Businesses must take action to weather geopolitical storms
Feb 23, 2023
As the one-year anniversary of the war in Ukraine approaches, Chartered IIA is urging business leaders to prepare for further geopolitical incidents as global pressures rise.
Organisations need to face the challenges of ongoing geopolitical disruption by prioritising action, according to the Chartered Institute of Internal Auditors (Chartered IIA), amid concerns that businesses may not be prepared for the next big crisis.
With this Friday 24 February marking the one-year anniversary of the war in Ukraine, a new report Navigating geopolitical risk, published by Chartered IIA and non-profit organisation Airmic in partnership with AuditBoard, is encouraging boards, internal audit and risk management to work closer together to tackle the risks associated with geopolitical events.
“Business leaders need to look further over the horizon, but not be frozen into inaction by what they find, and they need to take time to assess the velocity and the nature and impact of change heading their way. While understanding these dynamics will not solve anything, achieving greater clarity about risks and their potential effects will make it easier to create appropriate interventions and to build a more resilient business,” the report says.
However, outside of highly regulated industries such as the financial services sector, expertise in geopolitics tends to be less well developed and there is a sense in some quarters that senior management tends to be led by instinct, which could often be wrong, the report warns.
“It takes a certain maturity for the organisation to think about things that could go wrong and spend time discussing it. Many organisations have literally been in a perpetual state of crisis management since the pandemic. During such a polycrisis, most organisations would be fixated on immediate operational challenges. They may not have the luxury of time or resources to devote to such discussions,” the report says.
With internal audit having a direct line to the audit committee, and risk management having a direct line to the risk committee, both internal audit and risk professionals have vital roles to play to ensure greater resilience from geopolitical events, the report warns.
The report makes several key recommendations for boards, internal audit and risk management, including:
Boards, internal audit, and risk management must recognise geopolitical risk as a strategic risk to the business: geopolitical risk does not sit in a silo, but exacerbates and intensifies myriad other business-critical risks, such as supply chains, legal and compliance, reputation, financial liquidity and cyber security.
Scenario planning and horizon scanning are key to preparing for geopolitical risk: organisations must resist the temptation to be events-led and retain agility for when crises strike. But agility is not a licence for them to improvise their response on the fly. They need to constantly challenge, stress test and update all baseline assumptions about the likelihood and impact of the risks they could face.
Boards, internal audit, and risk management must be agile in responding to ‘once-in-a-generation events’ occurring with regular frequency: the new era of geopolitical uncertainty calls for organisations to be agile in responding to crises and be in a permanent state of readiness.
Boards, internal audit and risk management must work more closely together as partners in geopolitical risk governance: key to this is sharing intelligence and rendering it relevant to the organisation.
Internal audit and risk professionals must speak up and say the unthinkable on geopolitical risk and potential scenarios: they should do this even if this risks them being unpopular with the board. The bigger risk is of senior management or the board turning around and saying: ‘Why didn’t anyone see this coming?’.
“Business leaders must learn lessons from the conflict in Ukraine by making sure they are properly prepared for the next big crisis that could be coming down the track,” says Anne Kiem OBE, Chief Executive, Chartered IIA. “Internal auditors, working in partnership with risk management, have a vital role to play in supporting organisations’ preparedness for major geopolitical incidents.”
Despite sitting high up on risk registers, the effort and time spent in managing and assessing geopolitical risks remains very low, according to IIA analysis. The report suggests the best way to tackle geopolitical risk is to have conversations and to get different views, voices and opinions. However, it warns that those lacking expertise or knowledge in geopolitics may feel inadequate for the task of prioritising and preparing their organisations for them.
ICAEW’s Director of Corporate Governance and Stewardship, Peter van Veen, believes that no matter how much advice there is to help businesses navigate the current, challenging geopolitical environment, “it cannot make up for a lack of preparation for significant eventualities when they unfold”.
“Boards, as well as their audit and risk committees, should satisfy themselves that the company has a scenario planning process in place to identify strategic risks and opportunities,” he adds. “They should also confirm that the business has a range of contingency plans and strategic options in place.”
ICAEW recently published a Scenario Planning Guide for Boards in collaboration with leading experts from Oxford University.