MPact » Insight

The Top Risk Management Trends for 2021 and Beyond

By Richard Arthurs,

National Leader, Internal Audit Enterprise Risk Services

The growing emphasis on these critical risk management concerns will continue to shape businesses long after the pandemic is over.


  • One of the lasting consequences of the pandemic is the need for agile, data-based risk management and a focus on the role of Internal Audit.

  • Risks and priorities are evolving faster than ever and potential disruption is a daily consideration that affects every decision and department.

  • The availability of digital tools has improved visibility into emerging risks and challenges, but it’s what you do with this information that really counts.

COVID-19 has proven to be one of the most acute risk management exercises Canadian organizations have ever encountered. It has thoroughly exposed internal audit successes and shortcomings.

It’s exceedingly likely your organization faced at least one of three disruptions in 2020: a rapid transition to remote work, shifting business hours and cleaning procedures, or re-tooling production lines and assets toward higher demand products and services. It’s also unlikely you factored COVID-19 or any of the above scenarios into your organizational risk planning — how could you?

One of the lasting consequences as a result of the pandemic will be a renewed appreciation around the need for agile, data-based risk management and a focus on the role of Internal Audit in strategic decision making. However, organizations cannot wait until the dust has settled to begin shifting their mindset. The risks are still present and evolving every day.

Internal Audit is an independent advisory and assurance function, acting as a trusted advisor, supporting informed decision making and effective resource allocation.

The following six considerations are among the most important risks and trends that Internal Audit must consider in the immediate and medium-term.

These go beyond traditional table stakes of Internal Audit, such as adequacy of internal controls, and each must be framed with the perspective a return to a pre-pandemic state likely will not occur in the foreseeable future — and by many measures, not at all.

RISK TRENDS: COVID-19 Impacts and Future New Normals


COVID-19 Impact

Many companies had not developed pandemic response plans and had determined their business resilience plan was not sufficient—especially with regard to employees working remotely and dealing with material impacts on demand and/or supply related to their business model.

Future New Normal

Companies will need to undertake scenario-planning on a regular basis, with the assumption that material risks and trends will continue to change.


COVID-19 Impact

Many industries have seen a significant increase in hacking attempts. With employees working remotely, the risk of data privacy breaches has increased.

Future New Normal

Many organizations are working towards significant digital transformations which rely heavily on technology to manage supply and demand. It’s critical to evaluate whether cybersecurity controls are effective and efficient enough to deal with this level of change and new/evolving risks.


COVID-19 Impact

When the world started working remotely, data almost instantaneously became critical to success. However, users face significant issues if the data being received remotely lacks integrity or is being shared inappropriately. Not to mention, fines and legal fees related to privacy breaches.

Future New Normal

Ensuring high quality data and avoiding data regulation issues will be the difference between success and failure.


COVID-19 Impact

The primary outcome of COVID-19 is the need for a minimum level of digital capability to maintain business as usual or evolve the business to meet changing consumer demand.

This has led to significant change for some organizations. For others, it has meant full steam ahead for digital transformation.

Additionally, data analytics can provide not only high value insight and decision support, it can also act as a continuous monitoring control.

Future New Normal

Digital capability and automated technology have moved from a nice to have to a survival mechanism. The continuous question of the future will be, “what can robotics do more efficiently and effectively versus humans?” All predictable, repeatable, and frequent processes may soon be replaced by robotic process automation and some form of continuous monitoring using data analytics.

INVESTOR EVOLUTION TO ESG (Environment, Social, and Governance)

COVID-19 Impact

Investors have no choice but to revisit how they invest their money. As the world sits at home and works remotely, the average investor is starting to question their many reasons for investing the way they do. Most importantly, they want to know if their investments are resilient against the backdrop of a global pandemic.

Future New Normal

Investors will seek information and assurance regarding the adequacy of risk mitigation efforts, including proactive efforts toward ESG.

EVALUATING CULTURE & STRATEGY (including employee engagement)

COVID-19 Impact

As the world moves to working remotely, executive teams and boards are asking different questions. The reality is some cultures are not aligned with corporate strategy. And the gap between culture and strategy becomes even more apparent when employees are working remotely and employee engagement is weak.

Future New Normal

Workplaces are unlikely to fully return to their pre-pandemic state. Now that team members understand remote options are viable, it’s likely they will expect greater autonomy, flexibility, and trust from employers. At the same time, employers need to re-evaluate how they create cultural alignment and support employee engagement.

How Organizational Agility Creates Value

Helping organizations adapt to rapidly shifting conditions and demands is the most important function of today’s Internal Audit teams. The availability of digital tools and techniques has improved visibility into emerging risks and challenges — and how they connect across various areas of the business. But it’s what leaders can do with this information that really counts.

Risks and priorities are evolving faster than ever. Disruption is no longer just a technological concern, but a daily consideration that affects every decision across every department. Internal audit can be the glue that binds teams, leaders, strategies and culture. By providing timely, actionable insight and a global view of the factors that affect the organization on both a macro and micro scale, internal audit is in the unique position to not only identify new and evolving risks, but also has the ability to influence and steward the organization’s timely response.

Download our recent whitepaper for a summary of key questions, red flags, and common mitigations in relation to the most important risk trends identified in this article (plus a few other risk trends not identified above).