CAE Bulletin Issue

National Institutes in Pakistan and Uzbekistan join The IIA’s global federation

The latest additions bring the number of affiliated organizations to 121 worldwide.

The global footprint of The Institute of Internal Auditors (The IIA) is expanding. National Institutes in Pakistan and Uzbekistan have become the latest to join the global federation in its quest to strengthen international collaboration and advance the internal audit profession worldwide.

With the addition of these new Institutes, The IIA’s global federation now includes 121 National Institutes supporting over 265,000 members, according to a press release. IIA-Uzbekistan and IIA-Pakistan now have the legal framework to support internal auditors, advocate for the profession, and deliver training and professional development, including pathways to globally recognized certifications such as Certified Internal Auditor (CIA).

“As the internal audit profession continues to experience rapid evolution, this growing federation provides members with access to valuable resources, support, and tools to confidently address today’s complex challenges,” said IIA President and CEO Anthony Pugliese. “The addition of these two Institutes further enhances our ability to assist practitioners across both countries and advances our global mission.”

The additions come as the internal audit profession continues to adopt the updated Global Internal Audit Standards, which took effect in 2025 and are becoming widely embedded in practice, the release said. The milestone also coincides with The IIA’s broader organizational transformation, including the release of its first three Topical Requirements – Cybersecurity, Third-Party, and Organizational Behavior – key elements of the International Professional Practices Framework (IPPF). These requirements establish a consistent global baseline for assessing specific risk areas, with additional topics scheduled for release later this year.

To achieve National Institute status with The IIA, organizations must establish a strong foundation and undergo an extensive preparation process. That process includes demonstrating sustainable strategic plans, a commitment to ethical practices, and strong governance and compliance initiatives.

SEC and PCAOB Enforcement Actions Declined to Multiyear Lows in 2025

Cornerstone Research report highlights metrics from time of leadership transitions.

Enforcement activity by the U.S. Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) against accounting and auditing firms fell to multiyear lows in 2025, according to a new analysis from economic and financial consulting firm Cornerstone Research. The decline occurred during a year marked by leadership transitions at both regulatory agencies and reflects a significant drop in both enforcement actions and monetary penalties.

While enforcement levels can fluctuate from year to year because of the long timelines of investigations, the report suggests 2025 represented an unusually quiet period for regulatory actions involving accounting and auditing firms. Even so, regulators continue to emphasize audit quality and professional accountability as core priorities.

Among the report’s key findings:

• The SEC initiated 10 accounting and auditing enforcement actions in 2025, down from 31 in 2024 — the lowest level in nine years.
• Overall, the SEC brought 68% fewer accounting and auditing cases in 2025 than in the previous year.
• SEC monetary settlements dropped sharply to $31 million in 2025, compared with $907 million in 2024.
• Only four of the 10 actions in 2025 were initiated after Paul Atkins became chair in April.
• The PCAOB finalized 37 enforcement actions in 2025, down from 51 in 2024, its lowest total since 2021.
• Monetary penalties in PCAOB auditing-related actions totaled $17.6 million, a 50% decline from the prior year.

COSO Releases a New Roadmap for Managing GenAI Risks and Controls

Publication translates Internal Control–Integrated Framework for today’s risks.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released new guidance designed to help organizations address the rapidly evolving risks associated with generative artificial intelligence (GenAI). The resource provides a practical framework for integrating AI oversight into existing governance, risk management, and internal control systems.

For chief audit executives, COSO’s roadmap, titled Achieving Effective Internal Control Over Generative AI, offers a practical starting point for evaluating how GenAI adoption affects risk management and control environments. As companies adopt GenAI tools to increase productivity and accelerate decision-making, leaders must also ensure that risks related to data integrity, bias, cybersecurity, and regulatory compliance are effectively managed.

The report emphasizes that organizations should not treat AI as a standalone technology issue but instead embed it within established enterprise risk management and internal control frameworks, according to a press release. The guidance outlines how organizations can apply COSO’s widely used frameworks to generative AI initiatives, helping leadership teams balance innovation with appropriate oversight.

“Generative AI is transforming how organizations work, make decisions, and manage information,” said Lucia Wind, executive director and chair of COSO. “Its rapid adoption brings enormous potential, but also a new set of risks that demand disciplined oversight. The COSO Internal Control–Integrated Framework gives organizations a clear, proven structure to ensure GenAI is introduced responsibly and with the rigor needed to support reliable operations, reporting, and compliance."

Among several new elements the report introduces to help organizations operationalize GenAI governance:

• A capability‑first taxonomy. GenAI use cases are organized into eight capability types: ingestion, transformation, posting, orchestration, judgment, monitoring, regulatory intelligence, and human‑AI interaction. Each has tailored control considerations that reflect how GenAI risks manifest across the data‑to‑decision lifecycle.
• Audit‑ready control mapping. Each capability includes examples, minimum control expectations aligned to all five COSO components, and illustrative metrics to support both operational monitoring and audit evidence collection.
• Practical implementation artifacts. Starter templates, including risk assessment matrices, control testing procedures, and metric dashboards, help organizations accelerate implementation and reduce time‑to‑value.

"GenAI introduces risks that evolve as quickly as the technology itself," said David Wood, one of the authors of the report. "By grounding GenAI governance in COSO's established internal control principles, organizations can build systems that are both adaptable and audit‑ready."

AICPA Auditing Standards Board Outlines Planned Projects and Long-Term Priorities

Topics address key public-interest issues, including fraud, sustainability, and the use of AI.

The Auditing Standards Board (ASB) of the American Institute of CPAs (AICPA) has released a new road map outlining its short-term projects and long-term strategic priorities for auditing and attestation standards. The plan is designed to guide the board’s standard-setting efforts through the next several years while addressing issues of growing public interest.

According to the announcement, the ASB has developed a “public-interest focused work plan” that extends through 2027, along with a broader list of strategic priorities to guide its activities over the next five years. “The ASB is focused on updating standards and guidance to help practitioners deliver quality engagements and to maintain the relevancy of the standards in a changing environment,” said AICPA Chief Auditor Jennifer Burns.

Several major projects are already underway or expected to move forward soon. Among the key areas of focus:

• A proposed standards update on fraud, intended to clarify and strengthen auditors’ responsibilities when fraud or suspected fraud is identified.
• Updates to core attestation standards to address expanding practice areas, including sustainability-related assurance.
• Targeted revisions to confirmation procedures used during financial statement audits, including changes to address the ability to obtain information from a knowledgeable external source.
• An assessment and potential amendments to the existing going concern standard, designed to consider whether additional alignment with a recent international standard update is necessary while retaining important jurisdictional elements.
• Ongoing guidance that may be required to encourage the effective and appropriate use of technology such as generative AI and agentic AI, as well as tools such as data analytics.

Economic Optimism Showed Upward Trend in Survey Taken Pre-Middle East Activity

Respondents to an AICPAA and CIMA poll expressed a positive outlook for the next year.

In a survey taken before the recent war activity in the Middle East, business executives expressed growing optimism about economic conditions and their organizations’ prospects. The quarterly survey of finance leaders found that sentiment improved in early 2026 after weaker outlooks in previous quarters.

In the latest economic outlook survey from the American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA), 39% of business executives said they were optimistic about the U.S. economy’s outlook over the next 12 months, rebounding from 28% in the previous quarter, according to a press release. The survey polled 236 executives including CFOs, controllers, and other finance leaders, and showed rising confidence in both the broader economy and company performance.

“Business leaders are feeling a renewed sense of optimism this quarter, both about the U.S. economy and the near-term prospects for their own organizations,” said Tom Hood, executive vice president of business engagement and growth at the Association of International Certified Professional Accountants, the alliance formed by AICPA and CIMA. “While economic conditions, workforce costs, and input prices remain key areas of focus, we’re encouraged to see inflation pressures easing earlier in the quarter. That said, we’re mindful that recent geopolitical developments could affect inflation trends, and we’re watching those dynamics closely.

“Even with this uncertainty, the steady rise in company outlooks and expansion plans shows that executives are positioning their businesses for growth,” he said. “With disciplined planning and continued investment in talent and innovation, we believe there is real opportunity ahead to build resilience and outperform in the coming year.”

Among other key findings:

• 47% are optimistic about their own companies’ prospects, compared with 41% in the prior quarter.
• 55% expect their organizations to expand, up from 48% last quarter.
• The share of executives expecting a recession by the end of the year fell from 52% to 36%.

AICPA Urges Federal Government to Recognize Accounting as a Professional Degree

The proposal could affect student loan access and the future internal audit talent pipeline.

The American Institute of CPAs (AICPA) is urging the U.S. Department of Education to include accounting among the fields recognized as “professional degree programs” under proposed federal student loan regulations. The request was submitted in response to a Notice of Proposed Rulemaking aimed at revising higher-education financing policies.

For chief audit executives, the issue highlights a broader concern about the long-term talent pipeline for accounting and assurance roles. Reduced access to financing for graduate accounting education could affect the supply of future internal auditors.

The proposal could significantly affect students pursuing accounting careers because federal rules apply different loan limits depending on whether a program is classified as a professional degree. Under the proposed framework, students in designated professional programs could borrow up to $50,000 annually with a $200,000 lifetime cap, while other graduate students would face a lower limit of $20,500 annually and $100,000 total.

Accounting is not currently included among the 11 fields listed in the Department of Education’s proposal. The AICPA and state CPA societies have argued that excluding accounting could make it more difficult for students to finance the graduate-level education often required to become a licensed Certified Public Accountant (CPA).

In its comment letter, the AICPA stated that recognizing accounting as a professional degree “makes common sense,” citing the rigorous education, examination, and licensing requirements associated with the profession.

The organization emphasized that accounting plays a critical role in supporting financial transparency, protecting investors, and maintaining trust in capital markets. It also noted that accounting students should have equitable access to graduate-level financing comparable to other recognized professional programs serving important public needs.

For chief audit executives, the issue highlights a broader concern about the long-term talent pipeline for accounting and assurance roles. Reduced access to financing for graduate accounting education could affect the supply of future internal auditors.

Audit Committee Priorities for 2026 Include an Action Plan for a Steady Year

Corporate Board Member article outlines tips on keeping the organization risk-ready.

Audit committees are entering another year of expanding responsibilities as organizations confront rapid technological change, shifting regulations, and evolving enterprise risks. A recent article in Corporate Board Member outlines 10 priorities that can help audit committees maintain effective oversight while preparing their organizations for emerging challenges.

The priorities cited in the article draw on insights from governance resources developed by organizations such as Ernst & Young, PricewaterhouseCoopers, and BDO. Together they provide a framework to help boards strengthen risk oversight, support sound decision-making, and reinforce stakeholder confidence in a complex operating environment.

Among the recommended priorities for the coming year:

• Map risks to scenarios. Conduct scenario planning around major risks such as market swings, trade shifts, cyber risk, aAI shocks, and supply chain disruptions.
• Update cyber incident response and AI governance. Ensure response plans, controls, and escalation procedures remain current as threats evolve — and involve every function, not just IT.
• Monitor themes from SEC comment letters. Pay attention to common regulatory themes expressed in comments filed with the U.S. Securities and Exchange Commission, including non-GAAP reporting, segment disclosures, and revenue recognition.
• Be aware of the top internal control issues in adverse ICFR management assessments. Focus on spots where organizations often slip in internal control over financial reporting.
• Clarify AI in the audit and finance functions. Understand where the external auditor uses technology and AI and why.
• Tighten cyber reporting to the board. Define what makes an event “material” and align on how to flag and communicate it internally and externally.

Reverse Mentorship Can Help Leaders Bridge Generational and Technology Gaps

StrategicCHRO360 article outlines how organizations can make the model work effectively.

As organizations manage multigenerational workforces and rapid technological change, traditional top-down mentorship models are no longer sufficient on their own. A recent StrategicCHRO360 article suggests that reverse mentorship, where junior employees mentor senior leaders, can help bridge generational divides and provide executives with insights into emerging technologies, workplace expectations, and cultural shifts.

The approach flips the conventional mentoring model, where more experienced employees coach newer ones, according to the article in StrategicCHRO360. In internal auditing, that might mean younger professionals share expertise in areas such as digital tools, social media trends, and evolving workplace dynamics while benefiting from senior leaders’ experience and strategic perspective.

“When I first started noticing how much time our senior team members were spending on tasks that took our younger employees only minutes, I knew something had to change,” the author writes. “Watching a 60-year-old CFO struggle for hours with something a 25-year-old could knock out before their morning coffee wasn’t just inefficient; it was a missed opportunity.”

Organizations must structure reverse mentoring programs carefully to ensure they deliver meaningful value rather than becoming informal conversations without clear outcomes. The article highlights several factors that can help make these programs effective:

• Acknowledge the reality without shame.
• Start with formal, company-wide training.
• Offer smaller, customized sessions on request.
• Create a safe space for demos and follow-up questions.
• Provide one-on-one support to those who need it.
• Meet people where they are.
• Make it a two-way street.

The author outlined the business case for reverse mentoring this way: “We’ve built a culture where learning goes both directions. Where a 25-year-old can teach a 60-year-old how to use ChatGPT, and that same 60-year-old can teach the 25-year-old how to handle a client who’s threatening to leave. That’s not just good mentorship, that’s good business.”