In 2024, internal audit teams have much to contend with, from navigating increasing global regulatory changes to including the SEC's new rules
Very few would argue that the role of internal auditors, like so many other accounting roles, has evolved far beyond what it used to be. In fact, in the years since the pandemic the industry has sped up the use of technology in audits and has created a workflow that explicitly relied even more on data accuracy. As we begin 2024, audit concerns will continue to include the increasingly complex and interconnected risk environment that organizations face today.
Top audit concerns
There are several areas that are giving audit teams some worries this year, including:
Regulatory requirements and financial reporting — The regulatory bodies, including the U.S. Securities and Exchange Commission (SEC), are expected to introduce new rules that could have significant implications and shift regulatory requirements. In addition to introducing new regulations in the past year, the SEC also increased the number of comments letters it sent to companies requesting additional information by more than 60%, and one can infer going forward that the number of those requests will only increase. Further, requiring reporting around issuers’ environmental, social & governance (ESG) activities will be central to some of this year’s priorities. In fact, the SEC is planning to adopt 25 rules in 2024, including some on climate change and ESG disclosures. Indeed, the growing emphasis on ESG regulations and climate change disclosure poses risks that organizations need to navigate. This includes ensuring compliance and integrating these considerations into audit plans.
In some cases, the SEC has asked companies to comment on how macroeconomic factors — such as inflation, rising interest rates, and supply chain problems — may impact their operations. Also, the SEC’s Enforcement Division has made clear that its top priority is to hold entities accountable for securities law violations, which means imposing more, and in some cases, higher fines.
And these regulatory changes are expected not only within the US but across the globe. In fact, according to the Internal Audit Foundation’s 2024 Risk in Focus survey, more than 45% of the global respondents cited regulatory changes as a significant concern for them in the coming year (with 50% of respondents from North America, the Asia Pacific region, Latin America, and Europe rating it as a top concern). In addition to regulatory requirements, there are global tax changes, including around e-invoicing and the Pillar 2 tax regime. For multinational entities, there may be profound implications for their global tax obligations, which necessitates a focus on understanding and adapting to these changes.
External factors — Such external factors as global economic volatility and geopolitical instability are likely to play a significant role in many businesses’ operations and, therefore, impact many companies’ financial reporting. The wars in Europe and the Middle East, including the impact on global supply chains as growing conflict on the Red Sea disrupts ships moving goods around the world, are unlikely to resolve quickly, with some shipping experts to say they believe the crisis may last months, leading to a crunch of cargo container supply.
Cybersecurity — Cyberattacks and related incidents continue to rise worldwide. These attacks are more frequent and severe and have a tremendous impact on companies, governments, and individuals.
Technology — The continued expansion of technologies that can impact how work is done has made itself a priority for audit leaders. Tax authorities have made it clear that their intentions of enforcement are a high priority, including the doling out of penalties. In addition, tax authorities are increasingly using technology to process taxes and have the same expectation that companies will provide them with requested information faster by using such advanced technology. These heightened requirements, including the disruption of generative artificial intelligence, are a major concern for internal audit teams.
First, audit teams should learn to be excellent at what they are already great at. Despite all the noise and growing concerns that are potentially impacting businesses, the audit team, first and foremost, must focus on what it does best, which is ensuring financial reporting, accounting, and disclosure obligations are handled completely, accurately, and in a timely manner.
The work that audit teams do can contribute to the overall businesses’ resilience; yet external factors, including geopolitical ongoings, cannot be controlled. So, when audit teams can help the business assess and understand how these seismic events might impact the company, it can help build resiliency into the organization’s long-term strategy.
In a world where artificial intelligence, including machine learning, is all abuzz, companies need to understand how to leverage those technologies that include these capabilities to help them mitigate risk and enhance their own risk management strategies. However, with all of the appeal of these technologies, businesses have to weigh how quickly and where in their processes it makes sense to use them. For example, according to EY’s Audit Committee report for 2024, some organizations are first testing the use of these technologies on non-customer-facing processes in order to improve efficiencies and augment employee intelligence in a less-risky environment.
The roles of corporate audit teams have evolved, and they can be expected to evolve further as changes in the risk landscape continue at a faster pace than ever before. For the audit team, adaptability will need to be one of its central superpowers.