Article

Internal audit’s role in mitigating tomorrow's risks

From GenAI to workforce shifts – key trends shaping IA in 2025

In today’s volatile geopolitical environment, organizations face a multifaceted landscape of evolving regulations, emerging technologies, and shifting workforce dynamics. With the launch of the new Global Internal Audit Standards, internal audit functions must demonstrate agility and foresight to thrive in this shifting paradigm. Key challenges—ranging from leveraging generative artificial intelligence (GenAI) to combating fraud, motivating talent, and fortifying cybersecurity—demand strategic and proactive approaches. By addressing these challenges, organizations can not only mitigate risks but unlock untapped opportunities.

Our Global internal audit hot topics 2025: Risks and opportunities looks at internal audit’s role in 16 topical and relevant areas including the use of GenAI in internal audit, fraud risk management, motivating the workforce, and cybersecurity.

Global internal audit hot topics 2025: Risks and opportunities

Explore key risks and opportunities

${column1-large-text}

Purpose and strategy

The new Standards emphasize aligning internal audit with organizational purpose for maximum impact. Deloitte’s Internal Audit 4.0 framework reveals that while 82% of functions report increased impact, only 14% believe they’ve realized their full potential. Functions must refine their purpose, build strategies aligned with organizational objectives, and ensure technological enablement to stay relevant and effective.

Learn more

${column2-large-text}

Leveraging the new Standards

The Standards, effective January 9, 2025, demand readiness. Key actions include updating charters, methodologies, communication frameworks, and training plans. Many functions are leveraging this opportunity to redefine their purpose, ensuring alignment with broader organizational goals. The window to finalize preparations and demonstrate compliance is closing quickly, making immediate action essential.

${column3-large-text}

Fraud risk management

Fraud, the most common global criminal offense, demands a proactive approach. Internal audit must shift from a watchdog to a guardian role by enhancing fraud detection, leveraging AI and analytics, addressing human factors, and adapting to new regulations. With tangible savings at stake, fraud prevention is critical to safeguarding financial and reputational integrity.

Download the report

${column4-large-text}

Privacy risk management

Organizations face increasing challenges in GDPR compliance due to evolving regulations and data complexity. Common penalties involve processing violations, cookie misuse, and delayed access request responses. Emerging risks include AI-related privacy concerns, cloud reliance, and consumer awareness. Effective privacy management protects individuals’ rights, builds trust, and mitigates financial penalties.

Download the report

Three primary enterprise service delivery goals

${column1-large-text}

People strategy and coaching

Internal audit is fundamentally a people-driven function. Developing skills like critical thinking and emotional intelligence, while addressing burnout and retention, is crucial. High-performing teams embrace a “learn, do, teach” culture with 50-75 training hours per auditor. The new Standards prioritize aligning training with organizational needs to foster continuous learning and digital enablement.

Learn more

${column2-large-text}

Motivating the workforce

A motivated workforce is essential for productivity and risk mitigation. Internal audit can drive engagement by addressing hidden risks, bridging gaps between mission statements and workplace reality, and fostering a culture of communication and growth. A motivated team enhances governance and strengthens organizational performance.

${column3-large-text}

Risk culture

Organizations with a robust risk culture outperform peers by building trust, appealing to stakeholders, and ensuring sustainability. Transforming culture requires a conscious, structured approach, utilizing tools like design thinking, agile execution, and culture enablement coaching to foster alignment and resilience.

Download the report

${column4-large-text}

GenAI

GenAI is revolutionizing internal audit by enhancing efficiency across audit cycles—risk assessment, planning, reporting, and issue tracking. Advanced applications include automated resource scheduling and personalized learning. With nearly 40% of CAEs planning GenAI investments, internal audit must integrate AI to boost quality and adapt to changing demands.

Download the report

Three primary enterprise service delivery goals

${column1-large-text}

Data analytics and process mining

Data analytics empowers internal audit to detect anomalies, improve audit quality, and enhance efficiency. Process mining, a tool used by advanced functions, reveals deep process insights. With 62% of functions planning investments, analytics is becoming a cornerstone for robust auditing in the digital age.

Learn more

${column2-large-text}

Cybersecurity

Cyberattacks bring severe operational, financial, and reputational risks. Organizations must prioritize robust security frameworks to counter evolving threats. The cybersecurity skills gap remains a challenge, with recruitment expected to increase. Strengthening skills and frameworks is essential for organizational resilience.

${column3-large-text}

Technology and digital governance

Effective digital governance is critical to balancing cost reduction, innovation, and risk management. Organizations must adhere to frameworks like ISO/IEC 38500:2015, prioritize IT investments, and maintain leadership oversight to drive measurable value and align technology with strategic objectives.

Download the report

${column4-large-text}

Operational resilience

Resilience is critical across industries, extending beyond compliance to long-term capability. Integrating climate risks, geopolitical threats, and technology into resilience planning ensures operational sustainability. A holistic approach to resilience—spanning reputational, technological, and financial aspects—is essential for success.

Download the report

Three primary enterprise service delivery goals

${column1-large-text}

Cloud computing

Cloud adoption is transforming organizations but presents risks like over-reliance on providers, cybersecurity concerns, and inefficiency. With 30-40% of cloud spending wasted, cost optimization is key. Internal audit must assess cloud risks, implement continuous assurance models, and develop specialized audit procedures.

Learn more

${column2-large-text}

Third-party risk management (TPRM)

Third-party risks are increasing in volume, speed, and complexity. Mature TPRM practices focus on trust, transparency, and compliance. Internal audit must address cyberattacks, supply chain disruptions, and geopolitical challenges while integrating ESG considerations into frameworks.

${column3-large-text}

Sustainability

Regulations like CSRD, ISSB, and the SEC’s Climate Disclosure Rule demand greater transparency in sustainability practices. Organizations must prepare integrated reporting processes to comply with emerging standards. Early adoption, proactive planning, and a focus on accountability are critical for long-term success.

Download the report

${column4-large-text}

Digital regulation

Digital risks like scams and online harms are driving stricter global regulations, including the EU Digital Services Act and AI Act. Organizations must demonstrate compliance through transparent audits and cost-effective programs. Data sovereignty and protection remain key focuses in this evolving landscape.

Download the report

Navigating 2025 and beyond

Internal audit functions must evolve to address new risks and opportunities, providing assurance and timely insights. Collaboration, strategic thinking, and continuous adaptation are essential to navigate today’s complex risk landscape.

Deloitte is committed to helping your IA function navigate the challenges and seize the opportunities for growth and efficient. Contact us today to discuss how we can help your organization thrive in this dynamic environment.

Contacts

Sarah Fedele

Principal | Deloitte Risk & Financial Advisory

sarahfedele@deloitte.com

+1 713 982 3210

Sarah leads the US Internal Audit (IA) practice within Deloitte Risk & Financial Advisory and is a member of Deloitte’s Global Internal Audit executive team. In these roles, Sarah and her teams are hy... More

Michael Schor

Global Advisory Leader for Bank of America

mschor@deloitte.com

+1 212 436 6208

Michael is a partner in Deloitte & Touche LLP’s Risk & Financial Advisory practice, where he focuses on advising our domestic and international clients on matters of internal controls, including infor... More

Neil White

Principal | Deloitte & Touche LLP

nwhite@deloitte.com

+1 212 436 5822

Neil runs Deloitte’s Center of Excellence and is globally responsible for Internal Audit Analytics, addressing analytics for risk dash-boarding, continuous controls monitoring, fraud, and forensics an... More

Peter Astley

Partner, Risk Advisory

pastley@deloitte.co.uk

+44 (0)20 7303 5264

Peter focuses on the provision of Internal Audit, Risk Management and other control and assurance related services to the Corporate Sector. He is the firm’s Global and EMEA lead Internal Audit Partner... More

Contacts

Chris Dicks Global IA Growth Asia Pacific Leader +86 10851 25825 chdicks@deloitte.com.cn	David Tiernan Global IA Advisory Lead +44 113292 1520 datiernan@deloitte.co.uk
Diego Henriquez Global IA Chief of Staff +1 225 937 0204 dhenriquez@deloitte.com

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Insert Custom HTML fragment. Do not delete! This box/component contains code that is needed on this page. This message will not be visible when page is activated.
+++ DO NOT USE THIS FRAGMENT WITHOUT EXPLICIT APPROVAL FROM THE CREATIVE STUDIO DEVELOPMENT TEAM +++

Viewing offline content

Internal audit’s role in mitigating tomorrow's risks

From GenAI to workforce shifts – key trends shaping IA in 2025

Explore key risks and opportunities

${column1-large-text}

Purpose and strategy

${column2-large-text}

Leveraging the new Standards

${column3-large-text}

Fraud risk management

${column4-large-text}

Privacy risk management

Three primary enterprise service delivery goals

${column1-large-text}

People strategy and coaching

${column2-large-text}

Motivating the workforce

${column3-large-text}

Risk culture

${column4-large-text}

GenAI

Three primary enterprise service delivery goals

${column1-large-text}

Data analytics and process mining

${column2-large-text}

Cybersecurity

${column3-large-text}

Technology and digital governance

${column4-large-text}

Operational resilience

Three primary enterprise service delivery goals

${column1-large-text}

Cloud computing

${column2-large-text}

Third-party risk management (TPRM)

${column3-large-text}

Sustainability

${column4-large-text}

Digital regulation

Navigating 2025 and beyond

Contacts

Principal | Deloitte Risk & Financial Advisory

Global Advisory Leader for Bank of America

Principal | Deloitte & Touche LLP

Partner, Risk Advisory

Contacts

Recommendations

Link your accounts

You previously joined My Deloitte using the same email. Log in here with your My Deloitte password to link accounts. | | Deloitte users: Log in here one time only with the password you have been using for Dbriefs/My Deloitte.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.