Office building courtyard with trees

Identify emerging internal audit risks to prepare for tomorrow’s insurance world

Baker Tilly financial services risk advisory specialists hosted a panel discussion highlighting all of today’s insurance internal audit hot topics and perceived emerging risks. They were joined by internal audit executives from three insurance organizations. Each panelist possessed insurance expertise and came from different backgrounds and workforce environments, and therefore offered interesting and differing opinions on the popular topics that were discussed. Baker Tilly specialists posed several important questions to our panelists – below you will find a summary of their responses.

Top and emerging risks

During the webinar, we polled attendees regarding several topics, including the top risk on their internal audit plan and the results were not surprising: 42% of respondents said cybersecurity and/or data privacy is a top risk, 16% said digital transformation, 14% said third party risk, 8% said pricing/underwriting and 21% said other/not applicable. 

Many internal audit professionals are asking the same questions regarding controls within their organization and internal audit plan risks. Compliance and regulatory risk, fast changes in processes and internal controls, talent acquisition and retention and cybersecurity were considered by our panelists to be some of the most significant risks currently facing organizations within the insurance industry. 

Insurers have been facing cyber risks for years now. As technology continues to change and new technological systems are established in order to improve efficiency, new policies need to be enforced in order to ensure these systems are implemented correctly and used to their full potential. Because digital transformation is so essential in today’s world, internal auditors are facing challenges in ensuring their data stays safe and protected. 

Following the great resignation, nearly every industry is facing dramatic shifts in their workforce, staffing and employee dynamics. Large portions of the workforce in the United States are either retirement age or have less than five years of relevant work experience, and this has created a challenging obstacle for organizations to overcome. In order to face targeted growth objectives, internal auditors are facing challenges regarding appropriate staffing, establishing succession plans for employees approaching retirement age, and training new hires.  

Another common risk is human resources (HR) departments ensuring that they are monitoring compliance regulations and controls in place to address compliance risk. Once controls are established, it is important to ensure that they are scalable and capable of sustaining the growth of your organization. 

As organizations continue to grow, balancing efficiency, sustainability and scalability with controls has proven to be an important emerging risk. Too many controls and policies pose the possibility to stymie growth, so internal auditors working for growing organizations are faced with the challenge of finding the right balance between continuous monitoring and staying on top of risks and seeking new processes, opportunities and technologies to complement their growth.

You can’t address the risks facing your organization if you don’t know what they are, so keeping an observant eye on current events such as macro-economic and geopolitical changes, climate change and advancements in technology are ways to combat these risks. One of our panelists posed an important question: As the world changes, how should your internal audit department react in its auditing and what questions should you be asking in order to combat these changes that will inevitably impact your organization?

Inflation and the possibility of a recession can have a huge impact on whether or not your organization will be able to meet its growth objectives, so having a contingency plan in place for times of stress and uncertainty is key. Climate change is another emerging risk that is impacting nearly every industry across the globe due to pricing changes.

Staying in contact and constant conversation with business partners and clients is important to ensure that everybody has the proper plans in place to combat emerging risks. A key aspect of addressing top and emerging risks is to do auditing even when you are not auditing – always stay on top of the risks your organization is facing and try to anticipate any changes or obstacles that may be heading your way.

When asked what types of emerging risks they are most concerned about for their respective organizations, 23% of webinar attendees said talent management, 21% said cybersecurity, 8% said artificial intelligence, 5% said climate change, 4% said none of the above and 38% said all of the above.

ChatGPT and internal audit

A shocking 64% of webinar attendees said they were somewhat familiar with ChatGPT. Only 8% were very familiar and 28% had never heard of it.

Because ChatGPT and this type of artificial intelligence is still in its infancy, many organizations have not yet fully implemented it into everyday use. Those that have started using it, however, are using it for training purposes, for audit program development and assistance, benchmarking, coding assistance, report writing and data analytics. Many smaller teams do not have the budget to hire specialists in areas like data analytics, so ChatGPT will be an extremely beneficial tool to them.

In terms of internal audit, ChatGPT is able to:

  • Develop audit objectives and test plans
  • Assist in writing internal audit observations and recommendations
  • Provide benchmarking considerations
  • Provide coding support for analytics

Something important to consider that one of our specialists pointed out: many people are fearing that artificial intelligence tools like ChatGPT will replace our skilled workforce. In reality, people using these artificial intelligence tools will replace people not using artificial intelligence. Utilizing a tool like ChatGPT in a safe and effective manner may benefit your organization, but risks and other issues as discussed below should be considered.

As organizations get more comfortable with using ChatGPT, there will be one clear victim: critical thinking. There is a fear that because these new technologies are becoming more prevalent, young talent will not have to learn the technicalities of internal auditing like their predecessors. Though implementing ChatGPT is a smart thing for organizations to do, they need to be careful in ensuring that the development and critical thinking skills of their employees does not fall behind. 

Like many technologies in the past, even those that are resistant to ChatGPT will likely implement it as time progresses and they see how it can truly benefit their organization. Having policies in place, however, to ensure that members of your organization are handling client data and using ChatGPT responsibly is essential. Open communication with team members to gain a better understanding of how and when they are using this technology is key, especially when it comes to client-related work and most importantly, confidential data. 

When asked where they believe ChatGPT can be the most beneficial to assist with the internal audit function, 30% of webinar attendees said audit test plans, 21% said training, 18% said audit objectives, 16% said audit recommendations and 15% said other/not applicable. 

Talent issues and organizational risk

The panelists in our discussion each work in different work environments – hybrid, remote and in-office – and offered unique perspectives on the benefits of their respective work environments.  

One similarity across all panelists to note: flexibility and work-life balance is important to employees regardless of whether they are working from home or commuting to work in-office, and failure to recognize this has led to a higher employee turnover rate. The great resignation and the recent spike in retirements has forced more and more organizations to take these factors under consideration in order to gain and retain talent. 

Of the webinar attendees, 69% have hybrid work environments, 9% work fully in-office and 22% are fully remote. 

Being a strong internal audit leader involves having a strong vision of what your department should look like and demonstrating and working towards making that vision a reality. Ensuring that you are staying on top of changes in your respective industry, as well as within your organization, is an essential step in becoming a successful leader not only in internal audit but across every department and team. Another important step is alignment: you must be in agreement with leadership on your organization’s objectives and have strong relationships with fellow business partners and stakeholders.

All of the panelists agreed that strong internal audit leaders:

  • Understand key drivers of motivation for their team
  • Offer training opportunities within the department
  • Partner with an develop trust with key stakeholders in the organization
  • Encourage empowerment through passion projects and learning opportunities

We asked webinar attendees what characteristics and skillsets of an internal audit leader are most important. 36% said successful internal audit leaders possess a strong vision for internal audit and align with the organization’s strategic objectives. 30% said a strong internal audit leader is someone that is a trust builder within the organization and empowers the internal audit team to deliver. 22% said being a partner with the business and having the right seats at the right tables is vital, and 12% said it is most important to be able to attract and retain required talent in order to keep up with the pace of change.

Leaders that demonstrate open-mindedness in their interactions and communications are often successful in their positions because team members feel that they have a voice that is being heard. The hardest part of being an internal audit leader is not only setting the right tone within the internal audit department, but also across the entirety of the organization. Having strong relationships with leadership can set a more positive tone and make the internal audit process easier for everyone. Understanding your organization’s vision and being able to communicate it to your team and the rest of the organization is also key. On top of this, establishing a safe environment for team members to feel that they can speak up and voice opinions is extremely important.

For more information on how to effectively handle the current talent environment, refer to an article authored by our risk advisory specialists: Three ways internal audit can outmaneuver the talent problem – and win.

As is evidenced by the information we received from our panelists, having a good understanding of the top and emerging risks (and opportunities) facing the insurance industry is an essential part of not only successfully running your organization, but also in being a great leader. If you were unable to attend the webinar or would like to revisit the conversation, view the recording posted below. For more information on these topics, or to learn how Baker Tilly’s insurance and risk advisory specialists can help your organization reach new heights.

John Romano
Christopher J. Tait
University campus during the daytime
Next up

How higher education and research institutions may benefit from using HITRUST to navigate research data security requirements