Sweeping global policy changes are fuelling a rise in business-critical risks, according to the Chartered Institute of Internal Auditors’ latest Risk in Focus 2026 report.

The top five risks most negatively affected by global policy changes were changes in laws and regulations (64%), cyber security and data security (50%), market changes and consumer behaviour (46%), digital disruption and AI (46%), and climate change and environmental sustainability (43%).

Anne Kiem OBE, chief executive of the Chartered IIA, said: “The message from our research is clear: global policy changes – whether related to trade, regulation or climate change – are having a direct and growing impact on the risks businesses must manage. In an increasingly volatile world, internal auditors serve as a vital source of assurance against the multitude of threats organisations face.

“We urge business leaders to work closely with their internal audit teams to gain assurance that internal control and risk management frameworks are agile, responsive and robust in this fast-changing environment. It is also essential that boards ensure internal audit functions are properly resourced to carry out their roles effectively.”

This year marks the tenth edition of Risk in Focus. The survey drew on the views of 879 chief internal auditors from Austria, Belgium, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Spain, Sweden, Switzerland and the UK.

---