Risk in Focus 2026: Three Trends Auditors Can’t Ignore

Share

Summary

Deborah Puian and Brian Trembley discuss the top three risks from the 2026 North American Risk and Focus Report: geopolitical uncertainty, digital disruption, and cybersecurity. They explore why these risks are increasing, how internal audit can address difficult-to-audit areas, and how to leverage the report to foster more effective conversations with leadership.

Highlights

Introduction to the 2026 North American Risk and Focus Report
00:00:02

The Institute of Internal Auditors presents an episode discussing the top three risks from the 2026 North American Risk and Focus Report: geopolitical uncertainty, digital disruption, and cybersecurity. Deborah Puian and Brian Trembley delve into the reasons behind these rising risks, effective auditing approaches for complex areas, and how to use the report to engage with leadership.

Geopolitical and Macroeconomic Uncertainty
00:02:38

Geopolitical and macroeconomic uncertainty saw a significant increase in risk levels in North America, with 45% of respondents identifying it as a top five risk. However, it was rarely among the top five areas for time and effort spent by chief audit executives (CAEs). Internal audit can address this by assessing organizational resilience, impact on supply chains, and liaising with enterprise risk management functions.

Digital Disruption, Including AI
00:07:11

Digital disruption, including AI, has seen a steady rise as a significant risk, with over half of CAEs identifying it as a top five risk. Audit priority for this area is also increasing. Brian emphasizes that while technology is fascinating, its core lies in lines of code, and basic technology audit principles like access and change control remain crucial. Internal audit needs to deeply understand new technologies and help organizations be vigilant in assessing risks and opportunities, rather than merely adopting new software because it's novel.

Cybersecurity and its Interplay with New Technologies
00:12:52

Cybersecurity remains the highest-rated risk in North America, with 86% of CAEs identifying it as a top five risk and 78% spending significant time on it. AI and other disruptive technologies enhance both cyber defenses and attack vectors. The recent first AI-native cyber attack highlights the critical need for robust basic controls, patch and vulnerability management, and incident response planning within organizations and their third-party networks. Internal audit needs to move beyond mere assessments to deeply understand technology and its associated risks.

Conclusion: The Importance of Deeper Understanding
00:18:03

To effectively address these complex and evolving risks, internal audit must commit to a deeper understanding, going beyond surface-level assessments. This involves gaining technical expertise, either within the team or by leveraging external resources, to strategically evaluate the impact of these risks on the organization as a whole. The IIA's Risk and Focus reports are valuable tools for starting these crucial conversations with stakeholders.

Recently Summarized Articles

Loading...