, approx. 600 respondents.

Contact us

Joseph P Gyengo

Joseph P Gyengo

Principal, US Enterprise Risk Management Leader, KPMG US

+1 404 520 5327