Talent risk is increasing in the UK internal audit profession, with not only the pandemic but also Brexit shrinking the workforce, Aaron Wright writes. Wright suggests five questions organisations should ask to gauge talent risk, including whether they maintain staff diversity and whether they plan adequately for a smaller talent pool.
New Your Voices Blogs Available
Do you have the curiosity our Your Voices blogs call for? Internal Auditor magazine's Your Voices blogs provide insightful, practical information for our readers — from staff level to CAE. Both contributors and readers alike say this platform is the perfect place to share unique insights and practices. Read the latest blog posts now.
The Bank of England's Prudential Regulation Authority has sent an open letter to global banks with UK operations that sets the regulator's 2022 agenda as prioritising operational risk, climate change, diversity and the Libor transition. The PRA is particularly concerned with banks' progress on climate risk management, noting it expects firms "to take a forward-looking, strategic and ambitious approach to managing climate-related financial risks".
NEW! CRMA Study Materials Now Available
The updated CRMA Exam Study Guide and Practice Questions, 2nd Edition, compiles comprehensive review material needed to prepare for the new Certification in Risk Management Assurance (CRMA) exam. Crucial information is presented in this one-of-a-kind study guide for each exam domain. Order now!
Canadian Finance Minister Chrystia Freeland and Environment and Climate Change Minister Steven Guilbeault have received a directive from Prime Minister Justin Trudeau to establish a requirement that companies disclose financial information related to climate change. Trudeau wants the requirement based on a framework from the Task Force on Climate-related Financial Disclosures.
Financial institutions in Asia are having difficulty coping with increasingly fragmented data-protection requirements imposed by governments, write Matthew Chan and MJ Park of the Asia Securities Industry & Financial Markets Association. "With the rise in such divergent approaches, an uncertain and constantly shifting regulatory climate is affecting [financial institutions] operating across borders in the interconnected global digital economy, throwing a spanner not only into their external market activities, but also into their inner operations and processes, ranging from customer data and risk management to regulatory compliance," they write.
The EU's data privacy watchdog, the European Data Protection Supervisor, has ordered Europol to delete large amounts of information the law enforcement agency has collected about individuals without proven criminal links. "A 6-month period for pre-analysis and filtering of large datasets should enable Europol to meet the operational demands of EU Member States relying on Europol for technical and analytical support, while minimising the risks to individuals' rights and freedoms," according to a statement from EDPS Supervisor Wojciech Wiewiorowski.
Forty people have been arrested in Turkey and accused of using livestreaming platform Twitch for money laundering. The scheme allegedly involves paying Twitch users with a proprietary Twitch currency, which is purchased with stolen credit cards, then distributing proceeds when the Twitch currency is converted into real money.
French regulator CNIL has fined Google and Facebook for not letting users easily opt out of cookies. Privacy lawyer Agustin Allende says the penalties of €150 million for Google and €60 million for Facebook are insufficient, noting, "Faced with the privacy violations that have supported a business model, their penalties should be set based on a percentage of worldwide sales."
A massive attack that has taken down multiple Ukrainian government websites, including that of the Ministry of Foreign Affairs, has left foreboding messages to "wait for the worst". Dmitri Alperovitch, a cybersecurity expert and co-founder of CrowdStrike, says, "We are also seeing increased cyberintrusions that appear to be intelligence collection for potential execution of a kinetic operation by the Russians."
Russian advanced persistent threat groups have exploited bugs in Microsoft, Oracle and Cisco products to attack critical infrastructure in the US and overseas, according to an advisory from the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency. The advisory says the groups conducted "high-profile cyber activity" on state, local, tribal and territorial agencies and aviation systems in 2020, as well as "multi-stage intrusion" campaigns in the energy industry from 2011 to 2018.
Local media in China report that Walmart is allegedly violating Chinese cybersecurity laws due to "vulnerabilities" in the retail giant's network system that were not quickly remediated. Another claim against Walmart is the removal of products made in Xinjiang from its apps and stores.
A new Global Perspectives & Insights, "Internal audit and compliance: Clarity and collaboration for stronger governance," explains why a clear understanding of roles is critical to effective compliance and independent assurance. It includes analysis on applying the Three Lines Model's Six Principles and practical illustrations from practitioners. Download the report today.
Foundation and Protiviti release new resilience report
The Internal Audit Foundation, in collaboration with Protiviti, has released "Are We Ready? It's Time for Internal Audit to Focus on Resilience Amid Extreme Change." This report helps readers understand business resilience versus business continuity, and how stakeholder and board expectations have changed with recent disruption. It's imperative to learn how internal audit can shift the paradigm of thought to transform the organization and remain resilient. Download your copy of this complimentary research report.