Navigating Internal Audit Challenges in Retail: A Strategic Approach to Risk and Compliance

Imagine a retail business as a high-speed train gliding smoothly along its route, running with precision and purpose. The crew — its employees — ensure passengers (customers) enjoy their journey while the valuable cargo (merchandise and data) reaches its destination safely. The train’s tracks represent the intricate network of supply chains, regulations, and market dynamics that guide and support the business’s journey forward.

Long-term growth and profit are the train’s destinations, but what really matters is what keeps it on track by preventing delays or derailments. This is where an internal audit plays a key role. Internal audit in the retail sector is not just a bystander but an active conductor that ensures the system runs smoothly and stays on course.

In today’s fast-paced retail industry, internal audit isn’t just about compliance checklists; it’s about identifying risks, improving efficiency, and ensuring transparency. The retail sector is evolving rapidly due to heightened competition, global supply chain complexities, tariff wars, and the need to safeguard customer data. Additionally, global regulatory changes, new audit standards, and shifts under government administrations demand innovative strategies and greater flexibility to navigate the challenges ahead.

In this article, I aim to break down common challenges impacting retail sector internal auditors today along with strategies to overcome them, as well as best practices for building a resilient internal audit function. Together, let’s uncover actionable insights to navigate this complex environment and support retail businesses in staying resilient and successful.

Global Regulatory Changes Impacting the Retail Sector

1. New and Evolving Global Standards

On a global level, regulators are tightening and updating standards in important areas such as data protection, sustainability, consumer protection, and goods and product traceability. For example:

• Data Privacy: The European Union’s (EU) GDPR continues to set the standard for data privacy, influencing similar regulations globally, including California’s CCPA, several other privacy laws both in the U.S. and Canada set to take effect in 2025, and the EU’s new Digital Markets Act (DMA). Retailers must implement robust data protection practices that meet these stringent requirements, especially as digital commerce expands.
• Sustainability and Ethical Sourcing: There is increased demand for retailers to have both ethical and sustainable supply chains, especially outside of the U.S. There are requirements for reporting and tracking for environmental footprint, waste reduction, and transparency in sources.
• Consumer Protection: Enhanced product labeling and safety standards are being enforced globally, requiring improved monitoring and compliance mechanisms to meet diverse regional expectations.

As standards evolve, it is evident that internal audit teams need to proactively apply robust monitoring, reporting, and risk management processes. Meeting compliance requirements is crucial; however, fostering transparency in operations is essential — a balance that is increasingly vital in the current landscape.

2. Enhanced International Compliance Requirements

As retailers grow internationally and expand their online presence, they face a challenging mixture of regulatory requirements that vary widely by country and region. For example:

• As discussed in EY’s Beyond Borders report, cross-border transactions and digital commerce are now subject to tight rules, often requiring better inspection of vendor relations and payment systems so that they remain obedient.
• In areas such as the EU, strict standards around product labeling, safety standards (GPSR), and consumer rights regulations mean that regular compliance frameworks must be updated to meet these demands.
• Increased investigation of supply chain operations as governments and consumers demand more accountability equally around moral sources and environmental stability.

The range of jurisdictional requirements makes compliance an evolving objective, requiring internal audit teams to implement flexible strategies and engage in ongoing monitoring practices.

3. Adoption of Global Audit Standards

The new Global Internal Audit Standards introduced this year demand more from internal audit teams worldwide. These changes focus on risk-based auditing, enhanced governance, and ethical behavior. For retailers operating across multiple jurisdictions, this means adapting the internal audit function to these standards. Aligning to these standards is more than just compliance—it’s an opportunity to strengthen governance and drive operational excellence across the business.

4. U.S. Regulatory Changes Under the New Administration

Within the U.S., the current administration has implemented policies aimed at reducing regulations and stimulating domestic growth in alignment with the “America First” trade agenda. Although this could alleviate administrative challenges for domestic operations, it introduces additional complexity for global retailers operating in an increasingly interconnected environment.

• As highlighted in a recent article in the Wall Street Journal by Deloitte, tariffs and shifting trade policies have thrown global supply chains into chaos, and internal auditors need to re-look and adjust risk assessments.
• Deregulation may ease compliance for U.S.-based operations, but it widens the gap between U.S. practices and stricter regulations in many international markets.

For global retailers, this means a nuanced approach — balancing the benefits of domestic deregulation with the need to manage the uncertainties and risks that come with international trade. It’s a challenge that requires agility, foresight, and knowledge of both local and global regulatory landscapes.

Impacts on Internal Audit Teams in Retail

The combination of global regulatory changes and domestic policy shifts creates a layered risk environment for internal audit teams. To address this, auditors need to recalibrate their methodologies and be more agile.

1. Strengthening Compliance Monitoring and Risk Management

Internal auditors must now monitor both domestic deregulation and tightening international rules. Key strategies include:

• Enhancing risk frameworks: Update risk management processes to capture regulatory changes across multiple jurisdictions.
• Leveraging advanced analytics: Use data to continuously monitor compliance and identify risks across global supply chains.
• Auditing compliance workflows: Automation can streamline testing and reporting, improving efficiency and accuracy.

By enhancing compliance monitoring, internal auditors can address the complexities of navigating both domestic deregulation and international tightening.

2. Adapting to Complex Supply Chain Dynamics

Global trade volatility and regional regulatory demands require internal auditors to rethink how they manage supply chain risks. For example:

• Vendor risk assessments: Regularly evaluate suppliers for compliance with both domestic and international regulations, ensuring contracts and operations align with evolving standards.
• Supply chain audits: Implement controls to address risks related to product traceability, ethical sourcing, and sustainability reporting.
• Contingency planning: Develop strategies to mitigate potential disruptions caused by new tariffs or trade policy shifts.

By proactively addressing supply chain complexities, internal auditors can help retailers maintain resilience and reduce operational risks.

3. Aligning with Global Audit Standards

The adoption of new global audit standards requires retail internal audit teams to update their methodologies and invest in continuous training. Key steps include:

• Modernizing audit practices: Internal audit must adapt to the evolving business environment by equipping auditors with the tools and principles needed to modernize. Per Standard 4.1, the chief audit executive or engagement supervisor ensures work programs and engagements comply with the standards.
• Enhancing governance frameworks: Strengthen governance to improve decision-making and risk management. Per Standard 9.1, the chief audit executive must stay informed on leading governance principles, global frameworks, and industry-specific guidance.
• Continuous learning: Develop internal audit teams through training in risk-based auditing, ethics, and advanced technologies. Per Standard 12.2, learning plans should align with the audit strategy and emerging organizational risks.

Alignment with global standards positions internal audit teams as strategic partners, driving both compliance and operational excellence.

Strategic Solutions for Retail Internal Auditors

To navigate this complex environment, internal auditors must adopt proactive and innovative strategies.

Building Agility in Internal Audit Functions

Gone are the days of rigid annual audit plans. In today’s retail environment, where a TikTok trend can transform consumer behavior overnight, audit teams need to be flexible enough to quickly adapt to manage the layered risks of a global retail network. Audit teams can enhance agility by:

• Regularly reassessing audit plans: Ensure priorities reflect emerging risks and regulatory updates. If you haven’t already, make sure your audit plans reflect a quarterly risk assessment and not one that is annual.
• Enhancing cross-departmental collaboration: Work closely with legal, compliance, and operations teams to respond to regulatory shifts in a coordinated manner. This has dramatically improved our ability to understand complex issues like omnichannel fulfillment risks and cryptocurrency payment controls.
• Implementing scalable frameworks: Use flexible audit methodologies that can adjust to changing regulations and business needs—including flexible audit models that can be quickly reconfigured based on changing regulations or business needs, without rebuilding entire programs from scratch. And iterative testing approaches to quickly pivot when new risks emerge.

Leveraging Technology and Moving Beyond the Basics

Technology is a key enabler for modern internal audit practices. By adopting connected solutions like AuditBoard, audit teams within the retail industry can:

• AI-Powered Risk Assessment: Start evaluating AI and machine learning to see how these technologies can be used in the risk assessment process to help identify unusual patterns and potential risks that traditional sampling would miss.
• Automated Control Testing: Explore how you might incorporate AI systems to handle routine compliance checks across digital platforms, allowing your team to focus on complex analytical work while reducing your manual testing efforts.
• Predictive Analytics Integration: Evaluate advanced analytics tools, like AuditBoard Analytics, that help forecast potential control breakdowns before they occur. This can be particularly valuable in areas like inventory management and cash handling.

Promoting a Compliance-Oriented Culture

A strong compliance culture is critical for managing risks effectively. Internal auditors can foster this culture by:

• Educating employees: Provide training on ethical practices, regulatory requirements, and the importance of compliance. Forget lengthy compliance presentations—focus on short, scenario-based training featuring real situations. These resonate better with frontline staff.
• Reinforcing accountability: Engage leaders to model compliance behavior by demonstrating how it drives organizational success. When teams see compliance as a business enabler rather than a burden, adoption follows naturally.
• Metrics That Matter: Make a shift away from tracking the number of audits completed. Instead, measure your impact through metrics like time to remediation and repeat findings reduction.

Keeping the Train on Track

The retail industry is navigating a rapidly evolving regulatory landscape, shaped by global changes and local policy shifts. For internal audit teams, the challenge lies in balancing domestic deregulation with international tightening while ensuring compliance, mitigating risks, and driving operational excellence.

Just as conductors ensure a train runs smoothly, internal audit must keep organizations on track, adapting to shifting regulations and market dynamics with agility and precision. By leveraging technology, embracing global standards, and fostering a culture of compliance, internal auditors can help propel the retail industry toward sustainable growth and profitability.

To thrive in this complex environment, retail internal audit teams must recalibrate their methodologies, invest in technology, and embrace agility. In doing so, they can rise to the challenge and deliver strategic value in an ever-evolving global landscape.

About the authors

Meagan Sollows, CPA, CA, is an Account Executive serving Eastern Canada at AuditBoard. Meagan started her career at KPMG Canada, and has served in internal audit and financial audit roles at Canada Goose, Tucows, and Constellation Software Inc.