Voice of the CEO: Risk in Focus 2025

While the research affirms the strength of the Global Internal Audit Standards, it also uncovers regional differences in top risk areas and calls on the profession to close the gap between current audit priorities and emerging risks, while taking on more of a strategic advisory role.  

Top Risks and Emerging Risks

Similar to previous years, the top risks worldwide, according to respondents, are cybersecurity, human capital, and business continuity.

With cybersecurity, the increasing frequency and sophistication of cyber threats continue to pose the highest risk across all regions. Safeguarding digital assets and ensuring data integrity remain paramount. Equally important is addressing human capital risk, where talent acquisition, retention, and management are significant challenges. Our people are our greatest asset; investing in their development is critical to organizational success. Moreover, we must not overlook business continuity risk. Ensuring operational resilience and effective crisis management is critical. We must be prepared to respond swiftly to disruptions and maintain business continuity. 

As we look beyond these recurring top risks, the Risk in Focus report reveals two fast-growing threats: digital disruption and climate change. These risks are predicted to grow significantly over the next several years, and internal auditors must take steps now to set ourselves up for success down the line.

In the report, digital disruption is ranked by 39% of global respondents as a top five risk, yet this number is expected to jump to 59% within three years. Artificial intelligence (AI) alone has introduced new cybersecurity challenges and impacted human capital, fraud, communications, and reputation risks. While the report underscores the need for internal audit leaders to embrace emerging technologies, it also emphasizes the need to prioritize upskilling and training to manage these disruptions effectively. 

Shifting gears to climate change, the numbers tell a similar story. On average, only 23% of global respondents currently view climate change as a top five risk, but this number is expected to climb to nearly 40% within three years. Organizations must go beyond basic compliance and objectively assess the short and long-term impacts of climate change to maintain operational and reputational integrity. Furthermore, keeping a close pulse on the regulatory environment and sustainability reporting requirements is key.

Looking Ahead 

As we navigate these complex risks, internal auditors must embrace data-driven insights, such as those put forth by the Risk in Focus research. Doing so will enable us to proactively shift and enhance our risk management frameworks to keep pace with the evolving threat environment and best support the organizations we serve. We must also lean into resources like The IIA’s AI Knowledge Center and the ESG Knowledge Center, which are designed to provide practical guidance on addressing digital disruption and climate-related risks. 

By proactively managing potential risks and working together, we can ensure both short-term success and long-term sustainability for our organizations, and proactively address the challenges and opportunities that lie ahead. Risk in Focus 2025 serves as both a wake-up call and a roadmap, urging internal audit functions to take on a more strategic advisory role in addressing digital disruption, climate change, and other emerging risks.  

The Risk in Focus Global Summary and regional reports are publicly available through the Risk in Focus Resource Center.