In a changing environment where risk impacts and likelihoods can switch rapidly, internal audit must be responsive to change and attuned to disruption.
In an age where extreme weather events, rapid technological change, and geopolitical turmoil are becoming more frequent — and in some cases, more catastrophic — organizations are increasingly having to react more quickly to high-impact events. Business interruption to companies' physical assets and supply chains caused by climate change, for example, can cripple production schedules. Risks that may have been categorized as unlikely but with a high impact — such as Brexit — can suddenly leap to the top of an organization's risk register overnight. Newly emerging risks that seemed nearly impossible, like the U.S.–China trade war, can result in priorities that have been mainstays of boardroom agendas for years being knocked off the critical list. Moreover, disruptive technological and other advancements may require organizations to pivot on short notice to either leverage new capabilities or manage new threats.