Contact Us Submit RFP

  • Search For

Contact Us Submit RFP
insight-ingle-left-2
insight-ingle-left-3
Go back to Articles

June 13, 2025

Emerging Risks in Insurance and Internal Audit’s Essential Response

Key Takeaways

  • The insurance industry faces mounting challenges from climate impacts, macroeconomic pressures, evolving regulations, and cybersecurity threats, all of which require internal audit’s critical oversight and preparedness assessment.
  • Effective risk mitigation demands specialized skills and integrating advanced analytics and cross-functional collaboration for a holistic and comprehensive understanding of risk.
  • Internal audit can evaluate and strengthen core operational areas, including climate risk modeling, investment strategies, regulatory compliance, and cybersecurity, to ensure robust business continuity, financial stability, and reputational protection.
  • Proactive internal audit teams provide invaluable assurance and strategic advisory that empower management to navigate complex risks, securing financial health and sustainable growth.

Predicting emerging risks is both a science and an art, and while certainty is elusive, organizational resilience and agility are crucial for navigating inevitable disruptions. Internal audit has a responsibility to independently assess both established and emerging risks, with an equal focus on ensuring the business’s resilience to disruptive events. This is particularly pertinent with emerging technologies, where competitive pressures for adoption can lead to insufficient cross-functional risk management. The allure of transformative technology benefits can tempt organizations to overlook prudent risk management, potentially leading to greater costs later. In the dynamic insurance landscape of 2025, characterized by escalating climate impacts, macroeconomic shifts, evolving regulations, and the rapid advancement of AI and cybersecurity threats, a resilient and agile organization, supported by a proactive internal audit function equipped with specialized skills, is essential for navigating this unprecedented uncertainty and achieving long-term success.

The Escalating Impact of Climate Risk and Catastrophe Exposure

The increasing frequency and severity of climate-related events pose significant financial and operational challenges for insurers. The ramifications extend across increased claims payouts, the need for robust reserve adequacy, and escalating reinsurance costs. Beyond these direct financial implications, operational disruptions and the imperative for robust business continuity plans are of paramount importance.

Internal Audit’s Role Related to Climate-Related Risks: In this context, internal audit assumes a vital role in ensuring the organization is not only adequately prepared for these challenges but also demonstrates effective responsiveness. This encompasses a thorough review of climate risk modeling and catastrophe management strategies, evaluating model risk management controls to protect the robustness and accuracy of the models employed. Furthermore, internal audit must assess the adequacy of risk transfer mechanisms, analyzing the effectiveness of reinsurance programs and other strategic tools designed to mitigate financial exposure. Evaluating the company’s response to evolving regulatory changes and climate resilience programs is also crucial, ensuring compliance with new mandates and assessing the effective implementation of sustainability initiatives. Finally, a rigorous review of business continuity plans for catastrophic events, including thorough testing of their effectiveness in maintaining critical operations during and after a disaster, falls under the purview of internal audit.

Audit Procedures for Catastrophe Readiness Assessment: 

  • Conduct analysis of historical claims and catastrophe losses to identify trends and patterns that can inform future risk assessments. 
  • Review of models and their underlying assumptions is also essential, scrutinizing the model risk management controls, and data that underpin these predictions. 
  • Assess operational readiness through comprehensive testing of business continuity and disaster recovery plans, including simulations and walkthroughs.
  • Review claim assignment and claim handling response timing to identify bottlenecks or shortcomings in the claim assignment and handling process.
  • Evaluate large and total loss claim management procedures to identify improvement opportunities in CAT claim handling. 

Navigating Macroeconomic Pressures: Inflation and Investment Volatility

The prevailing macroeconomic climate, characterized by persistent inflationary pressures and volatile investment returns, introduces substantial pressures on insurance companies. Inflation directly impacts both loss costs and overall operational expenses, while the performance of investment portfolios is subject to significant market fluctuations and the complexities of diversification.

Internal Audit’s Role in Monitoring Economic Factors: In response to these forces, internal audit must meticulously assess their impact on the organization. This includes a thorough evaluation of the accuracy of financial forecasts and underlying risk assessments, ensuring that the economic assumptions employed are both reasonable and appropriately integrated into financial planning processes. Furthermore, a comprehensive review of investment strategies and the established risk management frameworks is essential, focusing on the compliance with investment policies and the effectiveness of strategies designed to mitigate investment risk. Internal audit must also assess the potential impact of trade restrictions on operational costs, identifying any vulnerabilities within the supply chain and their associated financial implications. Finally, a critical review of the adequacy of the claim reserving process is necessary to ensure that reserves accurately reflect the current inflationary environment and account for potential future increases in loss costs.

Audit Procedures for Macroeconomic Risk Assessment: 

  • Review of financial models and the economic assumptions upon which they are based, challenging the underlying methodologies and data. 
  • Evaluate the enterprise risk management function to ensure appropriate risk management activities are in place to address emerging and material risks
  • Test the compliance with investment policies and the key risk metrics employed. 
  • Conduct analysis of historical claims data and expense trends can help to identify the specific impacts of inflationary pressures on financial performance.
  • Review the internal expense management procedures for adherence to established policies and procedures 

Addressing Tax Uncertainty and the Evolving Regulatory Landscape

Potential shifts in tax policy and the continuous evolution of insurance regulations necessitate agile and proactive responses from insurers. Ensuring consistent compliance and effectively adapting to new regulatory requirements are critical for avoiding penalties and maintaining stable operations.

Internal Audit’s Assessment Procedures for Tax and Regulatory Compliance: In this dynamic landscape, internal audit assumes a crucial role in navigating this complexity. This involves a comprehensive assessment of the company’s readiness for potential tax law changes, evaluating the anticipated impact of proposed legislation and the robustness of contingency plans. Furthermore, a thorough review of the effectiveness of regulatory compliance programs is essential to ensure that robust processes are in place to adhere to all applicable regulations. Finally, internal audit must evaluate the efficiency and accuracy of the company’s process for monitoring and implementing regulatory changes, ensuring a systematic and timely response to new requirements.

Audit Procedures for Tax and Regulatory Compliance: 

  • Review of tax planning and compliance documentation, examining the company’s tax strategies and filings. 
  • Test the design and operational effectiveness of regulatory compliance controls and procedures to ensure accurate calculations, reporting and payments.
  • Review of the process for monitoring relevant legislation ensures that the company remains informed and prepared for upcoming changes.

Mitigating Risks in the Era of AI and Cybersecurity Vulnerabilities

The increasing reliance on artificial intelligence and the persistent threat of cyberattacks introduce significant vulnerabilities related to data security and raise critical ethical considerations. Protecting sensitive information and ensuring the responsible and unbiased use of AI in decision-making processes are paramount concerns for insurers.

Internal Audit’s Role in AI and Cybersecurity Governance: In this context, internal audit plays a vital role in providing assurance over these critical areas. This includes a thorough assessment of the effectiveness of existing cybersecurity controls, evaluating the measures implemented to protect data and systems from evolving cyber threats. Furthermore, internal audit must review the core security disciplines over AI workloads, like identity and access management, data protection, privacy and compliance, application security, and threat modeling.  AI governance practices must be implemented to support the identification and mitigation of potential bias and promote fairness in AI-driven outcomes. Evaluating the comprehensiveness and effectiveness of the company’s data governance framework, including policies and procedures for managing data security, privacy, and integrity, is also crucial. Finally, a rigorous review of the cybersecurity practices of the company’s third-party vendors is necessary to ensure that external partners adhere to adequate security standards.

Audit Procedures for AI and Cybersecurity Risk Assessment: 

  • Review of cybersecurity risk assessments and incident response plans, evaluating the company’s preparedness for and ability to respond to cyber incidents. 
  • Test the effectiveness of data access controls and security protocols.
  • Review of the AI governance processes including model lifecycle management, secure configuration and maintenance, integration, third-party dependencies, and monitoring and reporting.  
  • Assess the Third Party Risk Management (TPRM) function to ensure guidelines and requirements governing third party access are complied with.

Managing Reputational Risk in an Age of Heightened Public Scrutiny

In today’s interconnected world, negative public perceptions can rapidly erode customer loyalty and significantly impact profitability. The effectiveness of communication strategies, the quality of customer service and fair claims handling processes directly influence an insurer’s reputation.

In this environment, internal audit can provide valuable insights into managing reputational risk. This includes a review of the company’s customer service and claims handling processes, evaluating their efficiency, fairness, and overall responsiveness. A review of the company’s corporate social responsibility initiatives is also important to assess their alignment with the company’s core values and their impact on public perception. Finally, internal audit must review the process for handling and resolving customer complaints, ensuring that they are addressed effectively and in a timely manner.

Audit Procedures for Reputational Risk Assessment:

  • Conduct a detailed review of customer feedback and complaint data to identify recurring trends and areas for potential improvement in customer service. 
  • Test the adherence to established standards and timelines in claims handling and customer service procedures is also crucial. 
  • Evaluate customer service and policy administration practices in conjunction with market conduct standards.

Recommendations for Empowering Internal Audit Teams

  • Prioritize the development of specialized skills in critical areas such as advanced data analytics and cybersecurity.
  • Embrace the integration of advanced analytics tools and technology into audit processes to enhance efficiency and provide deeper, more insightful analyses.
  • Foster strong cross-functional collaboration with other key departments, including risk management, actuarial, claims, underwriting, customer service, finance, and IT, to gain a holistic understanding of the interconnected nature of these risks.
  • Enhance continuous monitoring and risk assessment capabilities to allow for more agile and responsive audit planning.
  • Engage proactively with evolving regulatory developments and adopt industry best practices to stay ahead of emerging challenges.
  • Shift strategically towards providing proactive advisory services to management to significantly contribute to the organization’s ability to effectively navigate these complex risks.

The Indispensable Value of Proactive Internal Audit

In conclusion, the internal audit function within insurance companies plays an increasingly vital role in safeguarding organizational resilience and ensuring long-term success in the face of an evolving and complex risk landscape. By proactively adapting their skills, embracing innovative audit techniques, and fostering strong collaborative relationships, internal audit teams can provide invaluable assurance and strategic advisory services. Their critical oversight empowers management to navigate emerging risks with greater confidence and effectiveness, ultimately protecting the company’s financial stability, reputation, and sustainable growth in 2025 and beyond.

How Johnson Lambert Can Help

The ability of insurance companies to effectively navigate the top risks of 2025—talent challenges, natural catastrophes, cyber threats, economic uncertainty, and regulatory changes—hinges on their organizational resilience. Internal audit plays a vital role in fostering this resilience by advocating for a proactive, integrated, and adaptive approach to risk management across all levels of the organization.

Matt Kranisky

Matt Kranisky

Managing Director - Internal Audit

View Bio
Jordan Fulbright

Jordan Fulbright

Senior Manager - Internal Audit

View Bio

Need Support Through Co-Sourcing or Outsourcing?

Our team offers customized solutions to ensure you receive the most relevant and effective services to support your business goals.

Contact Us

Related Insights

Emerging Risks in Insurance and Internal Audit’s Essential Response

Key Takeaways

  • The insurance industry faces mounting challenges from climate impacts, macroeconomic pressures, evolving regulations, and cybersecurity threats, all of which require internal audit’s critical oversight and preparedness assessment.
  • Effective risk mitigation demands specialized skills and integrating advanced analytics and cross-functional collaboration for a holistic and comprehensive understanding of risk.
  • Internal audit can evaluate and strengthen core operational areas, including climate risk modeling, investment strategies, regulatory compliance, and cybersecurity, to ensure robust business continuity, financial stability, and reputational protection.
  • Proactive internal audit teams provide invaluable assurance and strategic advisory that empower management to navigate complex risks, securing financial health and sustainable growth.

Predicting emerging risks is both a science and an art, and while certainty is elusive, organizational resilience and agility are crucial for navigating inevitable disruptions. Internal audit has a responsibility to independently assess both established and emerging risks, with an equal focus on ensuring the business’s resilience to disruptive events. This is particularly pertinent with emerging technologies, where competitive pressures for adoption can lead to insufficient cross-functional risk management. The allure of transformative technology benefits can tempt organizations to overlook prudent risk management, potentially leading to greater costs later. In the dynamic insurance landscape of 2025, characterized by escalating climate impacts, macroeconomic shifts, evolving regulations, and the rapid advancement of AI and cybersecurity threats, a resilient and agile organization, supported by a proactive internal audit function equipped with specialized skills, is essential for navigating this unprecedented uncertainty and achieving long-term success.

The Escalating Impact of Climate Risk and Catastrophe Exposure

The increasing frequency and severity of climate-related events pose significant financial and operational challenges for insurers. The ramifications extend across increased claims payouts, the need for robust reserve adequacy, and escalating reinsurance costs. Beyond these direct financial implications, operational disruptions and the imperative for robust business continuity plans are of paramount importance.

Internal Audit’s Role Related to Climate-Related Risks: In this context, internal audit assumes a vital role in ensuring the organization is not only adequately prepared for these challenges but also demonstrates effective responsiveness. This encompasses a thorough review of climate risk modeling and catastrophe management strategies, evaluating model risk management controls to protect the robustness and accuracy of the models employed. Furthermore, internal audit must assess the adequacy of risk transfer mechanisms, analyzing the effectiveness of reinsurance programs and other strategic tools designed to mitigate financial exposure. Evaluating the company’s response to evolving regulatory changes and climate resilience programs is also crucial, ensuring compliance with new mandates and assessing the effective implementation of sustainability initiatives. Finally, a rigorous review of business continuity plans for catastrophic events, including thorough testing of their effectiveness in maintaining critical operations during and after a disaster, falls under the purview of internal audit.

Audit Procedures for Catastrophe Readiness Assessment: 

  • Conduct analysis of historical claims and catastrophe losses to identify trends and patterns that can inform future risk assessments. 
  • Review of models and their underlying assumptions is also essential, scrutinizing the model risk management controls, and data that underpin these predictions. 
  • Assess operational readiness through comprehensive testing of business continuity and disaster recovery plans, including simulations and walkthroughs.
  • Review claim assignment and claim handling response timing to identify bottlenecks or shortcomings in the claim assignment and handling process.
  • Evaluate large and total loss claim management procedures to identify improvement opportunities in CAT claim handling. 

Navigating Macroeconomic Pressures: Inflation and Investment Volatility

The prevailing macroeconomic climate, characterized by persistent inflationary pressures and volatile investment returns, introduces substantial pressures on insurance companies. Inflation directly impacts both loss costs and overall operational expenses, while the performance of investment portfolios is subject to significant market fluctuations and the complexities of diversification.

Internal Audit’s Role in Monitoring Economic Factors: In response to these forces, internal audit must meticulously assess their impact on the organization. This includes a thorough evaluation of the accuracy of financial forecasts and underlying risk assessments, ensuring that the economic assumptions employed are both reasonable and appropriately integrated into financial planning processes. Furthermore, a comprehensive review of investment strategies and the established risk management frameworks is essential, focusing on the compliance with investment policies and the effectiveness of strategies designed to mitigate investment risk. Internal audit must also assess the potential impact of trade restrictions on operational costs, identifying any vulnerabilities within the supply chain and their associated financial implications. Finally, a critical review of the adequacy of the claim reserving process is necessary to ensure that reserves accurately reflect the current inflationary environment and account for potential future increases in loss costs.

Audit Procedures for Macroeconomic Risk Assessment: 

  • Review of financial models and the economic assumptions upon which they are based, challenging the underlying methodologies and data. 
  • Evaluate the enterprise risk management function to ensure appropriate risk management activities are in place to address emerging and material risks
  • Test the compliance with investment policies and the key risk metrics employed. 
  • Conduct analysis of historical claims data and expense trends can help to identify the specific impacts of inflationary pressures on financial performance.
  • Review the internal expense management procedures for adherence to established policies and procedures 

Addressing Tax Uncertainty and the Evolving Regulatory Landscape

Potential shifts in tax policy and the continuous evolution of insurance regulations necessitate agile and proactive responses from insurers. Ensuring consistent compliance and effectively adapting to new regulatory requirements are critical for avoiding penalties and maintaining stable operations.

Internal Audit’s Assessment Procedures for Tax and Regulatory Compliance: In this dynamic landscape, internal audit assumes a crucial role in navigating this complexity. This involves a comprehensive assessment of the company’s readiness for potential tax law changes, evaluating the anticipated impact of proposed legislation and the robustness of contingency plans. Furthermore, a thorough review of the effectiveness of regulatory compliance programs is essential to ensure that robust processes are in place to adhere to all applicable regulations. Finally, internal audit must evaluate the efficiency and accuracy of the company’s process for monitoring and implementing regulatory changes, ensuring a systematic and timely response to new requirements.

Audit Procedures for Tax and Regulatory Compliance: 

  • Review of tax planning and compliance documentation, examining the company’s tax strategies and filings. 
  • Test the design and operational effectiveness of regulatory compliance controls and procedures to ensure accurate calculations, reporting and payments.
  • Review of the process for monitoring relevant legislation ensures that the company remains informed and prepared for upcoming changes.

Mitigating Risks in the Era of AI and Cybersecurity Vulnerabilities

The increasing reliance on artificial intelligence and the persistent threat of cyberattacks introduce significant vulnerabilities related to data security and raise critical ethical considerations. Protecting sensitive information and ensuring the responsible and unbiased use of AI in decision-making processes are paramount concerns for insurers.

Internal Audit’s Role in AI and Cybersecurity Governance: In this context, internal audit plays a vital role in providing assurance over these critical areas. This includes a thorough assessment of the effectiveness of existing cybersecurity controls, evaluating the measures implemented to protect data and systems from evolving cyber threats. Furthermore, internal audit must review the core security disciplines over AI workloads, like identity and access management, data protection, privacy and compliance, application security, and threat modeling.  AI governance practices must be implemented to support the identification and mitigation of potential bias and promote fairness in AI-driven outcomes. Evaluating the comprehensiveness and effectiveness of the company’s data governance framework, including policies and procedures for managing data security, privacy, and integrity, is also crucial. Finally, a rigorous review of the cybersecurity practices of the company’s third-party vendors is necessary to ensure that external partners adhere to adequate security standards.

Audit Procedures for AI and Cybersecurity Risk Assessment: 

  • Review of cybersecurity risk assessments and incident response plans, evaluating the company’s preparedness for and ability to respond to cyber incidents. 
  • Test the effectiveness of data access controls and security protocols.
  • Review of the AI governance processes including model lifecycle management, secure configuration and maintenance, integration, third-party dependencies, and monitoring and reporting.  
  • Assess the Third Party Risk Management (TPRM) function to ensure guidelines and requirements governing third party access are complied with.

Managing Reputational Risk in an Age of Heightened Public Scrutiny

In today’s interconnected world, negative public perceptions can rapidly erode customer loyalty and significantly impact profitability. The effectiveness of communication strategies, the quality of customer service and fair claims handling processes directly influence an insurer’s reputation.

In this environment, internal audit can provide valuable insights into managing reputational risk. This includes a review of the company’s customer service and claims handling processes, evaluating their efficiency, fairness, and overall responsiveness. A review of the company’s corporate social responsibility initiatives is also important to assess their alignment with the company’s core values and their impact on public perception. Finally, internal audit must review the process for handling and resolving customer complaints, ensuring that they are addressed effectively and in a timely manner.

Audit Procedures for Reputational Risk Assessment:

  • Conduct a detailed review of customer feedback and complaint data to identify recurring trends and areas for potential improvement in customer service. 
  • Test the adherence to established standards and timelines in claims handling and customer service procedures is also crucial. 
  • Evaluate customer service and policy administration practices in conjunction with market conduct standards.

Recommendations for Empowering Internal Audit Teams

  • Prioritize the development of specialized skills in critical areas such as advanced data analytics and cybersecurity.
  • Embrace the integration of advanced analytics tools and technology into audit processes to enhance efficiency and provide deeper, more insightful analyses.
  • Foster strong cross-functional collaboration with other key departments, including risk management, actuarial, claims, underwriting, customer service, finance, and IT, to gain a holistic understanding of the interconnected nature of these risks.
  • Enhance continuous monitoring and risk assessment capabilities to allow for more agile and responsive audit planning.
  • Engage proactively with evolving regulatory developments and adopt industry best practices to stay ahead of emerging challenges.
  • Shift strategically towards providing proactive advisory services to management to significantly contribute to the organization’s ability to effectively navigate these complex risks.

The Indispensable Value of Proactive Internal Audit

In conclusion, the internal audit function within insurance companies plays an increasingly vital role in safeguarding organizational resilience and ensuring long-term success in the face of an evolving and complex risk landscape. By proactively adapting their skills, embracing innovative audit techniques, and fostering strong collaborative relationships, internal audit teams can provide invaluable assurance and strategic advisory services. Their critical oversight empowers management to navigate emerging risks with greater confidence and effectiveness, ultimately protecting the company’s financial stability, reputation, and sustainable growth in 2025 and beyond.

How Johnson Lambert Can Help

The ability of insurance companies to effectively navigate the top risks of 2025—talent challenges, natural catastrophes, cyber threats, economic uncertainty, and regulatory changes—hinges on their organizational resilience. Internal audit plays a vital role in fostering this resilience by advocating for a proactive, integrated, and adaptive approach to risk management across all levels of the organization.

Matt Kranisky

Matt Kranisky

Managing Director - Internal Audit

Jordan Fulbright

Jordan Fulbright

Senior Manager - Internal Audit