The "Risk in Focus 2025" report by the European Confederation of Institutes of Internal Auditing (ECIIA) provides a comprehensive analysis of the key risks that organisations and internal auditors should prioritise in the upcoming year. The report is based on insights from 985 Chief Audit Executives (CAEs) across 20 European countries, supplemented by roundtable discussions and interviews.
Key risks identified
The rapid advancement of AI and other digital technologies is reshaping the business landscape. AI and digital disruption are expected to become the second most significant risk by 2028. Organisations are urged to develop mature AI strategies and governance processes to harness the benefits of these technologies while managing associated risks, such as data privacy and ethical concerns.
Strategic recommendations
How can we help?
Internal auditors are positioned to play a pivotal role in helping organisations navigate these complex risks. The report highlights several key areas where internal auditors can add value:
Assess how well the organisation’s AI and digitalisation strategy is supported by a credible business transformation or change-management plan.
Provide assurance on the security culture around cyber-risk and whether training is regular, relevant and the results of testing well communicated.
Provide assurance that workforce planning is effective in both recruitment and retention and is aligned with strategic objectives.
Provide assurance that processes for identifying and mitigating risks that potentially impact multiple parts of the business are properly integrated throughout the enterprise.
Provide assurance that the business is on track to elevate the detail and quality of controls around climate-related data and integrate it into core systems applications.
This article was written by Raquel Micallef, Senior Associate in Risk and Regulation.
Contact us
