Voice of the CEO: Making Sense of Rising Risks
Blogs Anthony Pugliese, CIA, CPA, CGMA, CITP Oct 30, 2025
In September, The IIA’s Internal Audit Foundation published its latest Risk in Focus research, which paints a clear picture of the top risks organizations will face heading into 2026. While the findings reinforced several familiar trends from last year — most notably, cybersecurity’s continued position as the top-rated risk globally — they also reveal shifts in the broader risk landscape that demand our attention.
Digital disruption, including the rapid evolution of artificial intelligence, has continued its ascent, now ranking as the second highest risk, just behind cybersecurity. Meanwhile, geopolitical and macroeconomic uncertainty has emerged as the fastest-rising concern for organizations worldwide. In fact, this category experienced the single largest increase in risk levels globally, with the trend particularly pronounced in North America.
It’s interesting to note here that geopolitical and economic risks tend to be cyclical — often influenced by shifts in political leadership and policy direction. Technology risks, on the other hand, have become constant, driven by continuous innovation and the rapid pace of digital advancement. Frankly, it’s highly likely that this will define the new normal in the years ahead.
Evolving policy and regulatory approaches in the U.S. over the past year help to explain why geopolitical uncertainty rose so sharply in this year’s results. Over the last several months, the risks posed by both geopolitical uncertainty and regulatory changes have echoed throughout my conversations with CAEs and governance professionals around the world.
Our profession is increasingly being called upon to help organizations make sense of these changes, stay agile and resilient, and prepare audit committees for what’s to come. Audit committees and internal audit leaders must deeply consider how they can ensure proper alignment between their top audit priorities and these emerging risks.
So where do we go from here? How can internal audit functions help ensure organizations today remain resilient amid ongoing geopolitical and regulatory disruption?
Geopolitical Uncertainty Is Not a Standalone Risk
One of the key insights from this year’s research is that geopolitical uncertainty is deeply interconnected with other risk areas. It affects and is affected by other related risk areas such as regulatory changes, business resilience, supply chain continuity, financial stability, and even market positioning and competition. A single geopolitical event can ripple through operational, financial, and reputational aspects of the organization.
For our profession, this means that internal audit’s approach to proactively managing geopolitical uncertainty cannot be an isolated effort. It must be integrated into a broader risk management strategy that includes ongoing assurance and proactive advisory across several risk categories.
How Internal Audit Can Address Geopolitical Risks
To proactively manage geopolitical risks and deliver sustained value to their organizations, internal audit functions must look to expand their role as strategic advisors helping organizations anticipate and respond effectively to the many varied risks that encompass geopolitical uncertainty.
Below, I outline several key practices that internal auditors can adopt to ensure their audit priorities are aligned with the evolving risk landscape and help their organization remain agile and responsive in an increasingly uncertain environment:
Continuously Monitor Geopolitical Risks
Update risk assessments and matrices on an ongoing basis to reflect policy changes and evolving global events. Leverage data and insights from other reputable sources that track political and regulatory shifts to identify warning signals.
Strengthen Communication and Collaboration
Hold regular discussions with risk teams, senior leadership board members, and key stakeholders to ensure emerging risks are clearly communicated and understood across all levels of the organization.
Practice Risk Scenario Exercises
Incorporate geopolitical and regulatory disruptions into frequent risk scenario planning to test the organization’s response and recovery capabilities against potential shifts in political events or policy.
Assess Supply Chain Reliability
Given the potential impact of trade policy shifts on an organization’s supply chain, frequently assess the effectiveness of supply chain risk management, including evaluating vulnerabilities related to geographic concentration in key at-risk regions, supplier dependencies, and contingency planning.
Prepare for Financial Disruption
Continuously monitor volatility in global trade and tariff policy and adjust audit priorities to maintain financial preparedness. For public and non-profit organizations, anticipate potential government funding cuts and establish contingency plans in advance to help mitigate financial disruptions.
As organizations today navigate a more complex and increasingly volatile global environment, internal audit’s role as a trusted advisor has never been more critical. By integrating proactive geopolitical risk assessment and deeper strategic engagement into internal audit planning, we can help organizations move beyond reacting to the unexpected and toward anticipating, preparing for, and effectively managing emerging risks.