A new study finds that internal audit teams may be dedicating too few resources to some of the top risks that organizations face and that the misalignment is likely to continue into the future.
The report, 2024 Focus on the Future, conducted by AuditBoard, a provider of cloud-based platforms for audit, risk, IT compliance, and ESG management, was based on an annual survey of risk management and internal audit leaders across North America. The report reveals a growing gap between risk and assurance teams’ capacity to effectively manage risks and the reality of today’s state of “permacrisis,” an extended period of instability and insecurity marked by one disruptive crisis following another.
In a continuation of a trend identified by the 2023 Focus on the Future survey, the top 2024 risk cited by internal audit leaders is cyber and data security, with more than 80 percent of respondents not only rating this risk highly, but also giving it the top spot for expected audit efforts in 2024.
However, the survey also found risk and internal audit teams are still dedicating fewer resources to addressing some key risks, including two top-ranked risk areas — changing economic conditions (ranked #2), and the ability to attract and retain talent (ranked #3) — that received insufficient audit focus in 2023. This misalignment is expected to continue in 2024.
Other key findings of the report include:
- Some internal audit leaders are delaying critical technology investments in generative artificial intelligence (AI) and automation: 75 percent have yet to implement generative AI in internal audit, only 40 percent have a clear understanding of how AI is used in their organizations, and as few as 25 percent have defined the risks of or created guidelines for the use of AI.
- While previously seen as urgent, ESG risks are now ranked 13th out of 14. This decreasing sense of immediate concern may put auditors in a precarious position if they fail to adequately address increasing ESG risks and anticipated regulatory activities.
- Internal audit leaders are optimistic about receiving more resources in 2024, with over 60 percent of respondents forecasting increased internal audit budgets, and 31 percent planning for larger staff.
The survey also reveals the use of internal audit strategic plans is lagging, with only one in five functions reporting comprehensive, well-documented strategic plans. Without a strategic view of the future, including a clear assessment of strengths, weaknesses, opportunities, threats, priorities, and areas of vulnerability, internal audit may struggle to recognize the necessary actions to ensure organizational success.
“The 2024 Focus on the Future report sounds a clear call to action for organizations confronted with the widening risk exposure gap,” said Richard F. Chambers, AuditBoard Senior Internal Audit Advisor, who authored the report. “Internal audit, with its capacity for foresight and understanding, is uniquely positioned to help organizations navigate these challenges. However, to do so effectively, internal audit leaders must embrace transformational opportunities — prioritizing strategic planning, AI technology adoption and governance, cross-functional collaboration, and high-impact communications.”
Internal Audit and Generative AI Adoption
The “2024 Focus on the Future” report sheds light on the current state of internal audit functions and their engagement with generative AI technologies. The report highlights key findings, challenges, and opportunities faced by internal audit leaders, emphasizing the need for a transformative mindset in the face of evolving risks and technological advancements.
The report reveals that, at the time of the survey, a mere 10 percent of internal audit functions were utilizing generative AI technologies, such as ChatGPT, Domo, and Beautiful.ai. Moreover, a significant two-thirds to three-quarters of internal audit teams had not explored or implemented generative AI in any capacity. This cautious approach, the report suggests, stems from the developing nature of generative AI and the need for internal audit to proceed with care.
The global adoption of generative AI is contrasted, indicating that the technology has proliferated at an unprecedented pace in the broader business landscape. The report stresses the urgency for internal audit functions to catch up with this momentum and be more proactive in engaging with generative AI technologies.
The report identifies a sense of complacency among internal auditors, who, despite the opportunities and threats posed by AI, appear to be largely indifferent. Budgetary constraints, time limitations, and a perceived lack of safety contribute to the hesitation in adopting generative AI. To address this, the report draws parallels with the early days of cloud computing, where initial skepticism gave way to widespread acceptance as organizations learned to leverage its capabilities and safeguards.
Opportunities for Internal Audit
The report underscores the immense opportunities for internal audit in two primary directions: incorporating AI within internal audit processes and providing guidance and assurance to organizations. AI tools, such as ChatGPT, are presented as capacity multipliers that can enhance planning and decision-making. The report encourages internal auditors to educate themselves on AI’s potential, as top talent expects organizations to leverage next-generation AI technologies.
Internal audit is positioned as a key player in helping organizations identify and understand AI’s uses and risks, advise on processes and governance, monitor regulatory progress, and provide assurance on compliance readiness. The report emphasizes that, despite the challenges, internal audit should not delay investing in AI, as it presents a momentous opportunity for the profession.
Collaboration Gaps and Risk Exposure
The report delves into the collaboration between internal audit and enterprise risk management (ERM), revealing that collaboration is limited in many organizations. Only a small percentage of respondents reported coordination on all major aspects of managing enterprise risks. The report identifies the lack of effective methods to consolidate views, differences in risk perspectives, and the need for independence as impediments to collaboration.
Despite few significant impediments, the report suggests that habit and subconscious barriers may be hindering collaboration. Greater alignment and collaboration between ERM and internal audit are deemed crucial to closing the risk exposure gap and effectively monitoring emerging risks.
A Forward-Looking Checklist for Internal Audit
The report concludes with a forward-looking checklist for internal audit professionals to navigate the uncertainties of the future. It advocates for a transformational mindset, impactful communication, extensive collaboration with risk and compliance colleagues, enhanced capabilities in identifying emerging risks, strategic thinking and management, and fearlessness in adopting emerging technologies like AI.
To produce the 2024 Focus on the Future report, AuditBoard collected data from 453 respondents to an online survey conducted in August and September 2023. Respondents were risk leaders, chief audit executives, and internal audit directors in organizations based primarily in North America, representing a diverse group of industries and company sizes. 
Joseph McCafferty is editor & publisher of Internal Audit 360°