Risk in Focus Report highlights challenge of regulatory compliance for Internal Auditors

Jonathan Brun

On the one hand, COVID has made us all realize the importance of systems, compliance and tracking of actions items. On the other hand, COVID has also put tremendous time pressure on our teams and forced us to get things done quickly and effectively. In the short term most organizations can manage and adapt with restricted resources, but in the long term we need to invest to prepare for uncertain times. A recent report from the Internal Auditing association maintains that “There may be a temptation for the business to deprioritize regulatory requirements…”. We have seen this first hand as we discuss with companies around the world. They were in such a rush to meet COVID and hygiene requirements that everything was done in Word, Excel and Emails. Now is the time to systematize your work and prepare for future regulatory changes coming down the pipeline.

The report also outlines the pressure companies have to digitize their systems to allow for easy access to remote workers. Paper and email is clearly inadequate when workers are remote and need information to be readily available. The report however cautions that up to 70% of digitization projects do not achieve their ultimate goals. At Nimonik we have seen too many companies embark on digitization plans without the adequate internal resources to fully deploy them. They end up with half baked solutions that are more of a nuisance that a solution. Digital project management is a very complex process, but suffice to say that planning and resources and management support are the critical pillars of a successful transition for your compliance systems to go into the online world.

In addition to finding that some companies have pushed off compliance, the recent IIA Risk in Focus Report also identifies Regulatory Change and Compliance as the number 2 risk facing organizations today and where the most time is spent auditing. They summarized the report as:

Key findings

  1. The top three risks currently facing businesses in 10 European countries are: cybersecurity and data security (79%), regulatory change and compliance (59%) and digitalisation, new technology and AI (50%).

  2. For the first time ever, disasters and crisis response has been included in our survey, with 34% of Chief Audit Executives (CAEs) voting for it as a top 5 risk priority for their organisation.

  3. Climate change and environmental sustainability is becoming an increasingly pressing issue for businesses, with 22% of CAEs citing it as a top 5 risk – an annual increase of 50% on the year before.


It is somewhat surprising that one of the top 5 risks in 2020 would be regulatory change. Shouldn’t companies have put in place systems and process to manage regulatory change effectively by now? If this report is anything to go by we all have a lot of work this year. We need to centralize and systematize our systems while also moving them into secure digital tools! Regulatory change is only going to increase, the sooner you tackle the challenge of identifying your compliance obligations and building a management system, the sooner you will free up company resources to focus on performance.

Just to toot our own horn, I would like to mention that Nimonik’s Comprehensive Compliance platform helps organizations effectively manage these risks and costs by:

  1. Providing access to all your applicable regulations and standards
  2. Managing all your obligations in one location synchronized with associated regulations and standards
  3. Automatically notifying and tagging obligations when regulations and standards change
  4. Providing an extensive library of risk-based assessments and audits to identify any gaps or corrective actions in your compliance
  5. Managing all your actions needed to achieve and maintain compliance
  6. Providing real-time status reporting of your compliance so you always know if you are off-side

Contact us to learn more.