Skip Ribbon Commands
Skip to main content

What You Need To Know To Stay Ahead Of The Curve


Risk management continues to be paramount as organizations aim to stay on top of emerging issues and how they impact performance. Disruptions in an organization’s operations can be devastating. As hackers become increasingly sophisticated and organizations become ever more dependent on third parties, critical infrastructure and technology, the opportunities for fraud grow and regulatory compliance becomes more complex. Following are key insights into current risk trends in internal audits and tips on how to prepare for them.

Vendor Risk Management

​As the role of third-party service providers in companies has grown, monitoring them has become critically important to companies. Organizations often are challenged to identify which of their vendors are putting them at risk. You should perform adequate diligence over the sourcing of vendors and have a program for those which should be monitored on a continuous basis to ensure they are in compliance with their service level agreement and meeting pre-defined performance metrics. They should also determine how technology and the effective use of data analytics can help screen vendors to reduce risks.

Fraud Risk Management

Companies need to continue to monitor the activities of employees, vendors and third parties to detect and, wherever possible, prevent financial fraud or employee misconduct that can result in financial losses and damaged reputations. You should be especially aware of the fraud risk triangle opportunity, motivation and rationalization, through annual fraud risk assessments. Regular assessments identify fraud risks are present, enabling companies to prevent them. Fraud awareness and identification is on the rise due to the emphasis companies have placed on improving their financial controls environment to comply with Sarbanes-Oxley and other regulations. These controls make it more difficult for individuals to perpetrate frauds.

Crisis Management

Scenario planning plays a strong role in successfully dealing with a crisis situation. Such planning includes holding workshops and developing documented plans to prepare for and respond to potential crises such as cyber intrusions, regulatory scrutiny or investigations, compliance challenges, litigation, workplace violence, pandemics, natural disasters, and other major disruptions. Since a crisis occurs without warning and requires an immediate response, organizations need to take steps to ensure plans are in place and functional.

Cyber Security

All organizations and companies are vulnerable to cyber-attacks, and on a variety of levels. Data and critical processes cross many organizational functions, including customer service, strategic sourcing, supply chain, human resources, business partnerships, and information technology. To prevent damaging incursions to your systems, it is critical to understand risk, not just at the technology infrastructure or data levels, but also at the business process level.

Since companies are more connected to more organizations than ever before through the internet (i.e. cloud), you need to monitor those connections to better understand how company information is protected.

Regulatory Compliance

The growing number of financial regulations affect every facet of a company's operations and are being enforced more aggressively by regulators. In this environment, companies need to anticipate regulations before they are implemented and plan for them under the leadership of the chief compliance officer. Companies need to have mechanisms in place to monitor changes in regulations, including; employing a methodology to help prioritize regulatory requirements and comply with new requirements; evaluating compliance program effectiveness with regard to monitoring, testing and reporting, and ensuring they have an enterprise-wide view of regulatory risk. All will enable you to respond to regulatory changes and provide comfort to your Board of Directors and those charged with oversight that regulatory risk is mitigated through effective internal controls.

Analytics and Reporting

As regulatory requirements become more stringent and the demand for risk aggregation and improved data quality increases, it is essential you concentrate on improving risk reporting, particularly within the financial services sector. The ability to identify risk exposure across entire organizations and understand its concentration and counterparty risk from a business perspective is imperative for your continued success.

To learn more, contact Geoff Rodrigues, CPA, CA, CIA, CRMA, ORMP, National Internal Audit Leader, at 416.515.3800 or [email protected], o​r contact your local MNP Enterprise Risk Services advisor.