KUALA LUMPUR: There is a critical shortage of certified internal auditors (CIAs), with only 800 professionals serving the country.

Moreover, internal auditors are under increasing pressure to strengthen environmental, social and governance compliance, as demanded by an increasing number of global investors.

The concerns were raised by the Institute of Internal Auditors Malaysia (IIAM) during the Chief Audit Executive Roundtable 2025 held here yesterday.

In light of growing risks and the need for more robust oversight, the IIAM is targeting a twofold increase in the number of CIAs over the next five years.

This is part of broader efforts to enhance the country’s global competitiveness and strengthen the nation’s governance capabilities, it said.

The roundtable session was held ahead of the Asian Confederation of Institutes of Internal Auditors (ACIIA) Conference 2025 that IIAM will be hosting.

The conference will be held today and tomorrow at the Kuala Lumpur Convention Centre, drawing over 1,200 delegates from 17 countries.

Themed “Internal Audit in a Policrysis Era: Adapting, Assuring, and Advancing”, the conference aims to explore the evolving role of internal auditors in strengthening organisational resilience and trust, as risks are rapidly evolving, deeply interconnected, and increasingly global.

The ACIIA conference will offer in-depth perspectives on how organisations in Malaysia and across the region can navigate the transition, address competency gaps, and enhance capabilities of internal audit teams through structured upskilling and professional development efforts.

The roundtable held yesterday also provided a preview of the upcoming “Risk in Focus 2026” report, which drew on insights from a global survey of 5,000 audit professionals across five continents, supplemented by focus group discussions held in 20 locations worldwide.

The report highlighted the evolving risk trend, South-East Asia’s position in comparison with global pattern and the outlook for the years ahead.

According to the Institute of Internal Auditors Global president and chief executive officer Anthony Pugliese, there are five key risks namely cybersecurity, business resilience, digital disruption, human capital and ESG challenges.

“If we look at the top risks in South-East Asia, cybersecurity comes first.

“That’s becoming more significant because of the advent of artificial intelligence,” he added.

IIAM president Suhailah Mohamed Abdulla stressed on the need for organisations to adopt a broader and strategic approach to managing cybersecurity risks, noting that threats in this area have become increasingly complex and multifaceted.

In addition, she said cybersecurity awareness and education across all levels of the workforce remained essential particularly as threats become increasingly sophisticated and pervasive.

“Cybersecurity has emerged as a long overdue risk where cases are usually linked to sabotage rather than mere technical lapses, hence the urgent need of more CIA”, she said.

IIAM also revealed that only 2% of Malaysian organisations are equipped to handle cybersecurity threats.