Risk, Cyber and ESG among top priorities for internal audit

17 May 2021 Consultancy-me.com 4 min. read

Ramping up risk management, cyber and sustainability goals are among the top priorities for Middle East internal audit leaders in the coming months, according to a new survey by Protiviti.

Protiviti recently organised a virtual forum for MENA-based executives, finance and internal audit leaders, taking the opportunity to survey the 250+ participants on what they believe are the top strategic priorities for internal audit in the months to come.

Leaders surveyed included Board members, Board Audit Committee Chairmen, Chief Audit Executives, CxOs and other managers from a range of industries and countries including UAE, Saudi Arabia, Bahrain, Kuwait and Oman – but despite the group’s diversity, their views on what’s next for the profession at a time of unprecedented change was notably alike.

Risk, Cyber and ESG among top priorities for internal audit


The majority of participants agreed that the evolving risk landscape is injecting more complexity and thus risk into the art of doing business. In line with this, over half of the leaders (54%) said that their internal audit department needs improvement to effectively achieve appropriate risk coverage, mitigate risks and ensure agile responses to new and unforeseen risks.

This improvement is sought across several aspects of the internal audit function, from its strategic alignment with the broader finance function and building better, foresight-focused analytical capabilities, to deploying technologies to automate processes and enlarge the span of internal audit to identify/address potential control issues. 


Beefing up cyber frontiers is another strongly shared ambition of the surveyed participants, amid a rising threats landscape, with more business being done online and e-criminals using more sophisticated methods to outflank corporate lines of defense. 

In building more secure cyber operations, funding is regarded as a bottleneck, with ‘only’ 38% of the participants stating that their organisations are well funded to mitigate cyber threats. This includes spending that flows towards the technical side of the matter, but also towards the people side of combatting cybercrime through awareness and training programs. 

Protiviti’s Middle East arm had previously already pointed out for the importance of taking on cyber threats, but this time round, the consultancy warned that its threat has only been exacerbated due to the digital acceleration witnessed during Covid-19. 

Further reading: Internal audit function can bolster cybersecurity frontiers

Brian Christensen, a member of Protiviti's global executive leadership team and moderator of the event, said: “The fundamentals of almost every organisation have been altered. It is important for internal audit leaders to assess operational resilience and how internal auditors can become a strategic partner in addressing cybersecurity, privacy, and other priorities facing organisations in this crucial period.” 


Meanwhile, the survey also labelled environment, social and governance (ESG) as a key trend for the profession, in light of growing ESG focus across other parts of corporate life. “4 out of 10 participants at the forum believed that their organisations would be considering ESG in their strategy in the next 1 to 2 years,” explained Sanjay Rajagopalan, a Managing Director at Protiviti

Beyond the consumer-driven push, ESG is on the rise thanks to regulators, who are introducing new laws and reporting standards with the aim of embedding sustainable principles at the core of operations. “Many regulators are focusing their attention on ESG reporting,” said Rajagopalan, “and the audit committee has a role in reviewing these new and expanded disclosures.” 

Other priorities discussed at the event include: Evaluating the pandemic’s near-term and longer-term impacts on the internal control environment; assessing Covid-19-related impacts on financial reporting assertions; addressing privacy and auditing on data management compliance; and working on (digital-driven) innovation in the internal audit function.