Elevating Internal Audit: Observations and Insights From the 2025 Great Audit Minds Conference 

As internal audit undergoes significant transformation as a result of technological advancements, skills gaps, and emerging risk responsibilities, 2025 is shaping up to be a pivotal period for the profession. The latest data shows that internal audit budgets and staff growth have nearly recovered to pre-Covid levels, but at the same time, internal auditors are increasingly expected to contribute to activities outside of traditional functional requirements like SOX compliance. 

When CrossCountry Consulting’s Integrated Risk Management leaders tapped into and contributed to the latest conversations driving the industry at the Institute of Internal Auditors’ Great Audit Minds conference, a number of key realities came to light or were re-emphasized. 

Here are the top takeaways that resonated: 

1. The 2024 Global Internal Audit Standards: A Catalyst for Change 

The new Global Internal Audit Standards are spurring organizational value and elevating the profession through: 

• Enhanced focus on championing ethics and integrity: The standards emphasize the importance of addressing ethical considerations and directly challenging management when necessary. 
• Balancing board reporting and management relationships: Auditors must navigate the delicate balance of fulfilling enhanced board reporting requirements while maintaining strong, trusted relationships with management. 
• Value-driven audit strategies: Internal audit strategies should be directly aligned with the organization’s value-drivers to close business gaps and capitalize on potential competitive advantages. 
• Effective communication and understanding: Strong relationships at the C-suite and board level hinge on clear communication and mutual understanding, which goes a long way toward not just the execution of internal audits but for fostering sound corporate governance. 
• Topical Requirements:  
  • Cybersecurity (effective February 5, 2025): Provides a baseline for assessing cybersecurity governance, risk management, and control processes. 
  • Third Party (open for comment until April 20, 2025): Addresses full third-party lifecycle, contracting, onboarding, monitoring and offboarding. 
  • Future Topical Requirements: Culture and Organizational Resilience (drafts in 2025/2026). 

For internal audit departments that have not yet fully complied with the new standards, the question is no longer “why?” but “why not?” Just as robust risk management practices safeguard and elevate an organization’s value, the GIAS ensure internal audit is squarely aligned with mission-critical objectives. This includes optimizing the internal audit team and its technology and upholding the highest standards of integrity and excellence. 

2. Navigating Cyber and AI Risk 

Cyber risk remains a top concern for audit leaders, and internal audit’s role places increasing emphasis on cyber threats. 

• Top technology risks: Data breaches, third-party cyber risk, cloud security weaknesses, and AI-driven threats are paramount.  
• Cyber-AI integration: AI’s growing threat surface and impact is a noted risk vector; however, internal auditors are simultaneously hoping to harness the productive impact of AI as well. As of 2025, though, just 2-4% of internal auditors have made progress on AI. Cyber and AI risk must be considered together, and internal auditors must adapt their strategies to address these risk domains effectively. 
• Auditing cyber program effectiveness: Internal auditors are focusing more attention on several components of cyber risk, including: 
  • Proactive evaluation of incident management actions. 
  • Alignment with industry frameworks and standards (e.g., NIST, ISO 27001). 
  • Clear RACI across all functions. 
  • Tracking key metrics, such as mean time to detect and recover. 

• Future-looking trends: Here’s what’s on the horizon according to internal audit experts: 
  • Enhancing team skills in AI and AI-driven threats. 
  • Using real-world examples to develop defense strategies. 
  • Assessing the adaptability of governance frameworks. 

Featured Insight

The Future of Internal Audit: AI, Cybersecurity, and Regulatory Shifts

READ MORE

3. Enterprise Risk Management (ERM) Continues to Be Mission-Critical 

ERM is increasingly central to managing uncertainties and aligning risk with strategic objectives, and internal audit’s role in this process is expanding.  

• Organizations are recognizing ERM as a critical function, one that needs close collaboration with internal audit. Internal auditors must play a greater role in assessing ERM effectiveness. 
• Integrating ERM into business decision-making remains a challenge. 
• The evolving risk landscape necessitates a proactive ERM approach. 
• ERM maturity levels vary across organizations, but the use of technology solutions is enhancing ERM’s value and capabilities. 
• Board and executive involvement is essential to ERM program success. 

4. Redesigning Audit Delivery Models for the Future 

To keep pace with the evolving risk landscape, audit departments must redesign their delivery models through: 

• Technology integration: Leveraging advanced analytics and real-time insights can validate and enhance decision-making while also supporting a scalable systems and process architecture. 
• Automation: Automating routine tasks with GenAI allows auditors to focus on higher-value activities. This might include routine report generation, fact-finding and traceability, predictive threat detection, and more. 
• Outsourcing: Relying on external experts for specialized skills, especially as the internal audit function transitions into broader responsibilities. 
• In-house capabilities: Invest in ongoing skill assessment and training, which might include cross-training, reorganizing into cross-functional teams, supporting continuing professional education, and leveraging new enterprise platforms. 
• Change management strategies: Implementing new internal audit operating models must be done with risk-informed insights and cultural alignment. 
• Expanding the audit role: Moving beyond compliance to become a strategic partner in innovation and risk management has influenced the arc of internal audit in recent years and is expected to continue. 
• Forward-thinking approach: Embrace ambiguity and complexity by analyzing the current state, implementing technology and automation, and monitoring KPIs. 

By embracing the new Global Internal Audit Standards, addressing cyber risks, strengthening ERM, and redesigning delivery models, auditors can effectively deliver enterprise value and convert threats into opportunities. 

To maximize internal audit at your organization, contact CrossCountry Consulting.