That question — what will Internal Audit look like in 2030? — felt like a tipping point. 

Because I realized: I have answers.

It’s been nine months since the Internal Audit Collective went live. In all the conversations I’ve been privy to — my one-on-ones with leaders, the community events and trainings I participate in, and on our message boards — I’ve observed some striking trends.

That’s what I’m sharing today: How I see Internal Audit changing based on my conversations with 700+ high-performing Internal Audit leaders.

During my December 11 webinar, “The Next Era of Internal Audit: Leading With Impact,” I’ll share more data and real-world stories backing up these trends. We’ll also go in depth on how Internal Auditors can make the most of the changing landscape — and our evolving value proposition within it.

So, let’s kick it off: How do I see Internal Audit changing?

1. Independence Is Becoming Less Important

Internal Audit’s remit is expanding. We’re being asked to do more advisory work than ever before — and to do it with the same or fewer resources.

Advisory work forces Internal Audit teams to not only provide advice, but to get in the trenches and help implement.

Those who are quick to say “Well, we can’t audit that area if we’re implementing” are missing the point.

This is what our organizations need our help with. Not just with calling balls vs. strikes while staying carefully at arm’s length. They need us working in the trenches.

It’s okay to lack independence, because objectivity is the real safeguard.

Our objectivity doesn’t ONLY come from what we observe in our work. It also comes from what we talk about in our networks, the external data we capture in our benchmarking, and the perspectives we bring on how other organizations are succeeding in the areas we’re trying to improve.

This isn’t your mother’s “third line”: hands off, focused only on testing and auditing.

This is a new era, where our objectivity: data-enabled and supported by external expertise, becomes the superpower we’ll use to help solve our organizations’ most pressing problems. 

2. Our Expanding Remit Is Redefining Our Core Value Proposition

The shift to objectivity becoming more important than our independenceis being driven by our fast-expanding remit and scope. 

In addition to many of us being responsible for driving SOX compliance, we’re leading ERM, and providing more assurance on SOC 1 and 2 controls assurance, We’re also taking on key second-line GRC functions (e.g., data loss prevention reviews, investigations, hotline oversight) and implementing connected risk.

We’re also allocating more of our audit plans to addressing our organizations’ top risks. The 2025 State of Internal Audit With SOX Responsibilities survey found that 78% of self-assessing high-value Internal Audit teams devote the majority of their audit plans to their organizations’ top 20 risks. As such, more audit plans include advisory work over emerging risk areas (with AI governance leading the charge) and audit work of go-to-market activities (e.g., sales, marketing, etc.) and engineering, innovation, strategic goals/objectives are becoming more commonplace. (Want to find out what’s actually on everyone’s audit plan in 2026? Take our short survey.)

In sum, we are spending more of our time performing advisory work — and less time on more traditional assurance activities. 

And you know what? Management puts more value on our advisory work. 

With emerging risks at the forefront, never-before-audited processes and controls, and the rapid pace of technological change bringing unprecedented challenges, they genuinely need our help.

While our assurance work will always be critical (especially to audit committees and boards), I predict that our advisory work will become more central to Internal Audit’s value proposition in 2026.

So What’s Next for Internal Audit?

These trends and their drivers interconnect, creating a self-perpetuating cycle.

This is what Internal Audit’s next era looks like. 

As the graphic illustrates, investing in knowledge sharing is an overarching necessity for supporting Internal Audit’s evolution in all of these areas. 

Also, as the 2025 State of Internal Audit With SOX Responsibilities reinforced, SOX can be a powerful lever for building the leadership buy-in and relationships critical for success.  

This next era will be new ground for most of us. We’ll have a better chance of success if we help each other through. 

The End of Internal Audit

What happens if we don’t evolve? 

If we insist on independence above all, hardening silos and limiting our ability to do the advisory projects management wants? If we don’t leverage key opportunities (e.g., SOX, connected risk) to showcase and expand our impact?

That path severely limits our value proposition.

It doesn’t lead to meaningful change or ongoing relevance. 

I honestly think that path could be the “end” of Internal Audit. 

How Internal Audit Will Redefine Its Relevance & Value

Our profession is changing. What can you do to make sure you’re keeping up? 

That’s what my December 11 webinar, “The Next Era of Internal Audit: Leading With Impact” (register here), will focus on. Beyond sharing data and stories illustrating these trends, I’ll highlight specific opportunities Internal Auditors have to capitalize on them, including: 

• Beyond breaking down cross-functional silos, we need to break down silos within Internal Audit. The triple-threat “auditors of the future” will blend IT, analytics, and business process skill sets, with ramifications for how we staff, hire, and develop our teams — and how we get promoted.
• Tech skills — particularly including data analytics skills — will reshape audit processes and redefine what makes a good Internal Audit leader. Forward-looking teams will push to replace traditional assurance responsibilities with continuous monitoring activities, audits will be shorter, and our role in them will change. 
• Our expanding remit will help our work be more relevant and impactful. In turn, we’ll develop the capabilities, relationships, and cross-functional people, process, technology, and strategy knowledge to become true change agents and connected risk architects. 
• Rebranding is on the table. While deeds are always more important than words, some teams will benefit from renaming or repositioning Internal Audit.
• Reporting relationships could change, depending on where/how we’re delivering value. 

What’s Your Plan for Transformation?

The Fortune 500 CAE I talked to was already focused on evolving his team. The Audit Committee Chair’s request just lit a fire under the question. 

It also lit a fire in me. Because I realized: I truly think Internal Audit will look very different. 

If your Audit Committee comes calling, asking what you’re doing to evolve your audit team, how will you respond? 

One solid strategy: By sharing that you’re keeping a close pulse on how Internal Audit is changing, regularly getting insights, guidance, and support from a community of high-performing audit leaders. 

Join the Internal Audit Collective. Play a role in defining, leading, and supporting Internal Audit’s next era. Eager to learn more about how Internal Audit’s foundations are shifting? Sign up yourself or a team member for FOUNDATIONS, our cohort-based training course focused on risk-based audit fundamentals for modern Internal Auditors. The next course starts November 17.

‍

[below this line is the outline you provided — keeping here for easy reference!]

‍

Outline

‍

1. Internal Audit’s Scope is expanding
   
   1. Higher percentage of audit resources allocated to top 20 risks, including emerging risks
   2. Audit’s over GTM (sales, marketing, engineering and innovation, and strategic goals and objectives) are becoming more common place.
      
      1. Want to find out what’ son your audit plan in 2025 or 2026, take our survey.
   3. As a result, IA spends a larger chunk of time performing more advisory services than assurance over traditional business processes. 
      
      1. Assurance over Gen AI 42% in 2025 for high impact audit teams, expect this to be higher in 2026.
      2. Coincidentally, the business prefers audit’s advisory work instead of their assurance work (need to cite reference).
2. Independence is becoming less important
   
   1. Advisory work forces internal audit teams to not only provide advice, but to also help implement.
   2. As discussed in year’s past, IA’s remit is also expanding to take on more SOC I and 2 controls assurance, ERM, and other key 2nd line GRC functions (e.g. data loss prevention reviews, investigations, overseeing hotline).
   3. Those that are quick to cite “well, we can’t audit that area if we implement” are missing the point. This is what our business needs help with. Not to just always call “balls and strikes.”
   4. It’s ok to lack independence because we have objectivity as our safeguard.
      
      1. Objectivity just doesn’t come from what we observed in our work. It’s what we discuss in our networks, its the data we capture in our benchmarks, its the perspectives we bring on how organizations are already succeeding where we are trying to improve.
   5. We even see it in SOX. High-maturity SOX programs are so because the SOX team isn’t just testing controls (i.e. remaining independent), they are educating control owners, partnering with business leaders on where new controls are needed when new applications are added or new business units are required. We’re coaching our Chief Accounting Officers, Corp Controllers, and CFOs on where we can trim testing efforts to reduce time spent on SOX testing by rationalizing controls and quantify and increase savings of our external auditor reliance strategy.  Hell, we’re even partnering with the external auditors more to make their lives easier, so we can make the business’ lives easier. 

‍

This isn’t your mother’s 3rd line, hands off and just testing. Those operating in the gray regarding independence are the ones that will be leading the internal audit industry forward in our new era.

‍

How Internal Audit is transitioning into a new Era

‍

1. Breaking down silos isn’t just happening across the business, it’s happening across Internal Audit’s staffing model and core competencies
   
   1. Triple threat auditor talk track. The Next Era of Interanl Audit staffing will not have separate IT and BP audit teams. They will finally become integrated.
   2. Internal Auditor’s who will succeed and become CAEs in 2030 and beyond will have the agency to expand their own skillset and critical thinking capabilities, pushing their leadership teams to give them the budget for the training they want, to place them on the projects they need to round out their experiences, and to help find them rotations in the business to improve their business acumen.

‍

2. Internal Auditors fluent in how to apply data analytics will be the most successful rolling out Gen AI. And they will do so because the Next Era of Internal Audit leadership will be pushing hard to replace their traditional assurance responsibilities with continuous monitoring activities. 
   
   1. This will result in shorter audits - where IA just needs to ensure that process and control owners are using Gen AI and continuous monitoring activities as internal audit instructed.

‍

3. Because Internal Audit’s remit is already expanding into more 2nd and 3rd line GRC work,  and because we have helped drive continuous monitoring successfully within our business, and because we are allocating more of our time for traditional audit activities to areas more important to our company’s success, we will be more relevant.

‍

4. And because of our increased relevance to the business, we will be tapped on the shoulder, or approved when we are proactively pushing to create or improve upon, our organization’s Connected Risk strategy. We will be better coordinating, collaborating, consolidated, and connecting the strategies, people, processes, and technologies across the 2nd and 3rd lines - and even using our knowledge of analytics and Gen AI here. 

We will not be seen as auditors. But we will be seen as agents of change. As Connected Risk Architects. And perhaps more of us will even be rebranding our team names to boot.

‍

5. And when we are working to help leaders to receive more reliable, and more of the information they need to make better business decisions, and the board with their oversight responsibilities, there will be increased odds that CAEs will be leading a combined governance, risk, and compliance initiative, and reporting directly to the CEO, and perhaps now even administratively to the Audit Committee Chair.

‍