Voice of the CEO: AI and Internal Audit: 5 Global Trends

Today, as AI rapidly advances and sees widespread adoption, The IIA is deeply invested in understanding how it is transforming the risk environment and how internal auditors can harness it responsibly to enhance the value they provide.

Through my discussions with internal audit leaders around the world, I've observed diverse perspectives on AI, largely influenced by cultural and geopolitical factors. Here are five insights on global trends and regulatory considerations for practitioners navigating AI’s evolving risks and opportunities.

1. AI Adoption in Internal Audit Is Growing Rapidly

According to The IIA’s latest Pulse of Internal Audit report, the use of generative AI in audit activities more than doubled over the past year — from 15% to 40%. This is a truly noteworthy jump that reflects the profession’s agility in embracing new technology and innovation. AI is increasingly being applied within internal audit functions to enhance data analysis, track and identify risks, and automate administrative tasks.

As adoption accelerates, so does the need for strong internal controls to ensure responsible AI usage. This includes implementing comprehensive ethics training, proactive cyber risk management, and ongoing upskilling to empower practitioners to leverage the technology both securely and effectively.

2. Adoption and Governance Is Shaped by Cultural Contexts

AI adoption and governance varies significantly across geographies. In my conversations with CAEs around the globe, I’ve learned how digital readiness, political systems, regulatory maturity, and societal values shape diverse approaches to AI use within organizations and audit functions.

For example, Europe — guided by the General Data Protection Regulation and a rights-based approach to privacy — strongly emphasizes ethical and legal guardrails when it comes to AI governance frameworks. The U.S., by contrast, often takes a more market-driven approach to new technology that prioritizes innovation and commercial growth. Meanwhile, many countries in Asia tend to approach technology regulations with a focus on balancing safety and innovation.

These cultural and political dynamics inevitably influence how organizations use AI — and in turn, how internal audit functions can deliver strategic guidance, compliance, and governance support.

3. Change Is Constant in AI Regulation

Technological innovation typically outpaces policy, and AI is no exception. Around the globe, regulatory approaches to AI vary significantly and are evolving in real time. Consider the EU’s progress with the AI Act, a comprehensive regulatory model, compared to the U.S., where federal AI policy is still in development.

Despite these regional differences, one theme is clear: AI regulation is a moving target. Across geographies, AI regulators continue to reassess and recalibrate their governance approach as the technology progresses.

In this dynamic environment, many jurisdictions are trending toward a more flexible principles-based approach, rather than enforcing rigid, rules-based mandates. Internal auditors must stay attuned to these shifts to ensure compliance and guide forward-looking governance strategies within their organization.

4. Internal Audit’s Role in AI Governance Is Essential

Trust, ethics, and credibility lie at the core of effective AI governance. As global regulations take shape, internal audit has a critical role to play — not only as a compliance and oversight function, but also as a strategic advisor.

To be effective, practitioners must recognize that context matters. They must approach AI as a complex governance issue influenced by cultural, political, and regional dynamics. Particularly when advising global organizations, internal auditors must understand how local and cultural forces shape AI risks and implementation practices.

To support this work and bridge global differences in AI governance and adoption, The IIA continues to uphold global standards and provide tools and resources to help practitioners navigate the varied AI risk and regulatory landscape. Our approach is to help auditors address cross-border differences while enforcing consistency in governance and risk management standards.

5. A Growth Mindset Is Key for the Profession

As AI adoption and regulation evolves, internal audit must embrace continuous learning, collaboration, and knowledge-sharing. Our ability to adapt to change and disruption is what ensures our lasting value and relevance.

At The IIA, we are focused on equipping practitioners to both assess AI-related risks and effectively and integrate AI tools within the audit process. In parallel, we are engaging with regulators and legislators around the world to help clarify the valuable role internal audit plays in the oversight, governance, and responsible implementation of AI. As the profession evolves in step with technological advances, we’re supporting this transformation through targeted training, programs, expert-led discussions at global conferences and events, accessible technical resources such as the AI Knowledge Center, and timely, research-driven insights.

I encourage all internal audit professionals to engage with these resources and embrace the growth mindset, agility, and skills needed to lead with purpose and strategic foresight in the age of AI.