menu
menu
This article originally appeared in our November 6 edition of the Diligent Minute Newsletter. For more insights like these, delivered straight to your inbox, subscribe here.
Cyber threats, AI disruption, and geopolitical instability are reshaping the audit landscape — and 4,000 audit leaders across 131 countries have weighed in. Whether you’re on the internal audit team, serving on your board’s audit committee, or working in partnership with them, the IIA’s 2026 Global Risk in Focus report has insights for you. This year’s edition reveals the key risk areas to focus on and highlights how risk is changing across regions and sectors (with tips on how to achieve compliance with updated internal audit standards).
1.Cybersecurity remains the number one concern for organizations worldwide, with 73% of respondents naming it a top five risk. The threat is especially pronounced in North America and Europe, where more than 80% of organizations put it at the top of their list.
2.Digital disruption, including the rapid adoption of AI, has seen the second largest jump in perceived risk with an increase of 9 percentage points year-over-year. Organizations are racing to implement new technologies, but many are running into infrastructure and skills gaps.
3.Geopolitical uncertainty leapt 10 percentage points globally, now ranking sixth overall. North America saw the sharpest spike (up 19 points), driven by shifting U.S. trade policies and global conflicts.
4.Business resilience (47%) and human capital (43%) round out the top global risks. Organizations are feeling the pressure to shore up supply chains and crisis response capabilities. Meanwhile, talent shortages, wage competition, and generational shifts keep human capital risk firmly on the agenda.
One standout: Regulatory change (41%) is closely linked to geopolitical risk. Where political uncertainty is high, regulatory challenges follow.
I asked Curtis Warfield, experienced public company director, Audit Committee Chair, and former Chief Audit Executive, his thoughts on bridging the risk-to-audit gap. He outlined five steps:
“As an Audit Chair, I see the gaps as driven by limited expertise in emerging areas like AI and digital disruption, audits taking longer than planned, and the need to balance enterprise-wide coverage with limited resources.” says Warfield.
“It’s a risk–reward trade-off,” he goes on. “Sometimes management also has major deliverables in progress, which limits timing for audits. Audit committees can help by understanding these constraints, supporting skills development, and encouraging dynamic adjustments to the plan when new or fast-moving risks emerge.”
“Internal audit should not just police — it should partner,” says Warfield. “The key is alignment with senior leadership so internal audit can help ensure technology risks are managed without slowing innovation.” He adds, “Audit leaders should focus on being strategic partners, not just reviewers, and work closely with the business to embed technology risk considerations into transformation projects from the start.”
Audit committees add the most value when they understand the process behind the audit plan. “Members should take time to learn how the ERM process connects to strategy and how audit allocates time across the risk profile,” advises Warfield. “That understanding makes it easier to have meaningful dialogue about priorities. Regular communication and progress updates help keep the plan dynamic and aligned with emerging risks.”
“Tone at the top is critical,” Warfield emphasizes. “The audit committee and board chair can reinforce that internal audit’s role is not to police management, but to be a strategic partner while maintaining independence. It’s a delicate balance — audit must still provide objective assurance, but it can also offer valuable advisory input on AI governance, risk frameworks, or scenario planning. Clear boundaries and communication make both roles possible.”
Agility starts with alignment. “Everyone should understand the audit process, how it ties to enterprise risk and strategy, and how resources are deployed,” says Warfield. “The audit committee should be willing to adjust its agenda throughout the year for new risks and ensure flexibility in hours and resources to respond to change. That’s how audit and the board can stay proactive and effective in uncertain environments.” Looking to stay ahead of the curve on audit governance? Check out the IIA’s new Center for Audit Committee Leadership. The Center offers audit committee members tailored strategic advice, best practices, and educational resources to help ensure internal audit functions are effectively structured and integrated within your organization’s governance framework.
