It’s hard to turn on the news these days without hearing murmurs about the dreaded “R” word. And let’s be honest, 4000+ point drops in the DOW, not to mention routine daily 500+ swings tend to put people a bit on edge. Combine that with a climate of rising interest rates, concerns about a trade wars and government shutdowns, and it’s no wonder why people are nervous. It should be noted, however, that balancing those concerns are an economy that is still growing, and an unemployment that finished the year at 3.7 percent.
But alas, the point of this blog post is not to predict the economic future – I’ll leave that to others more qualified – but rather to ask the relevant question: How would a downturn impact the Audit, Governance, Risk, and Compliance profession?
And here is the good news: the answer is virtually not at all. I base my analysis on a few factors.
History is our friend: We are now 10 years removed from the onset of the Global Financial Crisis, and what we hope is the most significant economic event most of us will experience in our lifetimes. Even during such a monumental event, there was very little impact to Internal Audit, Risk, and Compliance functions in industry. While Internal Audit or Compliance departments may have in some cases had to let go of one or two resources – typically in a scenario where a company might have an across the board cut – we don’t recall having witnessed any large-scale layoffs in these areas in industry. If fact just the opposite is true; the profession continued to expand during these years.
While we did see significant rounds of RIFs from the Big 4 and other public accounting firms, that was largely driven by leadership failing to anticipate the falloff from SOX revenues due to companies taking SOX in-house, controls rationalization, and the increased use of automation. These same public accounting firms seem a bit more insulated today, having diversified their practices with the significant expansion of areas like SOC reporting, cybersecurity consulting, GDPR/privacy, and data analytics, to complement revenues from external audit, SOX, and internal audit co-sourcing.
Pervasive talent shortage continues: The unemployment rate for Audit and GRC professionals tends to run a good four to five percentage points lower than the general rate. That means that if the unemployment rate for the economy as a whole is 3.7%, it is likely negative 1-2% for the Audit and GRC space. This shortage is even more profound on the technology side where a massive expansion of the cybersecurity, IT Risk, and IT Compliance space has led to critical shortages of talent. In other words, even a significant uptick in the overall unemployment rate would not likely make much of a dent in the market for Audit and GRC professionals.
Compliance requirements continue to demand resources: While there has been some trimming back of Dodd-Frank, it seems to have barely created a ripple. My friends at the large banks will tell you that there is certainly no shortage of regulators “getting all up in their business” of late. We have also had the addition of GDPR, to be followed by more domestic privacy legislation. Finally, one would expect that a Democratic majority in the House should put a major crimp in the administrations plans for more regulatory rollback.
The creation of many new companies has resulted in expansion of the profession(s): Over the past 10 years we witnessed the birth of literally hundreds of new companies, spurred by growth in cybersecurity, cloud computing, fintech, social media, and app-driven businesses. Unlike the original dot.com boom, however, a much higher percentage of these companies have thrived, and some have grown into multi-billion-dollar enterprises. As those companies grow, so too grows their governance maturity, resulting in more jobs in Audit, Compliance, and Risk Management.
In short, barring an economic event of cataclysmic proportions, qualified Audit, Compliance, and Risk professionals have little to worry about, and can look forward to a bullish year ahead.
In particular, the market for quality candidates at the Senior Auditor or Manager level (and their equivalents in other silos) will continue to be tight, and companies should expect to continue to have to compete for talent. Technical IT Auditors and cybersecurity professionals will continue to be in extreme short supply and should continue to command a premium in the market. This will pose a challenge for companies that seek that talent but lack enough flexibility in their level/bands to accommodate the higher price tag.
In financial services, we have seen a slowing in the growth of 2nd Line Compliance and Risk functions of a few years ago, as most larger institutions have made significant headway in building out more robust Risk and Compliance organizations sought by the regulators. But we still expect to see competition for high quality talent, especially in the major financial centers, and we anticipate continuing to see an increase in Risk roles in 1st line of defense.
H1B Visa questions: Over the past two years, the administration has targeted the H1B visa program as part of it’s overall anti-immigration stance. While much of the rhetoric has been talk without action, one area that has been impacted is Premium Processing for H1B visa transfers. Premium Processing was suspending for good portion of 2017, then reinstated, then suspended again this past April. It is now scheduled to resume in February of 2019.
Premium Processing is important in that it reduces the time to process an H1B visa transfer to approximately 2-3 weeks (a time frame the most companies are willing to wait for a quality candidate); without Premium Processing, that same transfer can take 4-6 months. If Premium Processing is reinstated in February, candidates with an H1B who are contemplating a move should look to take advantage of the open window, as it is anyone’s best guess for how long it will remain open. This is also an opportunity for companies to consider additional talent for their open positions.