As the calendar year draws to a close, Internal Auditors find themselves in a particularly busy season.
Chief Audit Executives and their leadership teams are finalizing year-end risk assessments and preparing to present proposed audit plans for 2025.
Meanwhile, Internal Audit staff, seniors, and managers are diligently working to complete as many audit projects as possible before the holiday season begins.
As we immerse ourselves in year-end responsibilities, it would be wise to find time to pause and reflect on 2024.
Consider not only your personal and team achievements but also the transformations that occurred this year—in our work methods, our companies' successes, and the areas where our leaders most need their Internal Audit and SOX teams’ support.
But moreover, we should also spend time reflecting how these changes and victories will shape your future role as an Internal Auditor, and the impact your team can have in 2025.
Given my incredible opportunity to meet, network, and collaborate with numerous Internal Audit teams and their leaders, I'd like to share six trends I foresee shaping how Internal Auditors work in 2025. These trends will significantly influence how many Internal Audit teams achieve success in the coming year.
1. Internal Audit plans will consist of fewer audits. Instead, more time will be devoted to identifying emerging risks and establishing governance programs to ensure new risks are managed appropriately.
2. For audit projects performed, more time will be dedicated to evaluating the design of existing processes against the COSO internal control framework, external benchmark data, and gathering perspectives of their peers, rather than just testing the effectiveness of controls. Also, there will be more intent creating awareness and educating the business on sound risk and control practices during the course of an audit project.
3. Internal Audit will start spending more time on developing continuous monitoring and auditing scripts, which will then be leveraged as key risk indicators for risk programs.
4. Skill sets for internal auditors will expand to include an understanding of where activities such as TPRM, ESG, IT Risk, Enterprise Risk, and compliance and assurance programs connect, and how to report on the effectiveness of these relationships. Those that can architect these relationships and connections will be in very high demand.
5. CAEs and internal audit leaders will spend more time using technology platforms informing business leaders on how internal and external risk landscapes and assurance results will impact future business decisions to be made.
6. To excel in this role, new CAE’s will be hired for their proven competence in digital transformations, industry expertise, and the ability to quantify the impact of a Connected Risk environment on their company's stock price. They are also perceived as dynamic business leaders.
The future is exciting for Internal Audit. Teams that incorporate more of these modern audit approaches will increasingly be seen as coaches and advisors, rather than as policing bodies.
And when these activities are successfully carried out to the fullest extent, more and more CAEs will find themselves reporting directly to the CEO and the full board, and will have earned a seat on their company’s executive leadership team.
