Audit committees and boards are adapting to ongoing change, evaluating business impacts from tax, trade, and supply chains to technology, climate, and workforce strategy. Changes in today’s nuanced economy are emerging alongside a rapidly shifting business environment shaped by legislative, regulatory, and geopolitical actions. Coupled with a convergence of cyber risk, artificial intelligence (AI) disruption, and economic volatility, these matters are on board agendas.
As such, organizations are navigating a growing array of nonlinear risk events that can trigger sudden, unexpected tipping points requiring rapid responses. Despite the speed at which such risks surface and test corporate agility, management should be cognizant of interconnections and potential impacts down the line.
Leading boards are rethinking legacy approaches and ways to more tightly intertwine risk and strategy. Their audit committees, in addition to receiving standing risk updates, are adopting portfolio-driven views and scenario analysis to inform their counsel.
Leading boards also challenge management teams to reinvigorate their risk management programs, moving beyond static updates at specified intervals to a portfolio-driven approach that explores “what-if” scenarios. Boards layer onto that, considering “what can,” i.e., “What can we leverage to be more prepared?”
Audit committees, which usually have purview over risk matters, are seeking more updates on the status and effectiveness of risk mitigation plans. That allows them to dig deeper and review other enterprise risk management (ERM) practices and processes to verify effective risk management across the enterprise, thereby increasing resilience and agility to help enable strategic pivots.
Additionally, given the mixed signals in the 2026 business outlook, a recent EY CEO survey showed that 52% of CEOs plan to increase investments to drive transformation. They are focused on business models, new market entry, and the adoption of emerging technologies to realize sustainable competitive advantages. These investment plans suggest that optimism is emerging due to stronger confidence in corporate earnings and profitability, as well as CEOs’ demonstrated ability to navigate global challenges.
Many companies are also adjusting operating models to achieve financial targets with eyes wide open, recognizing that these five risk categories need to be monitored and managed moving forward: technology disruption and AI integration, labor costs and talent constraints, capacity for innovation and the infrastructure to support it, geopolitical tensions, and supply chain and logistics considerations.
In the case of AI, which increasingly showed up as a risk factor in Fortune 100 companies’ proxy statements and Form 10-K filings in 2025, boards and audit committees are stepping up their oversight. The EY analysis found that nearly half (48%) of those companies cited AI as part of the board’s risk oversight responsibilities—triple that of last year. They also found that a majority of companies (58%), recognizing heightened cyber risk, report undertaking cyber preparedness exercises.
Leading companies, responding to risks and inevitable changes, are rewiring their supply chains for speed, resilience, and more efficient customer service. Some are adopting a hybrid approach to balance global scale with regional agility because they find full localization impractical, cost-prohibitive, or unnecessary. Nearly 75% of CEOs participating in the EY survey are either in the process of localizing or have localized part of their production in the country of sale.
Many are building local and regional capabilities near their customers, communities, and talent to facilitate faster adaptation of diverging government rules and shifting markets. As CEOs adapt to U.S. administration priorities, many also place U.S. investment and job creation at the center of discussions on trade, regulatory, and other policy matters. They also increasingly see U.S.-focused localization as a lever for balancing efficiency with security.
As such, boards and audit committees seeking to be more effective in today’s business environment could consider taking a number of steps. For instance, engage in regular portfolio resilience reviews, increase their focus on aspects of the business associated with shifting customer demand and emerging technologies, and redirect resources to high-growth business opportunities, or even devising region-specific strategies, to name a few. They also should use scenario analysis and war-gaming to boost effectiveness, using what they learn to help them peer around corners and prepare to manage connected risks that could present a substantial shock to a company’s portfolio.
As they guide companies through risks in the uncertain business environment, audit committees need to understand where the risks are and whether top risks and strategy dimensions are being integrated into broader board discussions. Knowing which risks, assumptions, and critical factors are built into the strategy and how they fared under robust, forward-looking stress testing is particularly valuable. That is especially true when the scenario analysis sheds light on where there is the potential for a “single point of failure.”
The level of boardroom technology fluency also should be understood, as well as the quality of the company’s leadership team as it relates to technology. In other words: what is the state of the company’s technology maturity across the enterprise, and how is the board overseeing the governance of AI?
The EY analysis of Fortune 100 proxy filings and Form 10-K forms referenced earlier also found about 40% of the companies disclosing that at least one board-level committee was charged with AI oversight responsibilities—nearly four times the frequency of those disclosures in 2024. Audit committees also remained the primary spot for cybersecurity oversight.
Recognizing the risks related to capturing opportunities and efficiencies, the committee overseeing those risks (whether it is the audit or another board committee) and the board should inquire about how management measures and reports the business impact of AI to support business strategy. What is the company’s talent strategy as it relates to AI? Is the workforce getting the training it needs? Is it anxious about AI, and how is it integrating its work from the center with AI?
These are among the many concerns audit committees and other board members should think about as they navigate through another year of changes and capture opportunities when they emerge.
ABOUT THE AUTHOR:
Pat Niemann is the EY Americas Center for Board Matters and Audit Committee Forum Leader.
The views reflected in this article are the views of the author and do not necessarily reflect the views of Ernst & Young LLP or other members of the global EY organization.
Photo credit: herstockart/iStock
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
