Stay connected: follow us on LinkedIn and explore more at
www.CherryHillAdvisory.com.
.svg)
Subscribe now to join the Risk Register community:
The Internal Audit Foundation released the 2026 North American Pulse of Internal Audit at The IIA's Great Audit Minds conference in Las Vegas on March 10, 2026. The data is clear: internal audit functions across North America are entering 2026 under the most significant resource pressure since the pandemic recovery period.
As someone who works with internal audit functions of all sizes across multiple industries, the Pulse data confirms what I hear every week in client conversations: the profession is being asked to cover more ground with fewer resources. That is not a headline. It is an operating reality.
Here is what the data says, what it means, and what audit leaders should do about it.
The headline numbers from the 2026 Pulse are hard to ignore. The share of internal audit functions reporting budget cuts nearly doubled between 2024 and 2025, rising from 11% to 19%. At the same time, the percentage reporting budget increases fell from 34% to 23%.
Those are not marginal shifts. That is a reversal.
Privately held organizations were hit hardest, with the share reporting budget cuts rising and the share reporting budget growth falling by 16 percentage points each. Publicly traded companies also saw the share reporting cuts nearly double, though their growth rates held relatively steady. Nonprofit, healthcare, education, and public sector organizations all reported notable increases in the share of functions experiencing budget declines as well. Financial services was the only sector analyzed where audit budgets remained stable year over year, with 40% reporting growth and just 9% reporting cuts.
Cherry Hill Advisory Perspective: If your budget is flat or declining, you are not alone. But flat budgets combined with expanding scope create a compounding capacity problem. The question is not whether you have enough money. The question is whether you are directing what you have toward the work that matters most to the organization. That means sharpening your risk assessment to focus on the highest-priority areas and rethinking your methodology to get more out of what you have. AI-assisted planning and testing can help close that gap without adding headcount. If you cannot answer the prioritization question with precision, your next budget conversation will be harder than this one.
Staffing trends mirror the budget story. The percentage of functions reporting staff reductions rose from 11% to 18% between 2024 and 2025. Among privately held organizations, the share reporting staff cuts rose sharply from 11% to 28%, with a corresponding drop in functions reporting growth from 30% to 17%.
Even in publicly traded organizations, which tend to be larger and more stable, staff cuts nearly doubled compared to the prior year.
Financial services again stood out, with the share reporting staff growth rebounding from 25% to 32% of functions and cuts remaining low at 10%.
Cherry Hill Advisory Perspective: The talent challenge is not new, but it is getting sharper. When staff cuts coincide with expanding scope, the math stops working. The answer is not trying to cover everything with fewer people. Functions that are navigating this well are making deliberate choices about where to deploy internal capacity and where to bring in specialized co-sourcing support on a targeted basis, without building out a larger permanent function.
One of the most important findings in the 2026 Pulse is the direct relationship between strategic alignment and funding. Internal audit functions that reported being fully or almost fully aligned with organizational strategy had a 30-percentage-point advantage in funding sufficiency (59%) compared to those only somewhat aligned (29%).
Nearly 60% of chief audit executives report their functions as fully or almost fully aligned. Financial services leads at 69%. Manufacturing (47%) and public administration (50%) trail the field.
Cherry Hill Advisory Perspective: This is the single most actionable data point in the report. Alignment is not an aspiration. It is a funding mechanism. If your audit plan is not explicitly tied to the organization's strategic priorities, documented risks, and board-level concerns, you are leaving resources on the table.
The functions we work with that secure consistent funding share three traits: (1) they translate their audit plan into the language of business strategy, (2) they maintain a visible connection between their work and the risks the C-suite is tracking, and (3) they report results in terms of organizational impact, not just audit findings. That is not a communication preference. It is a positioning discipline.
Despite tightening budgets and staffing constraints, the scope of CAE responsibilities continues to expand. Roughly 86% of CAEs oversee at least one area beyond the traditional internal audit function.
Fraud investigation is the most common additional responsibility, reported by 47% of respondents. Ethics and whistleblower programs and enterprise risk management follow, reported by more than one third of CAEs.
In publicly traded companies and manufacturing, Sarbanes-Oxley compliance remains a dominant driver, consuming significant audit effort at 80% and 70% of the audit plan resources, respectively. Cybersecurity and IT account for roughly 20% of audit effort across most sectors.
The assurance-to-advisory mix remains steady at approximately 75% to 25%.
Cherry Hill Advisory Perspective: Broad scope with constrained resources creates a specific risk: the function becomes a mile wide and an inch deep. Internal audit leaders need to have a direct conversation with their audit committees about scope realism. What can the function cover with rigor, and what requires a different delivery model?
At Cherry Hill Advisory, we see three practical responses to this pressure:
The Pulse data does not include a dedicated AI section, but the resource crisis it documents makes the AI conversation unavoidable. The 2025 Pulse found that 92% of CAEs identified data analytics as the most critical technology skill for internal audit's future. Yet only 28% reported high or advanced data analytics capability within their functions.
Roughly 4 in 10 CAEs said their teams were using generative AI for audit activities, with millennial CAEs leading adoption at 52% compared to 40% for Gen X and 31% for Baby Boomers.
Meanwhile, the risk landscape continues to accelerate. COSO released new guidance in March 2026 on applying its Internal Control framework to generative AI systems. The IIA's Global Internal Audit Standards now include a Technological Resources requirement directing CAEs to ensure their functions have the technology needed to support the audit process. Cybersecurity and IT already consume roughly 20% of audit effort across most sectors.
The gap between what internal audit needs to cover and what it can cover with current staffing is not going to close through hiring alone. The math does not support it.
Cherry Hill Advisory Perspective: AI is not a future consideration. It is a present-tense operational decision. The functions we advise are deploying AI in three specific ways right now:
The catch: AI adoption without governance is a liability, not an asset. Every function deploying AI tools needs clear policies on data privacy, output validation, and human oversight. The new COSO GenAI guidance provides a practical framework for mapping controls to AI use cases. If your function is using AI without a governance layer, that is itself an audit finding.
The Pulse report captures the state of the profession through survey data. It does not capture the operational decisions that separate high-performing functions from those that are struggling.
Here are three questions the data should prompt for any CAE reading it:
The 2026 Pulse of Internal Audit confirms a trend that has been building for several years. Internal audit is expected to cover more risk, in more domains, with tighter resources. That pressure is not going to ease.
The functions that will navigate this successfully are the ones that make four deliberate choices:
The Pulse data is a benchmark, not a destination. The decisions you make in response to it define whether your function leads or lags the profession.
Cherry Hill Advisory works with internal audit leaders to close the gaps the Pulse data reveals: strategic alignment, capacity planning, AI enablement, and targeted co-sourcing.
If your function is navigating budget pressure, expanding scope, or evaluating how to integrate AI into your audit process, we should talk.
Start the conversation: Contact Cherry Hill Advisory to schedule a no-cost diagnostic call. We will review your current audit plan positioning, identify the highest-leverage capacity opportunities, and give you a candid assessment of where your function stands relative to the profession.
Cherry Hill Advisory is a risk advisory and professional services firm providing internal audit, risk advisory, CFO services, and cybersecurity solutions to high-growth companies and global enterprises. As an IIA Authorized Licensee, CHA partners with internal audit functions to strengthen governance, manage risk, and deliver measurable value.
Download the full 2026 Pulse of Internal Audit report from The IIA.
Subscribe now to join the Risk Register community:
