CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Nearly one-third of employees have felt excluded at work
Nearly one in three US employees (31%) report feeling excluded or marginalized at work in the past five years, according to a new study from Traliant, an online compliance training provider. The findings highlight a gap between intent and impact in workplace inclusion efforts, despite 99% of employees valuing workplaces where everyone feels included and amid the Trump Administration’s continued war against DEI.
The survey, “The State of Inclusion in Today’s Workplace,” surveyed over 500 full-time US employees and found that millennials experienced the highest rates of exclusion (36%), while Gen X reported the lowest (22%). More concerning, more than half (55%) of employees who felt excluded or marginalized considered leaving their job as a result.
“Inclusion efforts rooted in anti-discrimination practices are legal and necessary for organizations to make employees feel valued, engaged and empowered to contribute to the long-term growth and resiliency,” said Casey Heck, senior vice president of HR at Traliant. “By identifying and addressing gaps in workplace culture that cause some employees to feel excluded, businesses can strengthen workplace collaboration to realize the full potential of their workforce in achieving business goals.”
Conflict resolution (60%) and active listening (56%) were identified as the two most common skills needed to foster more inclusive environments, while organizations offering inclusivity training to all employees was correlated with a lower rate of employees saying they felt excluded or marginalized.
The survey was conducted by independent market research firm Researchscape in December 2024, polling 529 US workers from organizations with more than 100 employees.
Only 15% of organizations view themselves as disruptive leaders
Only 15% of organizations globally view themselves as disruptive leaders in an environment that is rapidly changing, according to the second annual survey on global board governance conducted by Protiviti, BoardProspects and Broadridge Financial Solutions. The survey reveals significant differences in how organizations that position themselves as disruptors operate compared to those that see themselves at risk of being disrupted.
Three-quarters of companies believe their business models will change within three years, indicating widespread recognition of impending transformation. However, most organizations do not identify as change agents, with 34% considering themselves “disruptive aspirants,” 25% seeing themselves as both disruptors and at risk of disruption and 16% classifying themselves as “agile followers” who can quickly adapt when disrupted.
“We have experienced more change in this decade than we have since the turn of the century with more on the horizon,” said Joe Tarantino, president and CEO of Protiviti. “The key to managing the uncertainty of a disruptive global marketplace is being proactive in embracing change and seizing opportunities. It is all about having a mindset of anticipating, preparing, adapting and acting decisively.”
Other key findings:
- 77% of disruptive leaders are confident or highly confident in their ability to recognize, adapt and respond timely to disruptions, compared to just 28% of organizations that are slow to respond to disruption.
- 72% of disruptive leaders view generative AI as providing a significant or moderate opportunity to be a disruptor, while more than 40% of disrupted organizations view the technology as a risk to disrupt them.
- 7% of organizations believe they are at risk of being disrupted and slow to evaluate how to respond, while 3% are unsure where they fall on the disruption continuum.
“The findings of this year’s ‘Global Board Governance Survey’ reveal a stark reality: organizations that position themselves as disruptive leaders are significantly better equipped to harness emerging technologies and navigate change,” said Mark Rogers, founder and CEO of BoardProspects. “This highlights the critical importance of boards fostering an innovative culture that embraces disruption rather than merely responding to it.”
The survey polled more than 1,800 board members, CEOs and other C-suite executives in the fourth quarter of 2024.
GenAI adoption more than doubles among internal audit leaders
The percentage of chief audit executives (CAEs) using generative AI for internal audit activities has more than doubled in the past year, rising from 15% to 40%, according to new research by the Institute of Internal Auditors’ Internal Audit Foundation and AuditBoard that highlights the profession’s accelerating technology adoption alongside its expanding strategic role.
Data analytics skills remain foundational to internal audit activities, with more than 75% of CAEs identifying it as the technology skill they most sought to enhance among staff, according to the “2025 North American Pulse of Internal Audit Survey.” Additionally, more than 90% of respondents indicated that adoption of data analytics was essential for the future of the profession. Beyond data analytics, other priority areas for staff development include communications and collaboration (53%), cybersecurity (51%) and IT (46%).
“Technology is the path of the future, with internal auditors integrating more tools to increase efficiency and effectiveness,” said Anthony Pugliese, president and CEO of the IIA. “This enables the profession to take on a broader role, meeting the demands of an evolving business environment and affirming our increasing importance and relevance.”
Other key findings:
- Internal audit functions that are fully aligned with strategic objectives have a 31-percentage-point advantage in funding compared to those that are somewhat aligned.
- Nearly one-third of CAEs now have responsibility for enterprise risk management (ERM) at their organizations, compared to only 24% nine years earlier.
- Other common areas of responsibility include fraud (47%), SOX (36%) and ethics/whistleblower programs (33%).
- Internal audit activity currently comprises 75% assurance and 25% advisory work for most functions, though CAEs seek to increase advisory work to 40% going forward.
KPMG: Majority of US organizations lack integrated risk and resilience structures
More than half (52%) of US organizations have not integrated risk and resilience capabilities, accountabilities or organizational structure, according to a new KPMG survey of 208 US C-suite leaders. The findings highlight a gap between leaders’ recognition of evolving risk challenges and implementation of comprehensive risk management approaches.
Cybersecurity continues to be considered the biggest risk challenge for businesses over the next five years at 57%, followed by data privacy risk at 43% and technology risk at 41%. Meanwhile, the survey reveals that two-thirds to nearly three-quarters of organizations face moderate to strong barriers in effectively managing risk, including performing duplicative efforts (71%), cultural resistance (66%) and lack of awareness and communication (72%).
“The current business environment is marked by unprecedented levels of volatility and rapidly evolving risks,” said Joey Gyengo, US enterprise risk management solution leader at KPMG. “The interconnectedness and complexity of external risks mean that organizations can’t afford to concentrate on risks or processes in isolation. The environment we currently operate in demands a holistic and multifaceted approach to risk management to help ensure resilience across the organization.”
Other key findings:
- Organizations with centralized structures for managing risk and resilience (48% of respondents) are more mature in their capabilities to handle disruption than their counterparts.
- Most organizations (51%) test and update their resiliency plans annually, while 23% do so more than once a year.
- Organizations with centralized risk and resilience structures are more likely to use specialized tools including GRC technologies, risk monitoring tools and risk reporting technologies.
- Organizations with centralized risk and resiliency management are twice as likely to have timely data than those with decentralized management structures.
- Advanced analytics such as monitoring and sensing, scenario analysis and predictive modeling are being employed by about half of the organizations surveyed.
“In an increasingly complex and volatile ecosystem of risk, bold solutions with a clear strategy and predictive insights are key,” said Samantha Gloede, a managing director at KPMG. “Stakeholder trust is earned when organizations take a fully integrated approach and a cohesive strategy for managing risk and resilience.”
