Cyber security is the number one threat facing organisations in 2022, with climate change also a growing risk, research by the Chartered Institute of Internal Auditors (Chartered IIA) suggests.


This is the fourth year running that cyber security has topped the annual ranking by the Chartered IIA, which is based on a survey of more than 700 chief audit executives (CAEs) across Europe.

Changes to laws and regulations are perceived as the second-biggest risk for next year, followed by digital disruption, new technology and artificial intelligence.

Climate change and environmental sustainability has climbed four spots to eighth position in the ranking, putting it in the top 10 for the first time.

However, the researchers also found that 69% of CAEs still don’t consider climate change as a top five risk, and that just 12% of internal audit teams are prioritising spending significant time and effort on the issue.

The Chartered IIA said that it is “alarmed by the gap between awareness and action” taken on this rising risk, and encouraged organisations to act now to avoid disruption in the future.

“The rapid and radical adaptation seen across the corporate landscape during the pandemic demonstrates what businesses are capable of when needs must,” said John Wood, chief executive of the Chartered IIA. “Now is the time for similar innovation in response to the growing risk posed by climate change.

“Businesses should prepare for climate change risks now to avoid large-scale disruption in the coming years, and internal auditors must play crucial planning and monitoring roles here. Those that fail to do so put their continued existence in jeopardy.”

How the CAEs ranked their top five risks for 2022 is shown below:

Although cyber security topped the ranking again – which is unsurprising given the increase in cybercrime over the last 18 months – the Chartered IIA said that organisations should consider climate change a “forever risk”, and act to defend against this now by:

Ensuring climate change and sustainability is central to the organisation’s values, mission and strategic goals
Establishing sustainability goals which align with the UN’s 17 Sustainable Development Goals
Investing in projects that will future proof products and services
Planning for any climate-related physical and political risks which may jeopardise an organisation’s future
Reducing organisational greenhouse emissions and moving away from harmful or unsustainable manufacturing processes or materials.
“At a minimum, companies should record and publish their activities related to climate risk and sustainability, using internationally recognised standards such as the Task Force on Climate-Related Financial Disclosures,” commented Mike Ashley, chair of the audit committee at Barclays.

“Fundamentally, we need to ensure that high level sustainability announcements by businesses are actually lived up to, so I think there is work that internal audit can do in that space to ensure that we do walk the talk.”


Leave a Reply

Your email address will not be published. Required fields are marked *