The past year threw challenge after challenge at audit, risk, and InfoSec teams — from new regulations to understanding and using AI. Some struggled to meet risk demands, while others rose to the occasion. To better understand what was happening on the ground and the strategies successful teams are using to navigate these challenges, we surveyed hundreds of industry professionals like you. Take a look back at our key findings to help you prepare for 2025.
Determining the Materiality of Cybersecurity Incidents
- Report: Decode the New SEC Cybersecurity Disclosure Ruling
- Survey group: 314 enterprise security professionals
- Research conducted: January 2024
Key Findings from Decode the New SEC Cybersecurity Disclosure Ruling
We asked security teams about their organizations’ efforts to comply with the SEC cybersecurity disclosure ruling. The ruling requires the disclosure of material cybersecurity incidents but includes no set definition of what qualifies an incident as “material” outside of it impacting shareholders. This is largely left up to individual organizations.
We found that while materiality may be vague, using a framework can help provide context. 49% of organizations surveyed established processes and methodologies to determine materiality, and 98% of those using a materiality framework report a moderate to high understanding of that framework and their ability to provide the right inputs.
Managing Increased Audit Demands While Adding Value
- Report: Internal Audit’s Expanding Role: The Foundation for Connected Risk
- Survey group: 150 CAEs and internal audit leaders
- Research conducted: February 2024
Key Findings from Internal Audit’s Expanding Role: The Foundation for Connected Risk
As organizations face increasing regulatory complexities and technological advancements, internal auditors must adapt to provide more strategic value. Over half of CFOs and audit committees are asking internal audit teams to expand their responsibilities, yet resource limitations pose a significant challenge. One solution is a connected risk management approach that uses technology to connect the data and processes of audit, risk, and compliance teams.
CAEs recognize this: Those we surveyed named integrated risk management (IRM) as the top area they believe internal audit should have more responsibility in the coming years. If your audit team isn’t already working toward connected risk, this is an excellent opportunity to lead the way in 2025.
Turning Compliance Into a Strategic Advantage
- Report: UK Corporate Governance: Turning Compliance Into a Strategic Advantage
- Survey group: 264 internal audit professionals and organisational leaders
- Research conducted: July 2024
Key Findings
Reforms to the UK Corporate Governance Code are just a few days from going into effect. Is your organisation ready? In July, an overwhelming 88% of professionals surveyed said that conformance with the reform was a high priority for their organisation in 2024. The technology, industrial, and financial sectors, where regulatory scrutiny is particularly intense, were even more likely to feel this urgency, with 94% of industrial and technology professionals and 87% of finance professionals recognising the reform as a high priority.
However, other sectors anticipated delays until 2025 or 2026. We will soon be able to see how preparation efforts play out. Even if your organisation is likely to miss the deadline, through strategic planning and technology investment, you can still turn compliance into a competitive advantage.
Strategic Audit Planning Is a Necessary Skill
- Report: 2025 Focus on the Future: Inflection Point for Transformation at Mid-Decade
- Survey group: 376 global internal audit leaders
- Research conducted: August 2024
Key Findings
The new IIA Global Internal Audit Standards mandate a strategic plan in Standard 9.2. However, while 43% of our Focus on the Future survey respondents said they do not anticipate any impediments to fulfilling this standard, the answers selected by the rest indicate that many CAEs may not have a strong understanding of strategic planning. Half of respondents named their greatest barrier to strategic planning as “uncertainties about future resources, objectives, etc.,” 41% said it isn’t critical enough to displace other responsibilities, and another 24% cited a “lack of experience.”
Regrettably, those who cite future uncertainty as an impediment likely do not fully understand the purpose of a strategic plan. Strategic plans aren’t there to provide the answers. They exist to act as a roadmap that helps our internal audit functions get from where they are today to where they need to be in the future. Whatever the impediments, strategic plans are worth the time and effort.
Achieving Organizational Alignment Requires Greater Communication
- Report: The Connected Risk Report: Uniting Teams and Insights to Drive Organizational Resilience
- Survey group: 514 audit, risk, and compliance professionals
- Research conducted: September-October 2024
Key Findings
Throughout our research for this report, we often saw a disconnect between executive responses and realities at the operational level. For example, 59% of executives reported high levels of data integration across departments that manage risk, while only 34% of non-executives shared this view.
Additionally, 74% of executives strongly agreed that they fully understand how AI is used within their organization, compared to only 51% of all others. And 48% of non-execs vs. 39% of execs listed “limited budget and/or resources” as a top challenge to better connecting departments involved in risk management. These findings indicate the crucial need for enhanced communication, integrated data, and greater strategic alignment across the enterprise to avoid misunderstandings or unwanted outcomes going forward.
2025 is certain to bring new challenges and opportunities for audit, risk, and compliance teams. At AuditBoard, we’re eager to continue delivering industry insights and analysis to help you make sense of all the year has in store. Be sure to sign up for our newsletter to stay up to date on the latest research, news, and events.
