Internal Audit’s Expanding Role: The Foundation for Connected Risk

Risks have changed dramatically over the past five years. COVID transformed how many businesses provide their customers with goods and services. Geopolitical events continue straining supply chains. Regulatory requirements are increasing in complexity and velocity, requiring more resources to become compliant. Rapid technological advances (including generative AI) bring new opportunities for organisations to succeed while also introducing new risks and threats.

Unfortunately, this unprecedented risk landscape — characterised by pervasive uncertainty, ambiguity, and volatility — is coupled with a lack of capacity within most organisations to manage these risks to an acceptable level. This mismatch between increasing risk demand and insufficient risk management capacity creates what we call the risk exposure gap. To address this, many are looking to their internal audit teams for help.

So, how can your organisation enhance resilience in a volatile risk environment when traditional audit and SOX work dominates your capacity? Connected risk – a modern, cross-functional approach to managing risk across the enterprise – promises to connect teams, unify data, and automate processes.

In this report, Internal Audit’s Expanding Role: The Foundation for Connected Risk, you’ll find a blueprint to discover the untapped potential of your internal audit function, including how to:

• Benchmark your team’s time allocation against organisations of a similar size.
• Address the two key areas CAEs aim to expand efforts on by 2026.
• Apply strategies to optimise internal audit activities and reduce time spent on SOX.
• Master the four cornerstone projects that build the foundation for connected risk.
• Gain actionable insights on quick wins to organise, connect, and coordinate risk efforts.