The newest episode of our Internal Audit Insight Series, Recap of 2025 Changes Impacting the Future of Internal Audit, is now live. As part of our ongoing commitment to equipping mortgage lenders with timely, actionable guidance, this series continues to examine the operational, regulatory, and risk trends that are shaping the internal audit landscape. In this installment, featuring Mignonne Davis, AMP, and Cassidy Timm, CPA, we may have our most essential one yet.
Across lending organizations, 2025 has been a year defined by consequential change, shifts that carry direct implications for compliance, audit readiness, and long-term strategic resilience. This episode distills those developments, explains why they matter now, and highlights what lenders must do to stay prepared as we move into 2026.
Internal Audit’s Evolving Role in a New Regulatory Environment
From the outset, Mignonne and Cassidy emphasize that internal audit is no longer just a safeguard. It is a strategic tool. As the independent third line of defense, internal audit helps lenders not only comply with regulations but also proactively manage risk, protect organizational integrity, and deliver reliable, defensible results.
This proactive lens is essential given the regulatory shifts that defined 2025.
2025: The Policy Changes Every Lender Must Understand
The episode breaks down several key agency updates that reshape expectations for lenders:
- Fannie Mae’s Quality Control Guidance (effective September 2025): Expanded clarity on QC reporting expectations, updated TPO review requirements, and adjusted sampling standards.
- Fannie Mae’s Cybersecurity Updates (effective August 2025): Revised requirements reinforcing data protection measures across lender operations.
- Reconsideration of Value (ROV) Adjustments: Agency-level changes that relaxed several 2024 mandates, creating new expectations for appraisal review workflows and documentation standards.
These are not theoretical changes; they affect day-to-day processes, reporting structures, and audit expectations.
Why This Episode Matters Now
The operational and compliance risks tied to these updates are significant. As Cassidy explains, internal auditors must continuously reassess risk priorities, adjust audit scopes, and incorporate new requirements into testing protocols to keep organizations compliant in a dynamic market.
For lenders, the message is clear: If you wait until regulators enforce these new expectations, you’ve waited too long. As such, it’s essential to understand these requirements, so that you can effectively work them into your 2026 operations.
This episode offers a concise, plain-spoken walkthrough of what changed, why it matters, and how lenders can build a more adaptive audit function in response.
Looking Ahead: Preparing for 2026 and Beyond
Mignonne and Cassidy close with a forward-looking reminder: the regulatory environment will continue to evolve in 2026, and so will this series. Future installments of the Internal Audit Insight Series will expand on the topics introduced here and break down new developments as they emerge.
Watch the Full Episode
If you’re responsible for compliance, risk, or audit strategy, this is essential viewing. Watch the whole conversation here:
Featuring:
Cassidy Timm, CPA – Manager, Risk & Compliance
Mignonne Davis, AMP – Director, Risk & Compliance
