373 Chief Audit Execs Said They Need More Resources. What If They’re Solving the Wrong Problem?

Every year, the IIA’s Pulse of Internal Audit holds a mirror up to the profession. The 2026 edition reflects an uncomfortable image: Internal audit functions across North America entered 2026 under what the report calls “increasing resource pressure.” The share of CAEs reporting mostly or completely sufficient funding dropped from 53% in 2024 to 45% in 2025, while those reporting insufficient funding rose from 22% to 30% in the same period. Staff reductions hit 18% of functions, matching levels last seen during the COVID-19 crisis. And the risk agenda keeps expanding regardless of what’s happening on the resource side.

The Scope Keeps Growing. The Team Doesn’t.

Look at how audit plan time is actually allocated. Financial reporting and SOX testing consume 16% of the average plan (30% for those who’ve actually implemented SOX). Compliance and regulatory work takes another 15%. Operational reviews account for 17%. Cybersecurity and IT together add another 17%. That’s the core — and it’s already most of the plan before anyone asks audit to weigh in on AI governance, ESG disclosures, or third-party risk.

Those emerging areas aren’t going away. Boards and audit committees are asking about them, yet nearly 30% of CAEs say their funding isn’t sufficient for the scope they’re already responsible for before any of that gets added to the plate.

The Pulse report’s implication for CAEs frames this as a prioritization and sourcing challenge, which it is. But prioritization has limits. You can only defer so much coverage before the gaps start to matter.

Most CAEs Are Running More Than One Function

Something the Pulse data surfaces that doesn’t get enough attention: 86% of CAEs are responsible for at least one area outside internal audit. Fraud investigation (47%) is the most common, followed by ethics and whistleblower programs (36%) and enterprise risk management (34%). In publicly traded organizations, 80% of CAEs also own the SOX program. 

These aren’t peripheral responsibilities. Each one carries reporting requirements, stakeholder management, documentation obligations, and its own cadence of deliverables. The CAE who oversees fraud investigation, manages an ERM program, and owns SOX compliance — while running a full audit plan with a team that may have gotten smaller this year — is operating with very little margin.

When that’s the context, the efficiency of the audit function becomes paramount. It’s what makes everything else manageable.

The Alignment Gap Is a Data Problem as Much as a Strategy Problem

Perhaps the most actionable finding in the 2026 Pulse is the relationship between strategic alignment and funding sufficiency. Functions that are fully or almost fully aligned with organizational strategy reported sufficient funding at a rate of 59%. Those that are only somewhat aligned: 29%. A 30-point gap, consistent across sector, industry, function size, and SOX implementation status.

The report’s implication for CAEs is that strong, visible linkage between audit work and organizational priorities is associated with better resourcing. That’s worth taking seriously.

But visible linkage requires something concrete to point to. It requires being able to clearly show the CFO or the Board what audit covered, why those areas were prioritized, what was found, and what happened as a result. More than a strategic communication challenge, it’s a data and documentation challenge.

89% of CAEs attend every audit committee meeting, and more than half of those committees meet more than four times a year. That’s a significant number of conversations where the function has to demonstrate its value. The well-resourced audit teams aren’t just doing better work; they’re doing a better job of making that work visible.

Process — What the Pulse Report Missed

The 2026 Pulse frames the capacity challenge primarily as a resource and headcount story. While accurate, we think that framing is incomplete.

A meaningful share of audit capacity is consumed by the operational work that sits underneath every engagement: pulling data out of source systems, normalizing it into a reviewable format, chasing documentation over email, reconciling evidence across shared drives, and tracking whether findings actually led to corrective action. None of that shows up in a staffing chart, but it certainly shapes how much capacity is available for the judgment-intensive work that actually drives audit value. Functions that have addressed this layer of the problem tend to look different across the metrics the Pulse tracks. Faster cycle times. Higher plan completion rates. Cleaner documentation trails that make it easier to demonstrate coverage and impact.

Savant automates that layer. Evidence collection, data extraction and transformation, cross-system matching, documentation, all built into centrally governed, repeatable workflows that run the same way every time, with a full audit trail captured automatically. Not a general-purpose AI tool adapted for audit. A platform built for the standard audit holds itself to: deterministic logic, complete data lineage, and controls that hold up under scrutiny. The hours that used to go to data wrangling can now go to analysis, findings, and the kind of work that shows up when the audit committee asks what the function delivered this year.