Cyber threats and IT governance are top risk areas for internal auditors to address in their audit plans for 2023, according to Gartner, Inc. The Gartner 2023 Audit Plan Hot Spots Report identifies the top 12 risk focus areas for chief audit executives (CAEs) to help them identify risks to their organizations and plan audit coverage for the coming year.

The annual report is based on a survey of 112 CAEs completed in August 2022, additional structured interviews with CAEs and IT audit leaders, and data and insights developed from cross-functional Gartner research throughout 2022. 

Adjacent hot spots, such as ensuring adequate IT governance and third-party risk management, contribute to a challenging outlook for mitigating organizations’ potential cybersecurity threats in 2023, the survey revealed. While most CAEs indicated they planned to address cybersecurity next year, only 42% of survey respondents expressed high confidence in their ability to provide sufficient assurance in this area.

“Cyber threats remain a perennial concern for CAEs, yet the drivers of this risk have evolved as a result of new geopolitical conflicts and the heightened prospect of state-sponsored attacks,” said Leslee McKnight, Vice President for the Gartner Legal, Risk and Compliance practice. “Mitigation plans need to be revisited to reflect the evolution of the risk and prepare the organization to meet increasingly stringent disclosure requirements in the event of a breach.”

2023 Audit Plan Hot Spots

1. Cyber threats
2. IT Governance
3. Data Governance
4. Third-Party Risk Management
5. Organizational Resilience
6. Environmental, Social and Governance (ESG)
7. Supply Chain
8. Macroeconomic Volatility
9. Workforce Management
10. Cost Pressures
11. Culture
12. Climate Degradation

Building Business Resilience

According to Gartner, three key themes drove the risks in 2022: a “renationalization of resources” and a “triple squeeze” of growing cost pressures, supply chain risks, and labor scarcity. The final theme, the need to “rethink organizational resilience,” is unique as a distinct risk area and a driver of many other risks.

The ability to withstand crises and disruptions may become more critical next year. Many organizations still have a limited view of resilience, primarily focused on business continuity and IT disaster recovery — this narrow view of resilience doesn’t account for other risks impacting resilience, Gartner says.

An increasingly interconnected risk landscape increases the chances for cascading risks, Gartner says, where one risk causes additional risks to manifest for an organization, a scenario that few organizations are actively planning against today.

For more insights, visit www.gartner.com.

Women are more likely than men to experience harassment within or on their way to their workplace, with 44% of women experiencing harassment compared with 26% of men. In the majority of all reported cases of harassment (83%), the perpetrator was a man, according to a YouGov survey.

Conducted by the Suzy Lamplugh Trust, the survey found high levels of violent, aggressive, sexual and unwanted behaviors against employees working or on their way to work in the United Kingdom night-time economy.

Of the 1768 night-time economy workers surveyed, one-third (34%) had experienced some form of unwanted behavior while working or on their way to work, and 15% of respondents had experienced sexual harassment. Of respondents who had been harassed while working in the night-time economy, 25% reported experiencing these unwanted behaviors more than 10 times, and 26% reported having changed their place of work as a result.

Of respondents who had been harassed, 60% had never reported their experiences to their employer, with many unconvinced that action would be taken. In addition, 75% of respondents who had been harassed while working or traveling to work in the night-time economy had not reported their experiences to the police.

To mitigate workplace harassment, the Suzy Lamplugh Trust recommends:

• Support legislation requiring employers to take all reasonable steps to stop workplace sexual harassment while protecting employees from sexual harassment.
• Work to ensure there is a national framework for tackling harassment that can be implemented within businesses. This framework would build on best practices, including rolling out bystander training.
• Enact legislative change to ensure individuals’ right to safety within public spaces. Governments must support proposals to make public sexual harassment a standalone offense.
• Prioritize funding for women and girls’ safety on public transport and continue funding for safer public spaces. Transport services must provide regular, safe routes home from work, such as 24-hour transport systems.
• Collect and publish data on the prevalence of workplace harassment, including sexual harassment, and the impact on those who experience it to support more victims.
• Publish the organization’s personal safety policy. 

For more insights, visit www.peoplesafe.co.uk