The role that the Internal Audit plays in an organization is increasingly being put under pressure due to various emerging trends. These trends include; the constantly evolving business models and their company culture, technological evolution and Cybersecurity threats.
These trends/risks require the Internal Auditors to be more forward thinking in the assessment of their organizations’ overall health and provide solutions/recommendations that can avert crises brought about by these trends.

Below we highlight some of the emerging trends and risks that every internal auditor needs to be aware of in order to effectively advise the organizations they work for effectively.

Company Culture

According to an article written by the Society for Human Resource Management, the key to a successful organization is to have a culture based on a strongly held and widely shared set of beliefs that are supported by strategy and structure. The article adds that when an organization has a strong culture, three things happen: Employees know how top management wants them to respond to any situation, employees believe that the expected response is the proper one, and employees know that they will be rewarded for demonstrating the organization’s values.
It is this culture that has the capacity to attract and retain top talent.
While it is the employers that play the biggest role when it comes to perpetuating an enviable company culture in their organizations, the internal audit function can place itself at the centre of these cultures by providing detailed assessments and recommendations of the values, their purposes and overall impact on the employees and organizations.

Regulatory and Compliance risks

New regulations and requirements constantly swarm organizations in any given year. This puts a lot of pressure on them as some of the compliance laws only add onto the complexity of the organizations.

Internal auditors are therefore required to stay updated with the changing laws and share the updates with their organizations’ management to ensure that they avert any liabilities that may arise in future.

Artificial Intelligence (AI)

As organizations move towards incorporating automation programmes into their work processes, the role of Internal audit can’t be over emphasised in ensuring that various controls and risk management processes across these various initiatives and or processes are well embedded onto these systems. These will ensure that their organizations are shielded from any breakdown that may occur.


The threats associated with cybersecurity to organizations have drastically evolved over years. In 2020, the risks were heightened due to remote working that was largely contributed by the Covid-19 pandemic.

Other forces that are contributing greatly to the increased cyber security threats and shifting operational control and effectiveness include; digitization, internet, data collaboration tools, mobile, social technogies/tools Internet, cloud, mobile, outsourcing and social technologies because they function on the basis of data sharing which is one of the loop holes for cyber-attacks.

There is therefore need for the Internal auditors to concisely and clearly draw out an analysis of the cyber security risks assessment and report the same to the internal audit committees.

Third party risk management

Most businesses cannot function without third parties. While they are important in the day to day running of many businesses, they also pose a number of risks. The nature of these risks can be reputational,legal and compliance related.

Further, according to a research accrued out by the MetricStream Research survey regarding third-party risk management, it was reported by over 21% of the respondents that their companies had faced a risk exposure due to a third party relationship.

As such, Internal auditors have no option other than to provide oversight from the initial screening process and be part of the due diligence process when on boarding these parties.
Moreover, they should facilitate the writing of contracts for these third parties, assist in the documentation processes of this contracts and their review after a period of time to ensure that there are no material breaches.

To achieve this, the role of collaboration cannot be overlooked as Internal auditors need to be able to work with all the key departments included the procurement department.
In addition to the above, the policies regarding the use of third parties should provide a robust framework for handling any disruptions to supply chains that may be brought about by pandemics ,political apprehensions e.t.c.

Data and analytics processes

A myriad of tools are available to help companies collect data to improve their efficiency. These tools whilst beneficial, can pose risks to an organization if they are not thoroughly vetted to check whether they meet the unique needs of an organization.

Internal auditors should therefore help their organizations in the creation and design, integration and deployment of these tools that are relevant for each department. They should also ensure that they are cost effective for their organizations.


With these and more emerging trends coming up, Internal Auditors are left with no option other than to keep abreast of these trends and their impacts within their organizations.
IAs also need regularly update/revise their audit plans in order to manage any potential business risks that emanate from these risks/trends.

Nonetheless, each and every organization needs to invest in training opportunities for their Internal Auditors so that they are able to comprehend these risks and trends.

For more information regarding this alert; please contact;

Daniel Muhia
Internal Audit Partner
t +254 715 248882 | +254 733 533449

  • [spcd_display]