Internal audit hot topics

Our quarterly internal audit hot topics provides a thematic view of new and emerging regulatory risks. Get in touch if you would like to discuss any of the topics below.

Internal audit hot topics and evolving priorities continue to shift amid rapid technology change, ongoing geopolitical tensions and macroeconomic uncertainty. As such, effective horizon scanning is essential to help internal auditors manage the operational implications of these emerging risks and opportunities, while maintaining a resilient business environment. 

Assessing key internal audit priorities and emerging risks

Our quarterly internal audit hot topics reports are here to help you stay on track, respond to change, and support strategic growth. Key considerations include:

• Business continuity and operational resilience in the face of geopolitical uncertainty, emerging risks, and rising oil prices. 
• Assurance over financial crime risks, including sanctions management, failure to prevent fraud under the Economic Crime and Corporate Transparency Act (ECCTA), and new expectations for crypto asset firms.
• Effective use of technology within internal audit, including cyber security, third-party risk, transformation programmes, and data governance. 
• AI risk management and evolving governance frameworks for generative AI and agentic AI, including assurance over data, ethical and regulatory considerations as adoption continues to outpace oversight processes. 
• Compliance with Provision 29 of the Corporate Governance Code, ensuring Boards view it as an opportunity to strengthen oversight and accountability. 
• ESG obligations, including adoption of the UK Sustainability Reporting Standards (UK SRS) and, for financial services firms, compliance with the PRA’s rules on climate-related financial risks.
• Application of the Institute of Internal Auditors’ Global Internal Audit Standards, including mandatory topical requirements.

Internal audit should ensure these risks are fully embedded across all three lines of defence, supported by a robust control environment.   

Regulatory horizon scanning

In addition to the above, financial services firms also need effective regulatory horizon scanning. Internal auditors and audit teams should proactively consider emerging risks across key areas such as:

• Navigating cryptoasset authorisation requirements as firms move within the FCA’s regulatory perimeter.  
• Banking emerging risks and regulatory priorities, including Basel 3.1 implementation, consumer lending reforms (BNPL and mortgages), third-party breach reporting requirements, CRD VI Article 21c, and motor finance redress.  
• Private credit exposures and interconnectedness, including securitisation, synthetic risk transfers and significant risk transfers.  
• Asset management conduct and conflicts of interest, focusing on market abuse surveillance, governance frameworks and regulatory expectations to support good customer outcomes.  
• Insurance regulatory developments, including solvent exit planning, claims handling oversight and bulk purchase annuities.
• Internal audit is an increasingly valuable business partner to drive business decision making processes and help shape future strategy.

By addressing these priorities, organisations can move beyond assurance and position internal audit as a strategic function that supports resilience, innovation and sustainable growth.