Menu

Menu

Menu

Featured

PwC Malta Annual Review 2025

Have you subscribed to our latest Thought leadership?

Discover Life at PwC

Menu

Featured

Student Opportunities at PwC Malta

Our People at PwC

Explore Life at PwC

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Featured

PwC Malta Annual Review 2025

PwC Malta’s Economic Outlook

PwC Malta Press Room

Loading Results

Navigating the future

Key risks and areas of focus for internal auditors in 2026

Navigating the future
  • 4 minute read
  • March 23, 2026

The “Risk in Focus 2026” report published by the European Confederation of Institutes of Internal Auditing (ECIIA) focuses on pinpointing the key risks faced, within the European continent, as well as the main areas internal auditors focus the most time and effort on, providing a comprehensive industry analysis for risk levels and audit priorities. This report draws on insights from 879 Chief Audit Executives (CAEs), five roundtable events with 44 participants, and 10 one-to-one interviews to create a clear map of key challenges and organisational responses, alongside internal audit’s remit.

Based on these insights, five key risk areas have emerged as the hot topics for internal auditors in Europe in 2026. These areas reflect the most pressing challenges organisations face and the focus of internal audit’s assurance and advisory activities. 

Macroeconomic and geopolitical uncertainty ranked fourth in 2026, joint with changes in laws and regulations. Regional conflicts, shifting trade policies, and economic instability are creating ripple effects across markets, supply chains, and regulatory frameworks. CAEs reported that these risks permeate almost every other category, affecting business continuity, operational resilience, and strategic decision-making.

Digital disruption and AI are rising rapidly in Europe, moving to third place in the 2026 risk rankings. Organisations face challenges from fast-evolving technologies, generative AI, vendor lock-in, and regulatory uncertainty, while balancing innovation with data protection and business objectives.

Cybersecurity remains the top risk in Europe for 2026, with sophisticated attacks, AI-driven threats, and emerging quantum computing challenges creating significant vulnerabilities. Organisations face risks from ransomware, phishing, deepfakes, and third-party suppliers, while digitalisation and AI adoption expand the attack surface.

Despite high investment in cyber defences, evolving threats require continuous monitoring, resilience planning, and strategic response to protect critical systems, data, and operations.

Human capital remains a critical risk for European organisations, driven by skills shortages, high staff turnover, and the impact of AI on jobs and career structures. Organisations struggle to attract, retain, and reskill employees, while short tenures and demographic shifts exacerbate talent gaps.

Strategic workforce planning, governance, and succession management are often fragmented, leaving businesses exposed to operational and knowledge risks. Remote and hybrid working, employee well-being, and emerging pay transparency requirements add further complexity.

Climate change and sustainability remain strategically important but have fallen in internal audit focus due to long-term risk horizons and regulatory uncertainty. While Europe leads in ESG reporting, deregulation, and inconsistent political priorities create challenges for businesses trying to align sustainability goals with operations.

Key risks include managing double materiality assessments, ensuring data quality, integrating circular practices in supply chains, and maintaining resilience amid geopolitical pressures. Internal audit can support organisations by assessing ESG governance, validating controls and data, and advising boards on strategic sustainability risks and opportunities.

How can internal auditors help?

As organisations face rapidly evolving challenges in 2026, internal auditors play a critical role in helping boards and management respond effectively. Here’s how internal auditors can help by providing assurance, guidance, and insight to ensure key areas are properly assessed, managed, and monitored across the organisation:

Macroeconomic, social, and geopolitical uncertainty

  • Provide assurance that geopolitical and macroeconomic uncertainties are reflected in the organisation’s risk assessment, that mitigation plans are developed and tested, third-party risk management is effective, and business continuity and long-term resilience are adequate.

  • Assess whether broad risks are broken down into issues specifically relevant to the business’s objectives and strategy.

  • Evaluate whether board and management decisions consider all necessary inputs, are free from bias, and whether the board has diverse experience and training.

  • Support management in aligning innovation and commercial opportunities with risks, resources, and budgets, ensuring risks are understood and mitigated. 

Digital disruption, new technologies, and AI

  • Provide assurance that all AI-related processes, including horizon scanning, governance, risk management, procurement, and assessment of AI outcomes, are effective, aligned with strategy, compliant, and interdisciplinary where relevant.

  • Assess whether the AI strategy is flexible enough to leverage fast-moving technical developments and avoid vendor lock-in.

  • Evaluate the maturity of AI literacy across the organisation, including the boardroom, and the business and cultural understanding of AI among technical teams.

Cybersecurity and data security

  • Provide assurance that cyber risk assessments, security processes (e.g. multi-factor authentication), backup restoration, and infrastructure security are effective and consider emerging threats, including geopolitical risks.

  • Assess whether the cyber defence strategy considers segmentation of sites or IT programmes to reduce the risk of corporate takeover by hackers.

  • Provide advisory support on emerging technologies, such as the transition to quantum cryptography, and keep the board informed of associated risks. 

Human capital, diversity, talent management and retention

  • Provide assurance that emerging AI and HR strategies, career planning, and compliance with the EU Pay Directive are aligned with organisational objectives, processes are in place to keep them synchronised, and relevant data is accurate and complete.

  • Provide advisory support on governance systems for strategic HR planning, ensuring responsible individuals are clearly identified.

  • Assess whether the organisation understands AI’s impact on roles, potential loss of key knowledge and skills, and the effects of digital disruption on career progression and opportunities.

  • Assess the level of psychological safety and recommend improvements where behavioural and formal procedures are lacking. 

Climate change, biodiversity, and environmental sustainability

  • Keep the board informed of regulatory changes and developments in supply chain circularity to support strategic decision-making.

  • Provide assurance that ESG data is reliable, the business model considers long-term sustainability, and processes around double materiality assessments are effective and reliable.

  • Assess the double materiality assessment process, challenging assumptions and data used and identify gaps and opportunities in supply chain circularity.

Empowering organizations for 2026

Through this targeted support, internal audit helps organisations navigate complex and interrelated risks, make informed decisions, and strengthen resilience, ensuring they are better prepared to respond to uncertainty and change in 2026.

Latest Thought leadership

Contact us

Bonavent Gauci

Bonavent Gauci

Advisory Partner, PwC Malta

Tel: +356 2564 7090

Email
Vyas Isnoo

Vyas Isnoo

Senior Manager, Advisory, PwC Malta

Tel: +356 7975 6979

Email
Follow us

© 2019 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.