Q&A: Inside Protiviti’s front-row view of audit’s next evolution

Long treated as a safeguard operating in the background, the function is now at the frontline of how organisations respond to technological disruption, shifting regulation, and increasingly complex risk.  

Gone are the days of static annual plans and post-mortem reviews. Today, audit teams are expected to provide real-time insight, assess AI-driven systems, and help the business make decisions it hasn’t faced before. 

At Protiviti UK, Managing Director Janet Barberis and Director Deepa Krishnamachari are seeing this shift play out across financial services clients. Both veterans of the internal audit world, they’re now helping teams retool themselves, technologically and culturally, for an era where being reactive is no longer an option. 

From assurance to strategic insight 

“Check-and-balance” is a phrase that no longer does justice to what internal audit teams are expected to deliver. The function is now expected to provide strategic input while maintaining its independence—a tension, but also an opportunity. 

“Increasingly, whilst still maintaining independence, internal audit is embedded within key governance forums,” says Krishnamachari.  

“It’s no longer just about providing assurance after the fact. Audit teams are now present during decision-making on major changes – like outsourcing, offshoring or large-scale transformation -and are expected to challenge and support management in real time.” 

This evolution is partly driven by external factors. Geopolitical instability, the aftermath of COVID, a volatile economic climate and rapid technological disruption have left organisations facing a broader and more complex risk landscape. 

 Internal audit has had to become more agile, dynamic and future-focused. Static annual audit plans are giving way to rolling risk assessments and continuous monitoring.  

“The old model just doesn’t work anymore,” Barberis explains. “Internal audit needs to respond to change as quickly as the business does.” 

Technology as both enabler and hurdle 

At the heart of this shift lies technology, both as a tool and a source of risk. Audit teams are now expected to use data analytics, artificial intelligence and automation to work more efficiently and deliver deeper insight. But as the tools become more sophisticated, so too do the expectations and the risks. 

“AI is increasingly being used to support audit activities – from planning, to summarising meeting notes, to drafting the first version of a report,” says Krishnamachari. 

 “But it’s still at the stage where human oversight is critical. We tell our teams: AI is your most junior analyst. It can help you structure your thinking, but you still need judgement.” 

Barberis adds that auditors are also being asked to assess the risks of AI systems themselves.  

“We’re helping clients develop frameworks to audit AI solutions, looking at how they’re trained, whether they’re biased, and whether their outputs are explainable and compliant with existing regulations.” 

That last point, explainability, is key. Regulators and boards alike are placing increasing emphasis on whether AI systems can be trusted and governed.  

“There’s no AI exemption for things like GDPR or Consumer Duty,” says Krishnamachari. “If a model is making decisions about customers, it needs to be auditable.” 

Yet while tools are advancing, many organisations are still grappling with foundational issues, particularly data quality.  

“You can’t build analytics on shaky ground,” Barberis notes. “Poor data quality is still one of the biggest roadblocks to innovation within internal audit.” 

The culture conundrum 

Even where the tools and data exist, culture can slow progress. A firm’s willingness to embrace change – and its tolerance for risk – plays a critical role in how audit functions evolve. 

“Adopting AI isn’t just about technology,” says Krishnamachari. “It’s about mindset. Are senior leaders willing to act on emerging risks? Are they open to being challenged by audit earlier in the process? That cultural shift is often harder than the technical one.” 

Protiviti’s most recent global risk survey reinforces the point. Alongside economic volatility and cybersecurity, the top concerns for executives included the availability of talent, shifting workforce expectations, and the pace of disruptive innovation. 

Talent shortages and succession gaps 

The talent piece is particularly pressing. As audit functions adopt more sophisticated technologies and take on broader advisory roles, they need people who can bridge technical, analytical and business expertise. But that talent isn’t easy to find – or retain. 

“There’s a real shortage of experienced auditors who understand data, AI, and the business context in which those tools operate,” says Barberis.  

“And we’re also seeing a potential succession issue. If junior staff rely too heavily on automation, they may not develop the critical thinking and professional judgement needed to step into senior roles.” 

Krishnamachari agrees. “We need to make sure we’re still building the profession from the ground up. AI can be a huge help, but it doesn’t replace the fundamentals.” 

The answer, they argue, lies in upskilling, mentoring and creating opportunities for internal talent to grow. At the same time, audit leaders need to redefine what the future auditor looks like. 

“It’s not just about technical skills,” says Barberis. “It’s also about communication, influence and business acumen. Today’s auditors need to be confident enough to challenge the boardroom while being proportionate and pragmatic in how they do it.” 

Regulation: both driver and challenge 

While innovation continues, the regulatory landscape is evolving too. The EU AI Act will bring new expectations for firms using high-risk AI systems, while in the UK, the Chartered IIA’s updated code is prompting audit leaders to review how their functions operate in practice. 

“The emphasis now is on being dynamic, forward-looking and integrated with business strategy,” says Barberis. “It’s not just about meeting the letter of the standards—it’s about aligning with their intent.” 

Internal auditors are also increasingly expected to demonstrate how their work supports long-term value creation and resilience. That includes providing assurance on everything from third-party risk and operational resilience to financial crime controls and AI ethics. 

A profession in redefinition 

So, is internal audit being fundamentally redefined? According to Barberis and Krishnamachari, the answer is yes, but not all at once. 

“There’s no single blueprint,” says Krishnamachari. “Different organisations are at different stages of maturity. But the direction of travel is clear: more strategic input, more technology integration, and more pressure to deliver insight that drives decision-making.” 

For those willing to evolve, the opportunity is significant. Internal audit can be a powerful enabler of resilience, innovation, and trust, provided it has the right mandate, the right mindset, and the right people. 

“We’re transforming alongside the businesses we support,” says Barberis. “And that means building teams that are agile, dynamic and ready for what’s next.”