Stay connected: follow us on LinkedIn and explore more at
www.CherryHillAdvisory.com.
Lorem ipsum dolor sit amet consectetur interdum quam duis varius facilis.
Latest Blogs
No items found.
Follow Us
.svg){kind=small}
Subscribe now to join the Risk Register community:
I wasn't expecting a 17-year-old video game about backyard horticulture to be the thing that clarified the biggest emerging risk I’m seeing in 2026. But here we are.
If you've ever played Plants vs. Zombies, you know the game. You’re planting defenses as fast as you can while a relentless wave of zombies marches toward your lawn. On the early levels, it’s a cakewalk. You have time to think. You have time to plan.
But as the game reaches the higher levels, the Velocity Gap takes over. This is the moment when the rate of new challenges appearing exceeds the rate at which you can build defenses. Even if you have the perfect tools, you simply don’t have the 'cycle time' to click, plant, and prepare before the next wave arrives. The gap isn't a lack of resources, it's a lack of time.
That's exactly what's happening right now in your server room and most internal audit functions don't know the wave is already moving.
I've spent my career helping organizations identify enterprise risk before it becomes a headline. And right now, one of the most overlooked risks hitting IT budgets, procurement, and operational resilience is sitting in something most people haven't thought about since the last time they bought a laptop: RAM.
If you've looked at a server procurement quote lately and done a double-take. No, your vendor didn't add an extra zero. RAM prices have surged nearly 90% in Q1 2026. (Counterpoint Research, 2026). This is a classic supply chain risk with a very modern twist: AI is the zombie horde, HBM memory is the scarce resource it feeds on, and your budget assumptions may already be obsolete.
The question isn't whether this risk is real. It's whether your internal audit function is looking far enough down the lawn to see it coming.
To put this in perspective, let’s look at how the market normal has shifted in just two years. We aren't just talking about a slight inflationary tick; we are witnessing a complete decoupling of historical price trends.
Just six months ago, you could upgrade a workstation to 64GB for under $250. Today, that same kit can clear $1,000, making a few sticks of RAM more expensive than the laptop they go into. According to Counterpoint Research, we are in a "Hyper-Bull" phase that has eclipsed the historic peaks of 2018.
Let me give you the quick version of what's happening in the semiconductor market, because it matters more to your risk assessment than you might think.
Samsung, SK Hynix, and Micron, the big three memory manufacturers, have made a cold, hard business decision. They're pivoting manufacturing capacity away from commodity DRAM toward High Bandwidth Memory, specifically HBM3e and HBM4.
Why? Because HBM is what powers the NVIDIA chips running ChatGPT, Gemini, and every other large language model on the planet. The AI infrastructure buildout is consuming memory supply at a pace the market wasn't built for. According to Network World, server memory prices could double by the end of 2026.That's not a technology story. That's a supply chain risk story and it's sitting inside your organization's IT budget right now.
The AI infrastructure buildout is generating a new class of supply chain disruption. Most governance, risk, and compliance frameworks are calibrated for linear inflation, not the non-linear disruption of the AI arms race. It works like this:
Hyperscalers like the Microsoft, Google, and Amazons of the world, are competing aggressively to build AI capacity. That competition creates enormous, sudden demand for specific technology components. Manufacturers respond by pivoting production toward those high-margin inputs. And everyone else, every enterprise, government agency, and mid-market company buying standard IT equipment. finds themselves at the back of a very short queue.
This isn't a one-time event. It's a structural feature of the AI era. The same disruption that hit memory is already visible in power infrastructure, specialized networking components, and cooling systems. The question isn't whether your organization will be affected by another wave of AI-driven supply disruption. It's whether your Risk Management function has the “sensing" capabilities to see it coming, and whether Internal Audit is prepared to challenge the assumptions that leave your budget exposed.
Here is the question I’d be asking if I were sitting on the Audit Committee, looking across the table at the CAE:
Did your internal audit function see this coming? And if you did, did you say something?
This is exactly where Enterprise Risk Management (ERM) and Internal Audit intersect. The value of a high-performing audit function isn't just identifying what went wrong after the budget is blown; it is providing actionable foresight. It’s about auditing the process of risk identification to ensure the organization is connecting macro market signals, like the HBM supply pivot, to operational exposure early enough for leadership to actually do something about it.
Six months ago, a proactive risk identification conversation with procurement and finance could have meant locking in favorable contracts, accelerating a hardware refresh cycle before prices moved, or at minimum, building realistic assumptions into the 2026 budget.
If that conversation didn't happen, I'd encourage an honest internal diagnostic, not as a criticism, but as a genuine risk assessment of your function's capabilities.
Are your risk monitoring processes picking up external signals like this?
Are you connected to the right data sources?
Are your findings reaching the right people with enough lead time to drive a decision?
If the answer is "not consistently," you're not alone, but you do have an opportunity.
The AI revolution is generating a new class of supply chain, procurement, and budget forecasting risk that most GRC frameworks simply haven't caught up to yet. Closing that gap through continuous risk monitoring, tighter feedback loops between audit and finance, and a culture of early risk communication is exactly how audit functions evolve from compliance checkboxes into strategic advisors.
To help you pressure-test where your organization stands, I've developed the AI Infrastructure Risk Questionnaire: questions every leader should be asking right now, whether you sit in audit, finance, IT, or the boardroom.
The window between early signal and budget impact is shrinking. The question isn't whether the next disruption is coming. It's whether your function will see it in time to matter.
Source: Choi, J. (2026, February 4). Memory prices surge up to 90% from Q4 2025. Counterpoint Research. https://counterpointresearch.com/en/insights/Memory-Prices-Surge-Up-to-90-From-Q4-2025
Subscribe now to join the Risk Register community:
%20in%202026.png)
