GUEST BLOG POST –
On the road to growth, new disruptions have challenged boards and senior executives to stay on track and prevent teams from spinning out during any sharp turns the business needs to make.
Internal auditors are helping organizations drive faster by tapping the brakes when necessary and suggesting guardrails as they adapt to emerging risks, regulatory starts and stops, and the realities of artificial intelligence.
But there’s a problem. Internal audit teams have had a high pain tolerance in the past for completing manual tasks with antiquated, disconnected tools like spreadsheets and email. In a world moving at the speed of AI, this disjointed process is no longer sufficient and can lead to costly delays in identifying emerging risks, testing controls, or fully realizing AI’s benefits.
Expectations of internal auditors will evolve. To meet the moment, the internal auditors of the future will be:
- Measuring themselves against outcome-based key performance indicators tied to business goals for the top or bottom line, not necessarily the volume of tests performed or instances of non-compliance uncovered
- Building the foundation for meeting regulatory scrutiny of both financial and non-financial data in disclosures
- Doubling down on a culture of continuous learning as artificial intelligence rapidly advances, so their organizations become more data and AI fluent, not just literate
- Empowered by tools to help them meet new expectations
Is your internal audit team prepared for it? Ready or not, these times are ripe for this evolution.
Where We Are Today
Board directors and CEOs are navigating a number of challenges, including cybersecurity threats, geopolitical disruptions, regulatory shifts (such as climate-related reporting requirements), and the need to adapt to rapid advances in artificial intelligence.
AI holds great promise for helping companies respond faster to each of these challenges but only if it works within proper guardrails and only if the underlying data that feeds AI is reliable. Responding to cybersecurity threats, geopolitics, regulations, and AI could each lead to changes in day-to-day processes or work, which may necessitate changes in controls.
For example, some jurisdictions have mandated assurance-ready disclosures on greenhouse gas emissions. Institutional investors are seeking similar information, with 94 percent in a recent survey saying they consider environmental, social, and governance factors in their investment decisions. As a result, teams are building controls over sustainability reporting as well as financial reporting.
Internal audit and risk managers can use their expertise to guide teams through updating those processes and controls. They also are in a strong position to work with chief information officers on a unified governance strategy across financial and non-financial data, so that AI has quality “fuel” to use.
“New technology introduces new data tools and sources, but if not properly managed, the sheer volume of information may pose privacy and accuracy concerns,” says Eduardo Rendon, chief audit executive of Tecnologico de Monterrey, a research university based in Monterrey, Mexico. “By leaning on internal audit to ensure robust data governance, management can proactively mitigate threats like AI-fueled deep fakes or misinformation.”
For each challenge, a proactive, technology-savvy internal audit function can serve as a strategic advisor to board members, CEOs, and other senior executives. This description of the internal audit function shouldn’t surprise you.
Four Ways the Internal Audit Role Has Evolved
The stereotype of an auditor as a cop on the beat, hunting for any and all instances of non-compliance has been falling away. The new expectations for internal auditors are pushing them to be:
- More value-oriented rather than compliance-oriented, focusing on systemic, organizational risks that can lead to high costs or affect the company’s long-term viability.
- More forward-looking rather than reactive, using advanced data analytics and AI to identify patterns and future risks.
- More holistic in approach, focusing on not just finance but a number of operational areas including IT, human resources, and sustainability for example.
- Adaptable and proponents of a culture of continuous learning as market conditions, risks, technology, and business contexts evolve.
The Skillset of Tomorrow’s Internal Auditor
The internal auditor of tomorrow will have a mix of skills, not necessarily all derived from a background in finance or accounting, including:
- Business acumen
- Analytical and critical thinking
- Technological proficiency
- Communication and collaboration
- Adaptability
- Risk management experience
- AI literacy and, eventually, fluency
What Internal Auditors Need from Business Leaders
Through this evolution, leadership must adapt how they support internal audit and risk managers. Due to tough business conditions, internal auditors have often been pressured to manage a growing universe of risk and responsibilities without any increases in staff.
Leaders should empower internal auditors to use AI to automate time-intensive tasks (like making a first attempt at identifying gaps in control coverage or documentation, designing flowcharts, or writing first drafts of policies), so they have capacity for the work that needs their specialized attention.
This requires a willingness to invest in technology after years of under-investment in the back office.
A recent survey of finance, risk, and audit professionals found the digital finance transformation projects they were prioritizing in 2026 were automating data collection and validation (45 percent) and strengthening data governance across teams (34 percent). All are critical for strengthening the quality of data that will be used to make decisions, fuel AI, appear in disclosures, and potentially be subject to third-party assurance.
While overall budgets may be stretched, 71 percent of the survey respondents said they have dedicated budgets for transformation projects. Innovations large and small can help internal auditors and risk managers save hours of needless frustration and extra work.
Cloud-based platforms and generative AI, increasingly embedded in purpose-built audit solutions, are already facilitating unified data governance, automating manual processes, and helping auditors analyze, summarize data, and draft recommendations faster. Further innovations like blockchain technology promise to simplify transaction verification. The journey requires a commitment to invest in talent and technology to free up capacity for strategic work.
If the challenges of 2026 are a long road trip, internal auditors are ready to take their turn at the wheel. 
Graeme Fleming is an Industry Principal for internal audit and risk at Workiva, which provides next generation governance, risk, and compliance software. Graeme has more than 25 years of experience across internal and external audit, corporate governance, risk management, and internal control design.