- Organisations are forced to adapt quickly to maintain compliance, even as economic pressures and organisational change heighten the risk of misconduct.
- Gartner identifies geopolitical volatility, cost reduction pressure, and resilience planning as persistent audit priorities for next year.
Internal audit teams across major organisations will prioritise cybersecurity vulnerabilities, data governance, and regulatory compliance in their 2026 audit plans, according to research from advisory firm Gartner, Inc.
The findings, published in Gartner’s “2026 Audit Plan Hot Spots” report, are based on a survey of 160 chief audit executives (CAEs) as well as interviews with IT audit leaders conducted between May and June 2025.
The report highlights the convergence of challenges posed by rapid advances in artificial intelligence (AI), global regulatory uncertainty, and mounting cost pressures facing organisations worldwide.
“The rapid rise of AI is driving acute issues for organisations in terms of cybersecurity, data governance and regulatory compliance,” said James Bourke, Director of Research in Gartner’s Assurance Practice.
“Internal audit teams are very likely to be covering these areas in their audit plans for 2026, although with muted confidence in their ability to provide assurance over cybersecurity and data governance risks given how rapidly these areas are evolving.”
Cybersecurity under strain
A staggering 96 per cent of CAEs surveyed have placed cybersecurity risks at the top of their assurance agenda for 2026. As organisations increasingly rely on third-party vendors and grapple with sophisticated threats—including AI-driven attacks and disinformation—internal auditors face an uphill battle.
“Cybersecurity is a major risk area, especially as organisations depend more on third-party vendors who can introduce vulnerabilities,” Bourke explained.
At the same time, overstretched cybersecurity teams face accelerating threat volumes. CAEs’ confidence reflects these challenges: less than half (48 per cent) say they are highly confident in their ability to provide full assurance over cybersecurity risks.
Audit teams will focus on evaluating organisational readiness for cyber threats, the robustness of security controls, and oversight over third-party relationships.
Emphasis will be on strengthening governance, integrated risk management, and strong control environments to mitigate operational and reputational risks.
Data governance faces new AI risks
Data governance is set to be another major focus, with 94 per cent of CAEs including it in their 2026 plans. The proliferation of AI-generated content has created new governance challenges, from managing data volume and classification to navigating a patchwork of global regulations around data localisation and sovereignty.
Gartner recommends that companies bolster their data governance with comprehensive AI policies, effective controls over retention and deletion of AI-generated outputs, and robust frameworks to prevent the misclassification or unauthorised access of sensitive information.
Regulatory compliance rounds out the top three areas, with coverage planned by 97 per cent of audit leaders. Amid shifting US policies and a deregulatory climate, organisations are being forced to adapt quickly to maintain compliance, even as economic pressures and organisational change heighten the risk of misconduct.
“Misconduct by employees, agents and third parties is more likely amid a weakening macroeconomic environment and organisational change,” Bourke warned.
Beyond these core areas, Gartner also identified geopolitical volatility, cost reduction pressure, and resilience planning as persistent audit priorities for next year.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
