Internal Audit's Role Shifts to Strategic Partner

The strategic realignment of internal audit is a direct response to a landscape of "structural volatility" where supply chain disruption is now a permanent feature. For manufacturers, this means internal audit must now provide forward-looking insights on everything from plant-level operations to enterprise-wide risks like the adoption of Industry 4.0, cybersecurity, and supply chain resilience. This shift moves the function beyond compliance to a role that enables risk-based, strategic decision-making. Geopolitical tensions are a primary driver of this new risk environment, with U.S.-China rivalry reshaping global trade. Manufacturers face significant tariffs, such as a 25% levy on certain steel and aluminum imports, and duties on electronic components, which increases costs and disrupts supply chain efficiency. This has led to a decrease in sourcing from China, with companies diversifying to Southeast Asia and other emerging markets. A critical vulnerability for the sector is China's dominance over essential raw materials, controlling over 60% of global refining capacity and 90% of the market for rare earth elements like gallium and germanium. Export restrictions on these materials, which are vital for semiconductors and renewable energy technologies, create significant supply chain risks and price volatility for U.S. and EU manufacturers. In response to these complex risks, internal audit functions are increasingly turning to co-sourcing and outsourcing models. These arrangements provide access to specialized expertise in emerging areas like cybersecurity, data analytics, and sector-specific regulations that in-house teams may lack. This allows audit leaders to scale resources as needed and gain an external perspective on governance and risk management. The regulatory landscape for manufacturers is also intensifying, with a focus on supply chain transparency and ethics. New rules like the EU's Corporate Sustainability Due Diligence Directive (CSDDD) and Forced Labour Regulation (EUFLR) require companies to identify and mitigate human rights and environmental impacts throughout their value chains. In the U.S., the Uyghur Forced Labor Prevention Act (UFLPA) has led to the detention of thousands of shipments at ports of entry. Domestically, manufacturers are navigating a shifting regulatory environment under agencies like OSHA, which has proposed a significant deregulatory agenda to roll back or revise existing standards in favor of a more performance-based approach. Simultaneously, new Department of Defense cybersecurity regulations (CMMC), which began inclusion in contracts in mid-2025, impose stringent new compliance requirements for any manufacturer in the defense supply chain. The SEC is increasing its scrutiny of cybersecurity disclosures, with new rules requiring companies to report material incidents on Form 8-K within four business days of determining materiality. While the SEC's extensive climate change disclosure rules were stayed by federal courts, the commission is expected to propose new rules on human capital management and corporate board diversity in October 2025.