Risk management teams innovated and adjusted – and in a hurry – during the mass migration to the remote work environment. Unfortunately for some organizations, this innovation took place amid cost-cutting measures. The Institute of Internal Auditors found 36% of organizations cut their internal audit budget in 2020. Similarly, controls related to information technology might have been challenged by the fact that upwards of 79% of IT departments had downsized their teams during 2020 due to budgetary constraints. Additionally, the remote work environment has changed many control attributes.
Positives may have come from this dynamic of more need for risk control to be met with fewer resources; of the companies that cut IT staff for example, 89% noted that they accelerated their digital transformation efforts to keep pace with their evolving needs.
For risk management, the emphasis on digital transformation was already well underway before the pandemic and may be even more of a focus now. This makes rebuilding the teams whose budgets were cut that much more challenging because the need for technical skills was an issue in the best of times and is vital today.
Our article takes a closer look at what was happening, the technical skills landscape now, and solutions to help teams fill talent and knowledge gaps.
Internal Audit and Risk Management Evolution is Already Afoot
The field of internal audit has evolved rapidly over the past several years. Everyday technology used, such as Governance, Risk and Compliance tools (GRC) data analytics and automated controls testing, even the basics such as virtual communication with Zoom or Microsoft Teams, has given the internal audit function a much-needed overhaul. While many of these technological updates are moving the profession forward and creating efficiency, the professionals who complete the work must also adapt.
For some risk management professionals, the rapid technology changes and shifts in how internal audits and other risk management functions are conducted gave them pause. These seasoned professionals may have opted to retire or change fields rather than adapting and developing new skills needed to meet today’s risk management standards. The early exit of later-career individuals has not been made easier by a growing disinterest in internal audit among younger professionals. Those who are qualified may find that the role as it is today, technology-heavy and geared towards efficiency, isn’t appealing. Both of these shifts have created a longstanding talent shortage for the internal audit function.
Other functions within risk management, particularly on the IT side, face a different type of talent shortage concern. Before the pandemic, cybersecurity experts predicted a shortage of cybersecurity professionals – 3.5 million – by 2021. Now that 2021 has arrived, companies are feeling the talent crunch as they race to find qualified staff to help protect hybrid work models and secure remote access to key data.
Filling the Risk Management Talent Gaps
There are a couple of different approaches to filling talent gaps within your risk management function. The first is by expanding your search for professionals. Because remote work capabilities have been enhanced over the past two years, you may be able to look in new markets for qualified staff to round out your team. Workers and employers are both accustomed to the possibility of work without being physically present in an office building and have made the investments to support seamless integration of fully remote workers that may not have been within the realm of possibility in the past.
Another build-the-bench strategy is through co-sourcing or outsourcing the risk management work you need to be completed. Looking externally may be particularly appealing if your need is more short-term because it allows you to scale a team up or down as needed. For example, an information security team can be brought on to oversee a project or address leadership teams’ requests to do a comprehensive information security assessment. Or an internal audit team can be brought in to supplement staff while internal audit procedures are underway.
Navigating Risk Management Workforce Changes
Now is a rare opportunity for many organizations to restructure their risk management approach with the future in mind rather than focusing on the current state of work. While the immediate needs of organizations may vary, the long-term effects of a changing workforce will be felt for years to come. Investments made today could make future innovation – and digital transformation – easier to achieve.
For more information on how to navigate resource limitations and fill talent gaps, click here to read our eBook. To connect with someone about specific risk management needs, click here to contact us.
Copyright © 2021, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly-traded and privately-held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).