The Global Internal Audit Standards that took effect at the start of 2025 are updated to better align with the evolving risks that internal auditors face, with Topical Requirements in areas such as cybersecurity, third-party risk and organizational culture, Anthony Pugliese, president and CEO of The IIA, said in a podcast interview. Many internal audit functions "are being asked to do more things differently or even to shift entirely into risk areas that are unrelated to internal controls over financial reporting," creating a need for the Topical Requirements, Pugliese said.

When it comes to generative AI, "well-written does not necessarily mean correct," notes Irena Ostojic. After a year of experimentation using generative AI in auditing, Ostojic has a list of recommendations. Read her suggestions.

OpenAI's forthcoming AI models might present a "high" level of cyberrisk as their technical abilities progress, the company said. The models could be used to devise zero-day remote exploits or facilitate intricate attacks targeting enterprise and industrial systems, potentially resulting in serious real-world consequences, OpenAI warned. The company said it is taking risk mitigation steps such as "investing in strengthening models for defensive cybersecurity tasks and creating tools that enable defenders to more easily perform workflows such as auditing code and patching vulnerabilities."

The Securities and Exchange Commission is intensifying its efforts to promote global coordination in accounting and auditing standards. SEC Chair Paul Atkins and Chief Accountant Kurt Hohl highlighted the importance of closer collaboration with international bodies such as the International Auditing and Assurance Standards Board and the International Accounting Standards Board. Aligning US and global standards could reduce costs and complexity for multinational companies, enhance investor confidence and mitigate risks associated with fragmented regulations.

The Financial Accounting Standards Board has released standards for accounting for government grants, addressing a gap in generally accepted accounting principles. The standards, effective for public companies in 2028 and private firms in 2029, require companies to disclose the nature and terms of grants and to recognize grants only when receipt is probable.

Finance leaders are concerned about the potential misuse of AI, particularly in fraud detection, according to a report from Billtrust. The report finds that 82% of surveyed finance professionals are worried about AI's potential for misuse, citing incidents such as AI-generated phishing emails and fake invoices. The report recommends that finance teams maintain human oversight of AI systems to ensure ethical and effective fraud detection.

The Treasury Department is advancing an overhaul of anti-money-laundering regulations that would shift enforcement power more directly under its control. The proposal, currently in draft form, would allow the Financial Crimes Enforcement Network to veto other regulators' findings on Bank Secrecy Act violations, potentially reducing penalties for banks' technical violations. Such a change could address banks' concerns that current AML rules are expensive and overly focused on technical compliance rather than substantive effectiveness.

The inaugural Audit Transformation Report, co-authored by CPA.com and the AICPA, offers a detailed snapshot of how audit firms are evolving, based on insights from 54 US firms. The report establishes a baseline for transformation across the profession, identifying five core themes that highlight strategic, methodological and technologica