Posted by Mumbai: AI and Cybersecurity top the list of emerging governance risks in India, finds IIA-Protiviti survey. As Indian enterprises are confronted by an increasingly complex risk management landscape, new governance risks related to Artificial Intelligence (AI), Cybersecurity and other emerging technologies have been deemed as most critical by a majority of internal audit professionals, according to the latest Institute of Internal Auditors (IIA)–Protiviti India Survey 2025. The findings were released at the IIA India International Conference 2025 held recently in Mumbai.
Key findings of the IIA-Protiviti survey
- 66% of Chief Audit Executives (CAEs) consider AI, bots, and cybersecurity as top risks for their organisations
- Only 16% CAEs believe they are highly prepared to proactively identify and address emerging risks while 58% are moderately prepared
- Only 18% of the respondents claim to be using advanced data analytics extensively
AI and Cybersecurity
As many as 66% of Chief Audit Executives (CAEs) across large and mid sized enterprises interviewed for the survey consider emerging technologies including AI, ML, and bots, and cybersecurity as the top risks confronting their organisations. These professionals are directly responsible for corporate governance and compliance and for protecting their organisations from fraud and operational risks.
Internal Audits
The survey, further revealed that a majority of Indian enterprises lack adequate skills to deal with these emerging risks. With only 16% of CAEs affirming they believe they are “highly prepared” to proactively identify and address emerging risks as part of internal audits.
The findings are based on interviews with 225 CAEs representing premier multinationals, large corporate houses, new-age tech companies, and startups based in India.
Digital Tools
The survey also found that despite the growing recognition of digital tools as both risks and enablers, digitisation of the internal audit function is still not widespread. A large majority of CAEs (60%) admitted that their department currently is partially digitised, while 23% stated they are yet to start on this journey.
“The message is clear: internal audit must lead the charge — harnessing advanced analytics to uncover hidden risks, accelerating digital adoption, and fostering tech-driven ecosystems,” said Puneet Gupta, MD of Protiviti India Member Firm and author of the survey report.
Further, CAEs are increasingly looking to engage domain experts who can identify risks in areas where high degree of technical competencies are needed. As many as 56% of respondents cite the lack of Subject Matter Experts (SMEs) for auditing technical or emerging risk areas as the biggest gap in their current and future needs for internal audit.
The survey revealed that the majority of Indian enterprises are equally convinced that AI and ML will shape the future of internal audit, with 69% of the respondents saying so. However, these respondents also admit that there is a lack of available use cases that show how AI/ML can be used in internal audits.
This report offers actionable insights for building resilient, future-ready functions. “While 74% CAEs feel moderately to highly prepared for emerging risks, over 68% see advanced technologies like AI/ML and Robotic Process Automation (RPA) as the largest gap for the current and future needs of their internal audit function,” said Gupta.
“As cyber threats, financial fraud, and compliance risks intensify, internal audit must evolve beyond traditional oversight and embrace predictive analytics, automation, and stronger board engagement,” noted Gupta.