Risk in Focus 2023


For the past seven years, Risk in Focus has sought to help Chief Audit Executives (CAEs) to understand how their peers view today’s risk landscape as they prepare their forthcoming audit plans for the year ahead. Risk in Focus 2023 research was conducted in March and April 2022.

Data was collected through a quantitative survey among CAEs across 15 European countries which included: Austria, Belgium, Bulgaria France, Germany, Greece, Italy, Luxembourg, the Netherlands, Slovenia, Spain, Sweden, Switzerland, and the UK & Ireland. The survey elicited a record-breaking 834 responses from CAEs across Europe. Simultaneously, four roundtable discussions were organised with 39 Chief Audit Executives (CAEs) on each of the risk areas covered in the report. In addition, we also conducted 9 one-to-one interviews with subject matter experts that included CAEs, Audit Committee Chairs and industry experts to provide deeper insights into how these risks are manifesting and developing.

Risk in Focus 2023 sets out a series of recommendations for how organisations can tackle these risks including:

  • Boards should work with their internal audit functions to assess whether the assumptions the organisation has made about the nature of key risk areas are still valid today and fit for the circumstances likely to arise in 2023.
  • Boards should work with their internal audit function to focus on systemic risks that create vulnerabilities in many parts of the organisation simultaneously and ensure risk assessment and risk management efforts provide the board with clear oversight of such risks.
  • Boards should work with their internal audit function to assess whether the organisation has effective and timely mechanisms in place to spread information on new cyber threats, countermeasures, and advice throughout the business.
  • Boards should work with their internal audit functions to better understand the company’s goals and maturity on climate-related sustainability and assess how far this is reflected in the business and action plans on different levels.
  • Boards should work with their internal audit function to evaluate whether the organisation’s human resources strategies are aligned with its vision and mission, and whether they are suitable for these times of scarcity when it is key to attract and retain employees within the organisation.

The top 10 risks for Risk in Focus 2023 are (with the associated %s indicating those CAEs that ranked each a top five risk – rounded up or down to the nearest percentage point):

  1. Cybersecurity and data security (82%)
  2. Human capital, diversity and talent management (50%)
  3. Macroeconomic and geopolitical uncertainty (46%)
  4. Change in laws and regulations (44%)
  5. Digital disruption, new technology and AI (38%)
  6. Climate change and environmental sustainability (37%)
  7. Business continuity, crisis management and disasters response (36%)
  8. Supply chain, outsourcing and ‘nth’ party risk (34%)
  9. Financial, liquidity and insolvency risks (28%)
  10. Organisational governance and corporate reporting (25%)