As the first anniversary of Russia’s invasion of Ukraine approaches, experts have warned that businesses must prepare for further geopolitical disruption, advising closer working between boards, internal audit and risk functions.

Friday 24 February will mark one year since Russia launched its war against Ukraine and, since then, geopolitical risks have only risen. The Chartered Institute of Internal Auditors (IIA) and Airmic, the professional body for risk professionals, this week launch a report highlighting their concern that businesses “may not be prepared for the next big crisis”.

“If ever there was a time for risk management and internal audit to think the unthinkable, it is now,” the report says.

According to Anne Kiem, chief executive of the IIA, the severity of geopolitical risk is intensifying, but there are lessons to be drawn from the conflict in Ukraine to ensure companies are prepared for the next crisis. And that should mean closer working between business functions. “Internal auditors, working in partnership with risk management, have a vital role to play in supporting organisations’ preparedness for major geopolitical incidents,” says Kiem.

Julia Graham, CEO at Airmic, sounds a warning that companies must instigate more internal cooperation if they are to build “resilience”. “Geopolitical risk is becoming far higher in profile on the risk radar of most businesses and is a board agenda item—one which demands a collaborative response and internal audit professionals.”

Risk in the current environment has been triggered by some significant economic and political shifts. The report highlights signs of “deglobalisation,” following a long period of trade liberalisation. The US and China appear to be in the process of “decoupling” their economies, raising the possibility that the world could be realigning into several blocs with differing reserve currencies, payment systems and regulatory regimes.

And the rise of popular politics, combined with Russia’s attack, raises the spectre of wider conflict.

Closing the stable door

One political analyst notes for the report that global stability over the past three decades has given many leaders a false sense of security. “A whole generation had grown up since the 1990s, when international interaction was basically a free ride. There was no great power competition. The US navy ruled the waves. People thought China was going to go capitalist. The last five years have shown the fallacy of all that thinking.”

The report insists that geopolitical risk does not sit in a silo but “exacerbates and intensifies” other risks, such as those affecting supply chains, legal and compliance, reputation, financial liquidity and cyber security.

Organisations should be involved in more “scenario planning and horizon scanning”. Internal audit, risk management and boards should be more attuned to—and ready to respond to—“once-in-a-generation-events”, it says.

Richard Chambers, a former president of the IIA, says: “Boards should be looking to both their internal audit and risk management functions to get assurance that their scenario planning processes for geopolitical events are robust—in the new era of geopolitical uncertainty, collaboration is key.”