5 internal audit resolutions for 2026

If Magic 8 Balls reliably told the truth, I know what they’d say regarding internal audit’s future: a neutral response like “hazy” or "cannot predict now.” Indeed, today’s practitioners will define internal audit’s next era, and its outlines are far from certain.

Our hypervolatile decade continues to introduce new risks for the profession — and new opportunities. As my most recent year-end CAE survey on the strategic risks facing internal audit reveals, technology- and AI-related risks loom especially large. Furthermore, CAEs seem increasingly cognizant of how traditional internal audit roles and practices could hold us back.

How will you help redefine internal audit in the coming year? My 2026 resolutions set out the key imperatives I see for maintaining and enhancing internal audit’s ongoing relevance and value. After all, as management consultant Peter Drucker wrote, “The best way to predict the future is to create it.”

1. Develop and execute an AI adoption roadmap, moving from pilots to scalable use

CAEs identified the “inability to leverage AI to drive greater internal audit efficiency/productivity” as the profession’s #1 strategic risk. I would argue that internal audit has never before faced a technology adoption challenge of this magnitude.

Three years into the GenAI era, many teams have wholeheartedly embraced AI. However, the majority are still behind the curve: Only 25% of 2026 Focus on the Future respondents actively use AI in their work, 52% are in the experimenting/piloting phase, and the remaining 23% are still not using AI. What’s holding them back? Top reasons included lack of in-house AI expertise, limited understanding of AI’s capabilities, data privacy/security concerns — and taking a “wait and see” approach.

The latter represents internal audit’s longtime Achilles’ heel relative to technology adoption. Now as ever, a “wait and see” mindset slows progress, delays learning, and leaves us vulnerable to falling behind in understanding the very risks we must help our organizations evaluate.

Wherever you are in your AI journey, commit to meaningful progress in 2026. Collaborate across functions to expedite impact. Develop and execute an AI adoption roadmap aligning the structure, goals, and support required to move from targeted pilots to scalable use.

2. Strengthen audit teams with skills in analytics, cyber risk, and AI risks, governance, and ethics

AI use is far from the only area in which teams urgently need to build skills. Data analytics, cybersecurity, and AI risks, governance, and ethics have become core competencies for modern internal auditors. These skills are directly responsive to Focus on the Future’s top technology-related risks: cybersecurity and data security (#1), IT not covered in other risks (#3), third-party risk management (#4), the organization’s use of GenAI (#6), and AI governance (#7).

Today’s CAEs see the potential impact. The #2 strategic risk “lack of expertise to provide assurance and advice on technology risks” feeds into the inability to address emerging risks (#5) and critical risks (#7).

If we lack the capabilities to audit today’s most pressing risks, we’ll struggle mightily to deliver the value our organizations need. Make technology skills development a strategic priority in 2026. Update training programs and skills assessments. Engage internal and external resources to train teams in foundational and advanced technology-related audit practices.

3. Embed human “superpower” skills into hiring, training and evaluation frameworks

We must also look beyond technology skills, cultivating the skills that will help human practitioners win the race for relevance and value in the age of AI. Focus on the Future respondents identified professional skepticism/inquisitiveness, relationship-building/communication, ethical judgement, critical thinking, and intellectual curiosity as the top human skills that internal auditors are uniquely positioned to demonstrate (and AI isn’t currently able to replicate).

Better equipping teams to cultivate these human “superpowers” requires rethinking hiring, training, and development. Embed these skills in job descriptions and validate them in interviews. Consider nontraditional candidates. Update development and evaluation frameworks to incentivize, track, and recognize these skills.

4. Redefine and communicate internal audit’s mission and strategic value (value creation)

The Internal Audit Foundation’s Vision 2035 report reinforced the unflattering perceptions many stakeholders have of internal audit. More than half of respondents said they are seen as “compliance-focused,” and nearly half that they’re viewed as “police” — persistent views reflecting historical views of internal audit as primarily protecting value. Fewer respondents reported being seen as “trusted advisors” or “internal consultants” (40%) or “problem solvers” (34%), key perceptions reinforcing value creation.

This isn’t a good look for any profession aiming to remain relevant. Indeed, many CAEs know this, identifying the “inability to transition from value protection to value creation” — a risk that wasn’t even on our radar two years ago — as the #4 strategic risk facing the profession.

Your stakeholders define your value. If they don’t see it, it’s not their fault — it’s yours. Your reputation shapes your influence, so take ownership of how you’re perceived. Embrace your strategic plan, charter, communications, and day-to-day stakeholder interactions to redefine who you are and the value you create.

5. Develop continuous risk monitoring platforms that leverage AI and other technology solutions

“No surprises” is audit committees’ most common expectation of internal audit. Unfortunately, today’s interconnected risks ripple and compound, creating second- and third-order risks that are difficult to anticipate. Business leaders urgently need to become more agile in how they respond to risk. That requires a continuous, 360-degree view on risk — a view that backward-looking assurance and periodic snapshots can’t provide.

Technology-enabled continuous monitoring is no longer optional; it’s essential. Again, CAEs see the “inability to address emerging risks” as a top strategic risk. Further, 24% of Focus on the Future respondents identified “missing critical emerging risks” as the greatest risk if internal audit doesn’t adapt quickly to AI and digital disruption.

Prioritize continuous risk monitoring in 2026. Leverage AI and analytics to assess how risks are emerging and shifting, detect early-warning signals, and surface relevant foresight. Lead scenario testing and “risk sprints” for critical exposures. Advance connected risk, enabling information-sharing and collaboration across risk and assurance teams.

These five resolutions point to solvable problems representing critical opportunities. As we turn the page to a new year, it’s up to you to make 2026 matter. How will your team win the race for relevance and value?

Keep pace with the emerging trends of 2026

Subscribe to our newsletter

About the authors

Richard Chambers, CIA, CRMA, CFE, CGAP, is the CEO of Richard F. Chambers & Associates, a global advisory firm for internal audit professionals, and also serves as Senior Advisor, Risk and Audit at AuditBoard. Previously, he served for over a decade as the president and CEO of The Institute of Internal Auditors (IIA). Connect with Richard on LinkedIn.