2020 AWITAC Hero

Monday, September 14
9:00 AM – 5:00 PM



9:00 AM – 9:15 AM
Chair’s Opening Remarks
Tim Berichon, Director of Chief Audit Executive Services, The Institute of Internal Auditors, and former Chief Audit Executive, Cooper Tire & Rubber Co.


9:15 AM – 10:15 AM
Understanding, Aligning, and Optimizing Risk: Results of the IIA OnRisk 2020 Report

OnRisk 2020 brings together the perspectives of the board, executive management, and chief audit executives (CAEs) on the risks that are top of mind for 2020 and beyond. Based on quantitative and qualitative surveys, the report lays out how each respondent group views key risks. Respondents shared their perspectives on their personal knowledge of the risks and their views of their organizations’ capability to address the risks. The most innovative and powerful benefit OnRisk 2020 offers is a studied analysis of how those views differ and what that means to an organization’s risk management. This session will offer insight and key takeaways on the results of the report.

  • Top risks that organizations are facing this year
  • Examining misalignment between how different stakeholders view risks
  • Why some industries are lagging in adopting systemic approaches to risk
  • The unique challenges related to risks around cybersecurity and data protection

10:30 AM – 11:30 AM
Risks Related to Business Continuity and Crisis Response

As the coronavirus outbreak and pandemic demonstrates, organizations face significant existential challenges that can crop up virtually overnight. From cyber breaches and natural disasters to reputational scandals and succession planning. Risks related to business continuity challenge the organization’s abilities to prepare, react, respond, and recover to crises. During this session we will examine how organizations approached business continuity and crisis response in light of the recent crisis and how it has prepared them going forward, as well as OnRisk 2020 respondents views on risks related to business continuity.


11:30 AM – 12:30 PM
Communicating Risk to the Board

One of the top findings of the OnRisk 2020 survey is a disconnect in some areas on how board members view top risks and how management, including CAEs do. For example, the survey found that board members are consistently more optimistic about their organizations’ capability to address key risks than members of executive management are. For some risks, board member views on capability were dramatically higher than those of executive management or CAEs. Taken together, these findings raise questions about how boards build their views on capability, and how this affects decisions that drive risk strategy. In this session, we’ll look at communicating top risks to the board and discuss strategies on how to improve alignment on risk.


1:30 PM – 2:30 PM
Insights from the 2020 Pulse of Internal Audit Study: Critical Gaps in Risk Coverage

The 2020 Pulse report, based on input from more than 600 internal audit executives, includes in-depth analysis of key risk and audit plan allocation trends, including breakouts for organization types, which audit leaders and stakeholders can use to benchmark against those of their peers. Among the biggest findings of the report is that these side-by-side comparisons show the stark difference between how CAEs view risks and how internal audit resources are allocated. For example the survey finds that the number of CAEs who rated cyber-risks, third-party relationship risk, and IT risks high or very high increased dramatically. However, audit plan allocations did not reflect a similar urgency, as they evolved gradually. During this session we will look at these disparities and other insights gleaned from this wide study of the internal audit profession and practices.


2:45 PM – 3:45 PM
Focus on Cybersecurity and Data Privacy Risks

At the top of nearly every survey on the risks that are most concerning to organizations sit those related to cybersecurity and data privacy. The growing sophistication and variety of cyberattacks continue to wreak havoc on organizations’ brands and reputations, often resulting in disastrous financial impacts. Cybersecurity risk examines whether organizations are sufficiently prepared to manage cyber-threats that could cause disruption and reputational harm. More recently, risks related to data security and privacy are challenging cyber-risks as the most concerning to boards and organizations. Data privacy concerns are growing as investors and the general public demand greater control and increased security over personal data. This session will examine the risks related to cybersecurity and data privacy in greater detail, consider the unique challenges that they each present, and facilitate a discussion of strategies for managing them.


4:00 PM – 5:00 PM
PANEL – Summary of the OnRisk 2020 Summit and Discussion of Key Learnings
Moderator: Tim Berichon, Director of CAE Services, The IIA