CAE Bulletin Issue

RSM: Agentic AI Emerges as a Strategic Accelerator for Internal Audit in 2026

Recent research shows perks and challenges of the implementing the technology.

Audit executives and their teams will continue to see developments in 2026 on how artificial intelligence (AI) can help perform internal audit work. Agentic AI is becoming more widespread among mid-sized organizations, and time will tell whether larger operations adopt it as well.

Those were among the observations of RSM's U.S. office, a global assurance, tax, and consulting firm, which recently published an article based on a webinar it held for internal audit teams. Unlike basic automation or generative AI tools, agentic AI systems can reason, act, and execute tasks autonomously, offering the potential to dramatically boost efficiency, insight, and audit quality across the assurance lifecycle.

RSM defines an agentic AI framework as built on three core capabilities:

• Wisdom, or reasoning and understanding natural language.
• Knowledge, or leveraging organizational documentation and rules.
• Action, or executing authorized, auditable tasks.

These systems can automate traditionally labor-intensive processes, including developing risk and control matrices, generating detailed testing strategies, and drafting reportable observations. Using agentic AI frees internal auditors to focus on higher-value analysis and stakeholder engagement.

In practical use cases, agentic AI can produce first drafts of complex deliverables in minutes compared to days of manual effort. However, RSM cautions that human judgment and oversight remain essential. Experienced auditors must validate outputs, refine details, and ensure contextual accuracy before advancing to testing or reporting phases.

To realize the full potential of agentic AI, internal audit functions should treat AI agents as digital team members, with governance, training, and accountability structures similar to those applied to people. Robust governance factors such as human-in-the-loop controls, change management protocols, and stakeholder feedback loops are fundamental to managing risk, building trust, and avoiding over-reliance on automation.

Implementing an effective AI strategy can be challenging, however. A 2025 study by RSM of middle-market organizations offers a glimpse of what larger organizations might also experience: 92% of executives said they have had issues with AI implementation. Additionally, 62% said generative AI, which is generally considered easier to use than agentic AI, was more challenging to implement than expected. About 70% of those using generative AI said they need outside assistance to get the most out of the tool.

Crowe: Internal Audit Plays a Strategic Role Today in Dealing With Cybersecurity Risk

No longer just handling compliance activities, audit now acts as a bridge across functions.

Cyber incidents have been changing the business landscape, becoming almost inevitable. In this business climate, the internal audit’s role is becoming increasingly strategic in helping identify and prevent potential risks and maintaining enterprise resilience.

Organizations today face threats from ransomware, phishing scams, cloud vulnerabilities, data leakage, and the exploitation of third-party systems, and all of these continue to grow in complexity, according to a recent article by global audit, tax, and consulting firm Crowe. These threats increasingly affect not only IT operations but also business continuity, financial integrity, and organizational reputation.

“Internal audit’s role in cybersecurity has expanded well beyond traditional compliance reviews,” the article read. “It now acts as a bridge between technical teams and senior leadership, ensuring that cyber risks are understood and managed in a way that supports the organization’s broader objectives.”

Written for internal auditors in the United Arab Emirates, much of the article applies to audit teams worldwide. Key responsibilities of internal auditors in this environment include: identifying risks, evaluating controls, ensuring compliance, monitoring emerging risks, providing insight, and reviewing third-party security. The article offers practical steps to help create a structured, repeatable approach to cybersecurity assurance.

“Effective cybersecurity depends on cooperation across functions,” the article said. “Internal audit strengthens this dynamic by fostering clear communication, supporting policy adherence, and promoting a culture where cybersecurity is recognized as a shared responsibility. Organizations that integrate internal audit into planning, system changes, and incident response efforts often achieve faster issue resolution and improved risk visibility.”

With the Dizzying Pace of Threats Today, Risk Management Needs Assistance

Internal audit can provide insight, visibility, and predictability to improve forecasting.

Organizations are facing a dizzying pace of threats this year, keeping leaders on high alert. A recent report gives insight that could help audit executives better understand where their teams can add value to their counterparts in risk management.

The 2026 report by global risk management firm International SOS outlines threats from geopolitical shifts, rapidly accelerating security and health challenges, and emerging technologies. The risks are emerging faster than many organizations can manage, leaving some feeling “blindsided and unable to get ahead of new conditions,” according to an article in Security Management.

Of the 860 senior risk decision makers surveyed by International SOS, 80% said early risk detection would be a competitive advantage. However, only 20% said they believe their organizations can verify risk information quickly enough.

Among other findings, respondents cited from the past 12 months:

• Almost two-thirds of respondents said security risk has increased.
• 43% said health risks have increased.
• 49% said the interconnectedness and convergence of risk have increased.
• 6% said AI is an essential factor in helping them manage risk at the moment.

“The main internal resource that businesses depend on to face fast-developing threats is their people,” the outlook said. “But many employees report that their responsiveness and resilience have been worn down by successive challenges, including the pandemic and high inflation. They are also increasingly expressing underlying anxiety about the same global risks their employers must manage, including extreme weather events and discussions around nuclear incidents.”

One way internal audit might be able to help: by adding visibility and predictability into the leadership arsenal to combat risk. “If you’re not focused on strategic and forecasting intelligence, if you’re always playing catch-up, it’s probably downright impossible,” said one expert quoted in the article. “What I’m seeing in conversations with (organizations) is a focus on building that forecasting intelligence capability.”

Global Trends Are Shaping the Future of Risk Management, McKinsey Report Says

Technology will play a major role, but so will strategy and cross-functional cooperation.

As threats continue to increase in volume and complexity, it is more important than ever for organizations to rely on their risk leaders to navigate uncertainty. However, they cannot be expected to do it alone, and they will need to rely more on technology.

“Risk functions will need to be more agile, more cross-functional, and more tech-driven,” according to a recent article by global consulting firm McKinsey & Co. “In the next three to five years, executives, starting with leaders of risk functions, must embrace transformation and start to implement the required changes.”

The article outlined five forces that should be shaping the thinking of leaders in today’s environment:

• Geopolitical flux is the new normal. Unrest is stemming from geopolitical uncertainty and disruptions, global supply chain issues, capital and trade flow issues, cyberattack patterns, and shifting domestic policies.
• Technological progress. AI and other digital capabilities are creating opportunities but also challenges for risk management.
• Interconnectedness of risk. Today’s connected processes and infrastructure create issues with dependencies and risk contagion.
• Shifting competitive environment. The article addresses banking industry issues, but the complexity of competition applies across sectors.
• Fragmentation of regulations. After years of what felt like closer global regulatory coordination, the article said, the trend toward deregulation in the U.S. and other issues is making compliance more complex.

Internal Audit Plays an Expanding Role in ESG and Sustainability Assurance

Globally, the function is moving from compliance to value creation for organizations.

As environmental, social, and governance (ESG) expectations continue to evolve worldwide, internal audit functions are being called on to move beyond traditional compliance reviews and become strategic partners in sustainability assurance and value creation. A recent report from global sustainability consultancy ERM Group underscores how internal auditors can help organizations build trust in sustainability reporting, strengthen governance frameworks, and respond to rising stakeholder demands for credible, data-driven ESG performance.

ESG assurance is increasingly viewed as a strategic imperative rather than a regulatory checkbox — especially as sustainability disclosures become mandatory or more rigorous, according to the article. These include the EU’s Corporate Sustainability Reporting Directive, Green Claims Directive, and ISSB-aligned frameworks in Asia-Pacific.

While the U.S. regulatory environment remains in flux, investors, customers, and global regulators are pressing for transparency and reliable ESG data, making credible assurance a competitive differentiator. Internal auditors are well-positioned to support this transition.

The ERM report highlights opportunities for functions to collaborate more closely with finance, IT, and sustainability teams to ensure accurate, consistent, and finance-grade ESG data, a foundational element for credible reporting and risk oversight. It also recommends embedding sustainability into governance, risk management, and performance frameworks, moving organizations from reactive compliance toward proactive value creation.

Practical responses for audit leaders include integrating climate-related risks and opportunities into enterprise risk assessments, using scenario analysis to inform strategy, and ensuring that emissions and sustainability metrics align with recognized global frameworks.

For CAEs in the U.S., where federal ESG regulation is still developing, this global context reinforces two strategic actions:

• Anticipate future assurance requirements by building ESG-related capabilities now — especially around data quality, controls, and integrated audits.
• Align with audit committees on how ESG and sustainability relate to enterprise risk, resilience, and long-term value — not just compliance.

New Audit Talent Pipeline Takes Shape: 1,000+ Are Trained for Global Certifications

Initiative in India mentors working professionals balancing learning with full-time jobs.

Audit executives looking for innovative approaches to the long-standing challenge of building a pipeline of qualified internal auditors should take note of a significant development emerging from India. The Academy of Internal Audit (AIA) has successfully mentored more than 1,000 professionals in preparation for globally recognized audit, risk, and governance certifications, signaling progress in expanding the global talent pool.

Responding to the rising demand for skilled audit and risk management professionals, AIA’s training sessions prepare participants for internationally valued credentials such as Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), and Certification in Risk Management Assurance (CRMA), according to an article in SME Street. These programs blend exam-centered learning with real-world case studies, analytics-based methodologies, technology governance perspectives, and risk assessment practices to bridge the gap between theory and practical application.

“We are thrilled to announce that AIA has successfully mentored more than 1,000 professionals, and it is an indicator that nowadays professionals are valuing and understanding the importance of global certifications to remain relevant in their chosen career paths,” said AIA founder Puneet Garg. “It is pertinent to note that it is no less than an accomplishment that these working professionals are so enthusiastic about upskilling despite their hectic work commitments.”

The milestone achievement reflects a broader trend in global audit education, where employers and practitioners increasingly seek professionals who not only understand internal audit fundamentals but can also navigate digital complexity, regulatory demands, and evolving risk environments. The key is in meeting them where they are, the article said. Garg put it this way: “It is imperative that learning is made more practical, allowing these professionals to remain relevant in the current risk universe.”

HBR: Want to Start Fresh as a Leader This Year? Try Some of These Suggestions

The tips include everything from being more courageous to building an AI assistant.

Each January, audit executives have an opportunity to start with a clean slate and reflect on how they want to lead differently in the year ahead. A recent article gives food for thought: advice on the best management tips from 2025.

The article in Harvard Business Review draws on the magazine empire’s Management Tip of the Day, one of HBR’s most popular newsletters. Among the 10 listed in the article were these:

• Become a more courageous leader. Effective leadership often requires moving forward despite uncertainty, using purpose, trusted allies, and incremental action to overcome hesitation.
• Create a one-slide strategic story. Distilling strategy into a simple visual helps teams and stakeholders quickly understand priorities, trade-offs, and how their work fits together.
• Manage overwhelm before it turns into burnout. Leaders who recognize stress early — and normalize boundaries and recovery — help sustain both personal effectiveness and team performance.
• Set up your own AI assistant. Thoughtfully applied AI tools can automate routine work, freeing leaders to focus on judgment, relationships, and strategic thinking.
• Lead with inspiring clarity. Transparent, purpose-driven communication helps teams align around goals and maintain confidence amid change.
• Help your team manage priorities. Providing frameworks to distinguish what is urgent from what truly matters empowers better decision-making under pressure.
• Coach for confidence and growth. Shifting from directive management to coaching builds capability, ownership, and long-term resilience across the organization.
• Design meetings that deliver value. Intentional agendas, clear outcomes, and inclusive participation turn meetings from time drains into decision engines.
• Recognize and reward progress. Celebrating small wins reinforces momentum and keeps teams motivated through long, complex initiatives.
• Balance ambition with personal well-being. Sustainable performance depends on pairing high expectations with habits that support energy, focus, and health.

Taken together, these insights reinforce a powerful message for audit executives: Leadership effectiveness is shaped as much by how you lead as by what you deliver. As the year unfolds, these practical ideas offer a thoughtful starting point for leading with clarity, courage, and purpose.