“Boards tell internal auditors they want “no surprises.” Yet every day in 2025 brings a new surprise.”

If you’re like me, you entered 2025 cautiously optimistic. After all, internal auditors are by nature hopeful realists—we understand that risks never disappear, but we hope they can be managed. Yet, as the first six months of 2025 have unfolded, hope has collided with a relentless parade of volatility and disruption.

We’ve witnessed tariff wars reigniting across key global corridors, central banks grappling with conflicting signals, geopolitical flashpoints intensifying, and market instability flaring with almost rhythmic regularity. In the face of all this, internal auditors and risk managers have had little choice but to recalibrate continuously—often on the fly. In fact, as I noted in a recent blog, “nearly 60% of internal audit functions were forced to revisit or reconsider portions of their original audit plans in just the first quarter of the year.”

But here’s the real question: If the first half of 2025 brought relentless turbulence, what could the second half bring? Based on leading forecasts, expert analyses, and the unmistakable trendline of rising risk velocity, the answer is: even more volatility—but also opportunity for those prepared to meet it.

A World on Edge: What We’ve Faced So Far

Let’s begin with a quick recap of 2025’s first act:

• A volatile global tariff war: The new U.S. administration was true to its word when it came to tariffs. In the first five months increased tariffs on U.S. trading partners have been imposed, reduced, occasionally postponed, and often reimposed, creating unforeseen business risks and disrupting global supply chains already under pressure from environmental and labor regulations.
• Geopolitical instability: The relentless conflicts in Europe and the Middle East have brought new suffering and uncertainty, further stressed supply chains, and tested global alliances that have endured for generations.
• Economic whiplash: Inflation persisted unevenly across major economies. The IMF cut global growth projections in April, citing “heightened trade tensions and policy uncertainty.”
• AI and tech disruption: Regulatory bodies on both sides of the Atlantic announced sweeping frameworks for generative AI, throwing compliance programs and product roadmaps into disarray.

And yet, as dizzying as the first half has been, the second half of 2025 may bring even greater challenges—and test the resilience of organizations like never before.

Five Disruptive Trends That May Shape the Second Half of 2025

1. The Escalation of Tariff Battles—Becoming a Global Free-for-All

In the 2^nd half of 2025, trade wars won’t just continue, they will likely go global. While much of the media attention has focused on U.S.-China, US-Canada, or U.S.-EU tensions, the truth is that tariff skirmishes are erupting across multiple trade corridors, entangling allies and rivals alike.

Since the beginning of March:

• The European Union has slapped tariffs on U.S.-produced digital goods and cloud services, citing unfair tax treatment and lack of data reciprocity.
• India and the U.K. suspended portions of their long-anticipated free trade agreement negotiations, following a tit-for-tat escalation involving agricultural goods and pharmaceutical exports.
• South American economies, particularly Brazil and Argentina, have raised import duties on key manufactured goods from Asia.
• African trading blocs are contemplating regional tariffs to defend fledgling industries, even as foreign investors grow concerned about market fragmentation.

What’s emerging is not a neatly defined “trade war,” but rather a decentralized surge of protectionism—fueled by politics, nationalism, election cycles, and strategic sector priorities. This signals a shift away from the globalized free-trade era we’ve known for decades, toward a more fragmented, regionalized, and often reactive trade architecture.

For risk managers and internal auditors, this means the risk isn’t just a specific tariff—it’s the unpredictability of the rules of the game. We must now provide assurance that focuses on:

• Are our supply chains too dependent on high-tariff jurisdictions?
• Are we agile enough to adapt when tariff policies shift overnight?
• Is our organization prepared for non-tariff barriers like export controls, carbon border taxes, or ESG-related trade policies?

2. An Increasingly Volatile Regulatory Landscape

The new U.S. administration was always clear about its intent to deregulate. In the first half of the year, the President announced a freeze on new federal regulations, an executive order requiring agencies to repeal at least 10 rules or regulations for each new one they adopt, and “initial rescissions” of 80-plus Biden actions, including easing rules around AI.

Meanwhile Europe’s Digital Services Act is now in full enforcement mode and the U.S. AI Regulatory Commission has issued interim rules for algorithmic accountability audits. China has launched an AI ethics council with its own mandates.

The 2^nd half of 2025 promises more of the same: a heightened regulatory environment in some regions and industries and regulatory rollbacks in others.

This fragmentation will foster uncertainty that risk managers, internal auditors and compliance professionals will need to navigate.

3. A Geopolitical Flashpoint Becoming a Flashfire

The South China Sea and Taiwan Strait remain geopolitical tinderboxes. The U.S. Department of Defense has raised readiness levels, and global insurers have begun adjusting risk models for companies operating in the Asia-Pacific region.

If tensions escalate into even limited military action or economic blockades, supply chains could seize, energy prices could spike, and global financial markets could react violently.

Internal audit teams in manufacturing, logistics, and financial services should already be scenario testing such events. This is not the time for “wait and see.”

4. Deepening Cybersecurity Threats

Already in 2025, state-linked hackers have targeted critical infrastructure, with a particularly aggressive malware campaign uncovered in May affecting over 40 organizations in Europe and North America.

Internal auditors must follow the lead of CISOs and others in the C-suite in treating cyber risk not as a technical issue, but a strategic, enterprise-level threat—with implications for reputation, continuity, and even legality.

5. Monetary Policy Shockwaves and Economic Fragmentation

With inflation proving stickier than forecast, central banks in the U.S., U.K., and India are now split on whether to raise rates again in Q3. A sharp tightening—amid already fragile consumer sentiment—could trigger:

• A recession in vulnerable economies
• Sovereign debt shocks in emerging markets
• Reduced capital flows to developing nations

Audit committees will increasingly ask whether the organization is stress-testing its liquidity and financing assumptions. It’s not enough to “monitor”—we must evaluate the readiness and responsiveness of management’s scenario plans.

What Internal Auditors Must Do Now

In this climate, the burden on internal audit and risk management professionals is greater than ever. Here’s where our focus must shift:

1. Prioritize Dynamic Risk Assessment. Annual risk assessments are obsolete. If 2025 has taught us anything, it’s that risk velocity and volatility demand continuous risk monitoring and recalibration. Collaborate with risk managers and others to maintain a continuous 360 view of the risk landscape and adapt accordingly.

2. Embed Risk Conversations at the Speed of Change. Ensure your function is not trailing events but actively monitoring and contemplating how the events are impacting your organization’s risk portfolio. Are you participating in scenario planning? Are you integrated into crisis response teams?

3. Elevate Technology Risk Governance. From AI to cybersecurity, technology risks are not IT’s problem—they’re everyone’s problem. Internal audit must become more fluent in tech governance and partner with CIOs, CISOs, and compliance leaders to assess risks and provide assurance where appropriate.

4. Serve as a “Sanity Check” for Strategy. With so much uncertainty, strategic decisions are often made on incomplete or biased data. Internal audit can add tremendous value by asking: What assumptions are we making? What’s missing from this plan? Who is challenging the narrative?

Looking Ahead

Will the second half of 2025 bring stabilization? Possibly. But far more likely is a continuation of the turbulence, with new shocks emerging just as others begin to fade.

But here’s the upside: In times of uncertainty, internal audit has the power to be a stabilizing force. Not through clairvoyance—but through clarity. Not by controlling the future—but by ensuring our organizations are prepared, resilient, and grounded in reality.

As internal auditors, our mission doesn’t change with the political winds or the volatility of the markets. It intensifies. We’re here to provide assurance, insight, and foresight—no matter what the second half of 2025 may hold.

So let’s prepare. Let’s stay informed. And let’s continue delivering the kind of value that doesn’t just respond to crisis—but rises above it.