As organizations navigate a rapidly changing risk landscape, the latest report, „Risk in Focus 2025,“ authored by the European Confederation of Institutes of Internal Auditing, sheds light on critical issues for internal auditors. With insights gathered from 985 Chief Audit Executives (CAEs) across Europe, the report emphasizes the need for a strategic focus on risk management and technology competencies as key drivers for success in the coming years.
Key Findings and Themes
- Digital Disruption, New Technologies, and AI: This topic has surged in prominence, moving from sixth place in 2024 to a projected second place by 2028. Organizations are increasingly pressured to adopt AI and digital tools, but many lack robust strategies and governance processes to manage the associated risks effectively. As CAEs foresee a 49% expectation for this area to become a top focus for internal audit by 2028, a substantial upskilling of audit teams will be essential.
- Cybersecurity and Data Security: Retaining its position as the top risk, with 83% of respondents identifying it as a top five priority, cybersecurity continues to evolve, particularly with the rise of AI-driven cyberattacks. Internal audits are crucial in enhancing defenses and ensuring compliance with regulatory standards, but the need for continuous improvement in cyber governance remains imperative.
- Human Capital, Diversity, Talent Management, and Retention: This area ranks second among risks, with 52% of CAEs highlighting it as a top concern. Despite its significance, only 28% of internal audit efforts are directed towards addressing human capital risks, indicating a potential misalignment between perceived risks and audit focus.
- Macroeconomic and Geopolitical Uncertainty: This risk has dropped in ranking but remains relevant, with 39% of CAEs identifying it as a top concern. Factors such as geopolitical tensions and economic instability require organizations to incorporate strategic risk assessments into their governance frameworks to navigate complex scenarios effectively.
- Climate Change, Biodiversity, and Environmental Sustainability: Although ranked lower, this topic is gaining traction and is expected to climb in importance due to increasing regulatory pressures. CAEs are urged to enhance their understanding and capability to audit sustainability efforts effectively.
Conclusion
As the landscape of risks continues to evolve, internal auditors must adapt by enhancing their skills and aligning their focus areas with the emerging threats that organizations face. The findings from „Risk in Focus 2025“ provide a comprehensive roadmap for internal audit functions, emphasizing the importance of strategic involvement in risk management discussions at the board level.
This report serves as a vital resource for CAEs, helping them to benchmark their own practices and strategies against the pressing risks identified by their peers. As organizations brace for the challenges ahead, the role of internal audit will be more critical than ever in ensuring resilience and governance across all facets of operations.
For further insights and to explore the full report, it is available here.