Business Resiliency in the Aftermath of Lockdowns and Disruptions
The lockdowns and disruptions of recent years have fundamentally altered how organizations—and their internal audit and risk management functions—approach business resiliency. Traditionally, business continuity planning (BCP) focused on discrete events like natural disasters or cyberattacks. However, the pandemic revealed that operational resilience must be dynamic and address prolonged, systemic crises. Organizations now emphasize scenario planning that incorporates extended supply chain disruptions, hybrid workforce risks, and evolving regulatory mandates. For instance, internal auditors are now expected to assess not just whether a business continuity plan exists, but whether it has been tested against real-world stress scenarios, including rapid regulatory changes. The incoming administration’s renewed emphasis on ESG (Environmental, Social, and Governance) disclosures also affects resiliency planning, as companies must now ensure that their sustainability-related financial reporting aligns with regulatory expectations. A failure to integrate these considerations into internal audit programs could expose organizations to financial and reputational risks, especially as SEC scrutiny intensifies.Lessons Learned and Forgotten from the Pandemic
One of the most critical lessons from the pandemic is the necessity of agile risk management—yet many organizations are already regressing to pre-pandemic complacency. Businesses that successfully navigated the crisis had cross-functional crisis response teams, robust remote-work cybersecurity protocols, and real-time financial modeling capabilities. However, some companies, particularly in traditional industries, have fallen back into rigid, annual risk assessments rather than maintaining the adaptive, continuous risk monitoring strategies that proved effective during the pandemic. For example, organizations that rapidly adopted cloud-based enterprise risk management (ERM) tools saw improved risk visibility and response times. Yet, as financial pressures mount, some firms are defunding these initiatives, leaving themselves vulnerable to emerging risks such as AI-driven fraud and geopolitical instability affecting supply chains. This short-term cost-cutting mindset ignores the fact that proactive risk management reduces long-term exposure to regulatory penalties and operational disruptions.Has Internal Audit Changed for the Better?
The internal audit profession has undoubtedly evolved, but whether for the better depends on the organization. Some companies have leveraged internal audit’s ability to provide real-time assurance on emerging risks, moving beyond traditional compliance checks. Others, however, have narrowed internal audit’s scope to financial controls and regulatory compliance, effectively sidelining its role in strategic advisory functions. Take, for example, the shift towards auditing third-party risks. In the wake of the pandemic, supply chain disruptions revealed weaknesses in vendor risk management. Forward-thinking internal audit teams now conduct real-time supplier audits using data analytics rather than relying on periodic questionnaires. However, some organizations have deprioritized these efforts, leaving them exposed to the same types of failures that plagued global supply chains in 2020. Internal audit’s enhanced ability to pivot remains dependent on leadership’s willingness to empower the function rather than restrict it to a narrower mandate.The Three Key Things Organizations Now Want from Assurance Functions
a. Forward-Looking Risk Insights – Internal audit is no longer just about evaluating past performance. Organizations now demand predictive analytics in risk assessments. For example, rather than merely identifying compliance gaps in cybersecurity controls, internal auditors are expected to provide insights into how emerging threats, such as generative AI-based phishing attacks, could compromise financial data integrity. b. Integrated Assurance with ESG and Compliance – With the SEC increasing scrutiny on ESG disclosures, companies want internal audit to align assurance efforts across financial reporting, sustainability metrics, and regulatory compliance. A major shift has been the need for auditors to assess the validity of carbon footprint claims and supply chain due diligence—something that was largely outside internal audit’s purview just a few years ago. c. Real-Time, Data-Driven Auditing – Traditional audit cycles are being replaced by continuous auditing methodologies. Companies now expect internal audit to use AI-driven anomaly detection to flag potential financial reporting errors as they occur, rather than waiting for periodic reviews. This shift allows management to address control weaknesses before they escalate into material misstatements.The Evolving Role of the Chief Audit Executive (CAE)
The pandemic experience has significantly elevated the importance of the Chief Audit Executive (CAE) role, transforming it from a compliance-focused function to a key player in enterprise risk strategy. With increased regulatory scrutiny under the new administration, CAEs must now demonstrate leadership in areas beyond traditional financial controls, including cybersecurity governance, ESG reporting, and AI risk management. CAEs now require a stronger command of data analytics and automation to oversee real-time assurance activities. They must also possess strategic communication skills to influence the C-suite and board, ensuring that internal audit’s findings translate into actionable, risk-mitigating decisions. For instance, a CAE who can articulate how evolving SEC climate disclosure rules will impact financial reporting is far more valuable than one who merely ensures compliance with existing regulations. Ultimately, today’s CAE must act as a forward-looking risk strategist, ensuring that internal audit remains a proactive function rather than a reactive compliance checkpoint.Conclusion
The pandemic forced organizations to rethink their approach to resilience, risk management, and internal audit, leading to lasting changes in assurance functions. While some companies have leveraged internal audit’s enhanced agility and predictive capabilities, others risk falling back into outdated, compliance-only mindsets. As regulatory expectations continue to evolve—particularly in ESG reporting and cybersecurity—internal audit must remain proactive, data-driven, and strategically aligned with enterprise objectives. For CAEs, the role has never been more critical. Their ability to integrate financial reporting, risk analytics, and compliance oversight will determine how well organizations navigate the shifting regulatory landscape. Businesses that empower their assurance functions to operate as forward-looking advisors, rather than backward-looking compliance enforcers, will be better positioned to mitigate risks and drive sustainable growth in an increasingly uncertain world.Next Steps
Use the buttons below to to set up a meeting. When addressing legal and tax matters, timing is critical; therefore, if you need assistance, it is important that you retain the services of a competent attorney as soon as possible. Should you choose to contact me, we will begin with an introductory conference—via phone—to discuss your situation. Then, should you choose to retain my services, I will prepare and deliver to you for your approval a formal representation agreement. Unless and until I receive the signed representation agreement returned by you, my firm will not have accepted any responsibility for your legal needs and will perform no work on your behalf. Please contact me today to get started.
As the expression goes, if you think hiring a professional is expensive, wait until you hire an amateur. Do not make the costly mistake of hiring an offshore, fly-by-night, and possibly illegal online “service” to handle your legal needs. Where will they be when something goes wrong? . . . Hire an experienced attorney and CPA, knowing you are working with a credentialed professional with a brick-and-mortar office.
— Prof. Chad D. Cummings, CPA, Esq. (emphasis added)
Attorney and CPA
/Meet Chad D. Cummings

I am an attorney and Certified Public Accountant serving clients throughout Florida and Texas.
Previously, I served in operations and finance with the world’s largest accounting firm (PricewaterhouseCoopers), airline (American Airlines), and bank (JPMorgan Chase & Co.). I have also created and advised a variety of start-up ventures.
I am a member of The Florida Bar and the State Bar of Texas, and I hold active CPA licensure in both of those jurisdictions.
I also hold undergraduate (B.B.A.) and graduate (M.S.) degrees in accounting and taxation, respectively, from one of the premier universities in Texas. I earned my Juris Doctor (J.D.) and Master of Laws (LL.M.) degrees from Florida law schools. I also hold a variety of other accounting, tax, and finance credentials which I apply in my law practice for the benefit of my clients.
My practice emphasizes, but is not limited to, the law as it intersects businesses and their owners. Clients appreciate the confluence of my business acumen from my career before law, my technical accounting and financial knowledge, and the legal insights and expertise I wield as an attorney. I live and work in Naples, Florida and represent clients throughout the great states of Florida and Texas.
If I can be of assistance, please email me at chad@cummings.law, or click here to set up a meeting.