Adapting to accelerating change
Strategic considerations for insurance audit committees in 2026
On the 2026 audit committee agenda highlights eight issues for audit committees to consider addressing in their 2026 priorities. Among these challenges, four areas demand particularly close attention from insurance audit committees, starting with the governance of emerging technologies.
Insurance company audit committees enter 2026 in an environment of sustained complexity. With SEC filers having completed their multiyear Long-Duration Targeted Improvements (LDTI) implementation in 2023, nonpublic life insurers are now managing their own adoptions. At the same time, the NAIC’s principles-based bond definition required insurers to reassess their entire investment portfolios. Though now largely implemented, these accounting and regulatory shifts demand ongoing audit committee attention to ensure that controls remain effective and that disclosures accurately reflect the evolving risk profile of investment holdings and long-duration contract liabilities.
Insurance audit committees are also navigating the same broader challenges confronting boards across sectors. These include rapidly evolving cybersecurity and artificial intelligence (AI) risks, heightened investor and regulator expectations around sustainability and climate-related disclosures, and an accelerating pace of digital transformation.
AI, cybersecurity, and data governance oversight
For many companies, this oversight often occurs at the full board level—with boards seeking to understand the company’s strategy for realizing business value from AI and its potential impacts on the business model and workforce. However, many audit committees already may be involved in overseeing specific AI-related issues. These include AI governance and regulatory compliance, use of GenAI and AI agents in financial reporting and regulatory filings, deployment of these technologies by internal audit and finance functions, and development of internal controls and disclosure controls related to AI and data.
A recent KPMG LLP survey1 of insurance executives underscores the importance of clarifying this oversight role in insurance companies. In the survey, 90 percent of insurers reported increased AI budgets year over year, with 59 percent expressing confidence that they lead peers in AI adoption. These findings suggest that AI deployment has moved beyond pilots into production systems across underwriting, claims, and pricing.
Amid this shift, boards and audit committees are naturally reassessing their data governance and cybersecurity frameworks. The same KPMG survey2 suggests that such reassessment is particularly critical for insurance audit committees. The study2 found that 65 percent of insurance executives prioritize data governance in their data strategies, followed by data security and privacy (55 percent) and risk management and compliance (48 percent), while 45 percent focus specifically on supporting AI initiatives. Data governance functioning as both compliance foundation and AI enabler intensifies questions about the audit committee’s capacity and expertise to oversee this expanding set of responsibilities.
Questions to consider:
- Does the audit committee possess the necessary capacity and expertise to effectively oversee AI governance, regulatory compliance, and the use of AI in financial reporting?
- How is the audit committee reassessing and strengthening its data governance and cybersecurity frameworks to address the risks and opportunities of AI deployment?
Technology and the finance organization
Finance organizations operate in a complex environment, managing talent shortages alongside implementing digital strategies and transformation. They are also tasked with developing systems and procedures that go beyond conventional financial stewardship and reporting, aiming to enhance value by serving as strategic partners within their organizations.
In insurance companies, the challenges are compounded by the dual reporting burden. Finance teams often prepare both GAAP financial statements and detailed statutory reports for state insurance regulators under Statutory Accounting Principles (SAP). This regulatory reporting is time consuming and resource intensive, requiring reconciliations between the two frameworks, management of multiple reporting calendars, and deep technical expertise in insurance-specific accounting guidance from the NAIC (which is ever evolving).
Looking ahead, GenAI and AI agents offer promise in addressing manual processes that plague insurance finance functions. However, involving humans at vital points in AI workflows remains essential to ensure accuracy, validate results, fix mistakes, add context, and provide judgment.
This is especially critical given the complexity of insurance accounting standards and the regulatory consequences of reporting errors.
Questions to consider:
- How will AI/GenAI adoption balance efficiency in dual reporting with critical human oversight and regulatory compliance?
- What strategies are addressing talent shortages and digital transformation to enable the finance organization’s strategic role amid regulatory burdens?
A broader focus for internal audit
To remain a valuable resource and crucial voice on risk and control matters, internal audit must focus on critical risks beyond traditional financial reporting and compliance. Given the evolving geopolitical, macroeconomic, and risk landscape, audit committees can reassess whether the internal audit plan is risk-based and sufficiently flexible. The audit committee should work with the chief audit executive and chief risk officer to identify the industry-specific, mission-critical, and other risks that pose the greatest threats—and help ensure the 1st and 2nd lines of defense, including internal audit, are focused accordingly.
Given the accelerating pace of change, this strategic focus is particularly critical for insurance companies. Major insurers are simultaneously managing digital transformation, data modernization programs, AI deployment across operations, and evolving regulatory requirements. In this environment, replacing traditional siloed functions with collaborative assurance has become a strategic imperative.
As in other industries, internal audit functions in insurance also face a dual AI challenge. They must audit the company’s rapidly expanding use of AI while also deploying AI within their own operations to remain effective. Audit committees will want to understand how internal audit is using GenAI and AI agents to improve effectiveness and efficiency, what internal audit workflows AI agents can handle, and what internal audit workflows AI agents are handling today.
Questions to consider:
- How is internal audit’s plan evolving to address critical emerging risks and incorporate collaborative assurance in this rapidly changing landscape?
- What is internal audit’s dual strategy for both auditing the company’s AI usage and deploying AI effectively within its own operations?
Audit committee composition and skill sets
The continued expansion of the audit committee’s oversight responsibilities has heightened concerns about its bandwidth and composition. This year is an opportune time to assess whether the committee has the time and skill sets to oversee the major risks on its plate. Such an assessment is sometimes done in connection with an overall reassessment of issues assigned to each standing board committee.
For insurance companies, committee composition challenges are particularly acute given industry-specific governance demands. Insurance audit committees often oversee not only GAAP financial reporting but also statutory reporting to state regulators. This creates a dual-framework oversight burden that requires specialized insurance accounting expertise.
Insurance companies’ audit committees now devote significant attention to risk committee matters—reflecting the heightened focus on cyber threats, data governance for AI deployment, and the rapid evolution of cyberattacks. For insurance audit committee chairs, cybersecurity oversight has become central to the audit committee mandate. This requires understanding of zero-trust frameworks, third-party ecosystem risks, and the balance between AI innovation and appropriate controls.
Thus, insurance audit committees now need a blend of traditional financial reporting expertise, actuarial/ reserving knowledge, technology and cybersecurity fluency, and strategic business acumen—a combination that’s challenging to assemble in a typical committee of four to six members.
Questions to consider:
- Do current board committee(s) have the time, composition, and skill set to oversee a high-priority risk outside their purview? Is there a need for an additional committee, such as a technology, sustainability, or risk committee?
- Is there a need for new director(s) with unique skill sets or experience to help the board oversee specific risks?
38th Annual Insurance Industry Conference
September 17-18, 2026
Dive into our thinking:
Adapting to accelerating change
Strategic considerations for insurance audit committees in 2026
Download PDFOn the 2026 audit committee agenda
Eight issues for audit committee agendas in 2026
Explore more
Insight
Top of mind insurance industry issues
Gain insights from KPMG on the issues that are top-of-mind for the insurance industry.
Insight
Navigating complexity and uncertainty
How insurance boards can adapt in 2025
Meet our team
