Article
Identify emerging internal audit risks to prepare for tomorrow’s insurance world
March 24, 2023 · Authored by John Romano, Christopher J. Tait, Rachel Schmoyer
Baker Tilly financial services risk advisory specialists hosted a panel discussion highlighting all of today’s insurance internal audit hot topics and perceived emerging risks. They were joined by internal audit executives from three insurance organizations. Each panelist possessed insurance expertise and came from different backgrounds and workforce environments, and therefore offered interesting and differing opinions on the popular topics that were discussed. Baker Tilly specialists posed several important questions to our panelists – below you will find a summary of their responses.
Top and emerging risks
During the webinar, we polled attendees regarding several topics, including the top risk on their internal audit plan and the results were not surprising: 42% of respondents said cybersecurity and/or data privacy is a top risk, 16% said digital transformation, 14% said third party risk, 8% said pricing/underwriting and 21% said other/not applicable.
Many internal audit professionals are asking the same questions regarding controls within their organization and internal audit plan risks. Compliance and regulatory risk, fast changes in processes and internal controls, talent acquisition and retention and cybersecurity were considered by our panelists to be some of the most significant risks currently facing organizations within the insurance industry.
Insurers have been facing cyber risks for years now. As technology continues to change and new technological systems are established in order to improve efficiency, new policies need to be enforced in order to ensure these systems are implemented correctly and used to their full potential. Because digital transformation is so essential in today’s world, internal auditors are facing challenges in ensuring their data stays safe and protected.
Following the great resignation, nearly every industry is facing dramatic shifts in their workforce, staffing and employee dynamics. Large portions of the workforce in the United States are either retirement age or have less than five years of relevant work experience, and this has created a challenging obstacle for organizations to overcome. In order to face targeted growth objectives, internal auditors are facing challenges regarding appropriate staffing, establishing succession plans for employees approaching retirement age, and training new hires.
Another common risk is human resources (HR) departments ensuring that they are monitoring compliance regulations and controls in place to address compliance risk. Once controls are established, it is important to ensure that they are scalable and capable of sustaining the growth of your organization.
As organizations continue to grow, balancing efficiency, sustainability and scalability with controls has proven to be an important emerging risk. Too many controls and policies pose the possibility to stymie growth, so internal auditors working for growing organizations are faced with the challenge of finding the right balance between continuous monitoring and staying on top of risks and seeking new processes, opportunities and technologies to complement their growth.
You can’t address the risks facing your organization if you don’t know what they are, so keeping an observant eye on current events such as macro-economic and geopolitical changes, climate change and advancements in technology are ways to combat these risks. One of our panelists posed an important question: As the world changes, how should your internal audit department react in its auditing and what questions should you be asking in order to combat these changes that will inevitably impact your organization?
Inflation and the possibility of a recession can have a huge impact on whether or not your organization will be able to meet its growth objectives, so having a contingency plan in place for times of stress and uncertainty is key. Climate change is another emerging risk that is impacting nearly every industry across the globe due to pricing changes.
Staying in contact and constant conversation with business partners and clients is important to ensure that everybody has the proper plans in place to combat emerging risks. A key aspect of addressing top and emerging risks is to do auditing even when you are not auditing – always stay on top of the risks your organization is facing and try to anticipate any changes or obstacles that may be heading your way.
When asked what types of emerging risks they are most concerned about for their respective organizations, 23% of webinar attendees said talent management, 21% said cybersecurity, 8% said artificial intelligence, 5% said climate change, 4% said none of the above and 38% said all of the above.
