Update: Travel Travails

Articles The IIA Oct 10, 2022

Business travelers question whether the risk of delays is worth the flight.

In one survey, close to 75% of business travelers report travel disruptions.

While travel restrictions stemming from the COVID-19 pandemic have lessened in the past year, air travel challenges are still a significant issue in the business community. Airlines have struggled to cope with staffing and supply chain challenges, which have led to high volumes of delayed or canceled flights and airport capacity caps.

In a recent survey of 750 business travelers from France, the U.K., and the U.S. by travel agency Egencia, 73% say they have encountered some type of travel disruption. Many business travelers are using tactics to try to minimize travel snags: More than half indicate they have booked early-morning flights — under the assumption that they are less prone to delays or cancellation — and 40% say they avoid particular airlines or airports.

The disruptions have become so widespread and expected that many businesspeople are exploring alternatives to air travel. “About 50% of people are questioning a business trip because of what might happen,” said Egencia President Mark Hollyhead at the Global Business Travel Association conference in San Diego. “I don’t think we’ve ever had that before.”

Likewise, internal audit functions are concerned about travel, both from an assurance-providing perspective and an organizationwide risk perspective. The transition to more remote auditing processes and remote work rapidly accelerated during the pandemic, and ongoing travel disruptions only look to solidify these trends.

“We were under the notion that remote auditing is a temporary adjustment, but it is here to stay,” said Sundaresan Rajeswar, group internal audit manager at Qatar-based Teyseer Group, during a recent IIA–Qatar webinar on “The Future of Remote Auditing.” “Auditors have to use this crisis as an opportunity to increase our agility and become more resilient for the future.” —Logan Wamsley

71% of global cybersecurity professionals rate their organization’s security efforts as either good or excellent.

Source: GitLab, 2022 Global DevSecOps Survey: Thriving in an Insecure World

Uninvited Guests

Digital transformation means more external fraudsters are crashing the online platform party.

The push toward digital transformation and the emergence of even more digital platforms for business and commerce have created new avenues for fraudsters to exploit. According to PwC’s Global Economic Crime and Fraud Survey, 40% of organizations that have experienced fraud over the last two years say it was connected to the digital platforms they rely on. Reliance on these platforms “opens the door to myriad fraud and other economic crime risks that most companies are just beginning to appreciate,” the report states.

The survey describes “an unsettling threat profile” emerging in the form of a rise in external threats that cannot be easily controlled or influenced, unlike insider threats. Nearly 70% of organizations experiencing fraud report that their most disruptive incident was from an external attack or collusion between external and internal sources. The top three types of external perpetrators committing fraud are hackers (31%), customers (29%), and fraudsters associated with organized crime (28%).

The report details additional trends: Organized crime groups are becoming more professional, there is a rising trend of formerly law-abiding people engaging in fraud, and bad actors are collaborating online. “Thanks to chat rooms, the dark web, and cryptocurrency, specialists in data breach, false ID creation, attack methodology, and other nuanced areas can connect, coordinate, and transact with a growing criminal economy,” the survey explains. —Trinity Curbelo

Risk Programs at risk?

Risk and compliance professionals globally report on the state of their R&C programs.

ASSESSMENT GAP

26% say the organization’s risk assessment is not current or not subject to periodic review.
47% say assessments are informed by current operational data.

THE ESSENTIALS

66% say regulatory compliance is “absolutely essential” to the organization’s compliance program.
39% say organizational culture is “absolutely essential” to the program.

_{Source: NAVEX, 2022 Definitive Risk & Compliance Benchmark report}

Replacing the Failing CEO

4 in 10 failing CEO's retain their jobs despite five years of worst-in-class performance based on return on assets.
29% of departing CEOs from publicly listed companies who left their position between 2017 and 2021 had a high “Push-out Score,” which suggests an involuntary departure.

“Companies with a really good succession plan should be able to appoint a permanent successor almost immediately.”
—David Larcker, professor emeritus of accounting, Stanford Graduate School of Business

_{Source: Stanford Graduate School of Business, Firing and Hiring the CEO: What Does Turnover Data Tell Us About Succession Planning?}

Ask An Expert

Insight on Internal Audit

Based on the Internal Audit Foundation’s recent report, Internal Audit: A Global View, where is internal audit focusing its efforts?

The report found that internal audit functions are significantly involved in compliance (78%), fraud (57%), and enterprise risk management activities (56%). More than 50% of respondents say they are also significantly involved in IT and cyber-
security initiatives.

While these results are not surprising, there are some areas that showed low involvement. For example, only 22% of internal audit functions say they are involved in auditing third-party relationships, and 15% are involved in sustainability and nonfinancial reporting.

Globally, government regulations for environmental, social, and governance areas may quickly escalate. Internal audit can expect to see more organizations seeking out its help, as a result.

What does the report say about audit resources?

As new risks emerge, expectations for new skills and audit coverage increase. Despite growing expectations, the report found that 71% of audit functions have 10 or fewer staff members. The good news is that globally most internal audit functions are mature; 82% of internal auditors work in functions that are considered level 3, 4, or 5 on an internal audit maturity matrix.

To help bridge the resource or skills gap, just over half of CAEs report they use an outsource or cosource model. CAEs say the main reasons for outsourcing and cosourcing are the need for technical knowledge (76%) and to increase staff capacity (41%).

Investors warm up to SEC climate disclosures proposal

7 of the top 10 U.S. Asset Managers say they favor mandatory climate change disclosures by all publicly listed companies.
8 of the top 10 U.S. Asset Managers say the Securities and Exchange Commission should align with internationally accepted standards, namely from the Task Force on Climate related Financial Disclosures and the International Sustainability Standards Board.

_{Source: Harvard Law School Forum on Corporate Governance, Climate Disclosures: Not Quite as Easy as (Scope) 1-2-3}

In terms of funding, only 51% of respondents indicate their function’s funding is mostly or completely sufficient. Interestingly, one of the key drivers for adequate funding is having a functional reporting line to the audit committee, board, or board equivalent.

_{Yulia Gurman, CIA, is vice president, Internal Audit and Corporate Security at Packaging Corporation of America and chair of the Internal Audit Foundation’s Committee of Research and Education Advisors.}

Update: Travel Travails

Business travelers question whether the risk of delays is worth the flight.

Uninvited Guests

Ask An Expert

Based on the Internal Audit Foundation’s recent report, Internal Audit: A Global View, where is internal audit focusing its efforts?

What does the report say about audit resources?

Investors warm up to SEC climate disclosures proposal

The IIA

The Institute of Internal Auditors

Learn more with our other resources

Access the Digital Edition