Mumbai, 5th March 2025: As Indian enterprises are confronted by an increasingly complex risk management landscape, new governance risks related to cybersecurity, Artificial Intelligence (AI) and other emerging technologies have been deemed as most critical by a majority of internal audit professionals, according to the latest Institute of Internal Auditors (IIA) – Protiviti India Survey 2025.
The findings were released at the IIA India International Conference 2025 held today in Mumbai and was addressed by several leading corporate luminaries including KV Kamath, Chairman of Jio Financial Services Ltd., Radhakrishnan KN, CEO of TVS Motor Company, M Damodaran, Former Chairman of SEBI, and Ronnie Screwvala, Chairman of upGrad.
As many as 66% of Chief Audit Executives (CAEs) across large and midsized enterprises interviewed for the survey consider emerging technologies including AI, ML, bots, and cybersecurity as the top risks confronting their organisations. These professionals are directly responsible for corporate governance and compliance and for protecting their organisations from fraud and operational risks.
The survey, conducted by global consulting firm Protiviti with IIA India, further revealed that a majority of Indian enterprises lack adequate skills to deal with these emerging risks, with only 16% of CAEs affirming they believe they are “highly prepared” to proactively identify and address emerging risks as part of internal audits. The findings are based on interviews with 225 CAEs representing premier multinationals, large corporate houses, new-age tech companies, and startups based in India.
“Internal audit has evolved beyond a compliance function—it is now a strategic enabler of business resilience and governance, especially in an era of rapid digital transformation and complex regulations. This survey confirms that Indian businesses acknowledge the growing importance of risk management and digital capabilities, particularly in addressing emerging threats like cybersecurity, financial fraud, AI, and machine learning. However, gaps in governance and expertise persist, highlighting the urgent need for organizations to strengthen their risk frameworks and invest in digital readiness.,” said Anthony Pugliese, President and CEO, IIA Inc.
The IIA India – Protiviti survey also found that despite the growing recognition of digital tools as both risks and enablers, digitization of the internal audit function is still not widespread. A large majority of CAEs (60%) admitted that their department currently is partially digitized, while 23% stated they are yet to start on this journey.
Further, CAEs are increasingly looking to engage domain experts who can identify risks in areas where high degree of technical competencies are needed. As many as 56% of respondents cite the lack of Subject Matter Experts (SMEs) for auditing technical or emerging risk areas as the biggest gap in their current and future needs for internal audit.
“Over my 25+ years in internal audit, I’ve witnessed the profession’s transformation — evolving from a compliance-driven function to a strategic force with a seat at the executive table. Today’s Chief Audit Executives (CAEs) are not just risk managers; they are catalysts for organizational change. At Protiviti, we believe, Internal Audit Relevance: One Goal, Multiple Paths,’ captures this shift. Through collaboration with IA leaders, we’ve explored how data, AI, and digital innovation can amplify impact and influence. The message is clear: internal audit must lead the charge — harnessing advanced analytics to uncover hidden risks, accelerating digital adoption, and fostering tech-driven ecosystems,” said Puneet Gupta, Managing Director at Protiviti India Member Firm and author of the survey report.
Puneet further added, “This report offers actionable insights for building resilient, future-ready functions. While 74% CAEs feel moderately to highly prepared for emerging risks, over 68% see advanced technologies like AI/ML and Robotic Process Automation (RPA) as the largest gap for the current and future needs of their internal audit function. As cyber threats, financial fraud, and compliance risks intensify, internal audit must evolve beyond traditional oversight and embrace predictive analytics, automation, and stronger board engagement.”
The IIA India-Protiviti survey further revealed that the majority of Indian enterprises are equally convinced that AI and ML will shape the future of internal audit, with 69% of the respondents saying so. However, these respondents also admit that there is a lack of available use cases that show how AI/ML can be used in internal audits.
While data analytics and AI-driven tools have significantly improved audit quality, many organizations have yet to fully integrate advanced analytics into their audit processes. Only 18% of the respondents claim to be using data analytics extensively, while a vast majority of 82% are using it moderately or rate-to-none.
Burzin Dubash, President of IIA India, said, “As businesses navigate increasing regulatory scrutiny and financial uncertainty, internal audit has transformed into a critical pillar of business resilience and governance. By leveraging data analytics, AI, and machine learning, audit practices are becoming more efficient, insightful, and proactive in identifying risks and ensuring compliance. This survey highlights the pressing need for organizations to accelerate digital transformation, adopt technology-driven solutions, and build strong domain expertise—all essential to fortifying businesses that serve as the backbone of the nation’s economy.”