Embracing the New Global Internal Audit Standards – The Time to Act Is Now!

By Victor Santos, CPA, Director

As organizations deal with the complexities of global uncertainties, digital transformation and regulatory demands, taking your audit function to the next level not only helps safeguard your organization but drives it forward. Adoption of the Institute of Internal Auditors’ (IIA) updated Global Internal Audit Standards, effective January 9, 2025, can help you accomplish this. If you have not yet performed a standards readiness assessment to identify gaps, you risk carrying non-conforming practices into 2025 that will be included as findings in your next Quality Assurance Review.

Read on to get a head start on elevating, modernizing and aligning your internal audit function with the new standards.

First: Understanding the New Standards and What’s Different

The new Global Internal Audit Standards represent a comprehensive update to the previous IIA International Professional Practices Framework (IPPF) standards from 2017. They are designed to address the rapidly changing business environment and equip auditors with the principles and tools required for a more agile and forward-thinking profession in governance, risk management and value creation.

Outlined below are the most significant changes we see when comparing the IIA’s previous guidance with their new Global Internal Audit Standards:

A New Five-Domain Framework

The new standards are organized into five domains and set around accompanying guiding principles that form the foundation of effective internal auditing:

1. 1. 1. 1. Purpose of Internal Auditing
      2. Ethics and Professionalism
      3. Governing the Internal Audit Function
      4. Managing the Internal Audit Function
      5. Performing Internal Audit Services

For detailed action steps around these new domains and their respective principles, reference our summary chart below.

New Principles-Based Approach

The five-domain structure moves the standards from being a detailed rule-based framework to a principles-based approach. This change promotes a more flexible and adaptable application of the standards to reflect our ever-evolving business environment.

Enhanced Governance and Role Clarity

There is a stronger emphasis on governance frameworks, clarifying the roles and responsibilities of Boards and senior management in overseeing internal audit functions. This aims to ensure better alignment between internal audit activities and organizational governance.

Specific Guidance for Different Sectors

The new standards include specific guidance tailored to the needs of public sector auditors and smaller internal audit functions, acknowledging their unique challenges and operational contexts.

Focus on Critical Emerging Areas

More attention is given to critical and emerging areas such as cybersecurity, which is increasingly important in today’s business environment. This ensures that internal audits remain relevant and capable of addressing contemporary risks.

Quality Assurance and Improvement

New requirements have been introduced for quality assurance and continuous improvement programs. These enhancements are designed to ensure that internal audit functions maintain high standards and are committed to ongoing improvement.

Integration of Previous Framework Elements

The new standards consolidate and integrate elements from the 2017 IPPF, such as the Definition of Internal Auditing, Mission of Internal Audit, Code of Ethics and Core Principles for the Professional Practice of Internal Auditing. Recommended guidance from the 2017 Implementation Guides has been incorporated as considerations for implementation.

Flexibility and Adaptability

The updated standards provide a more flexible framework that can be adapted to the unique challenges and requirements faced by auditors in different regions and industries. This ensures that the standards are globally applicable and locally relevant.

Stakeholder Engagement and Feedback

The development of the new standards involved extensive stakeholder engagement, with feedback from internal audit practitioners, regulators, member bodies and other stakeholders worldwide. This collaborative approach has helped ensure the standards address the needs and expectations of the profession and its stakeholders.

Snapshot of the New IIA Global Internal Audit Standards and Action Steps to Take

To effectively adopt the five domains and respective guiding principles of the new IIA Global Internal Audit Standards, here are the key steps summarized from the IIA’s original source: Global Internal Audit Standards. For a more comprehensive review of the standards, including their guiding principles, examples of conformance and a glossary of terms, visit theIIA.org directly.

Principle	Action Steps
Demonstrate Integrity	Ensure that all auditors adhere to ethical standards and maintain honesty and integrity. Implement a code of conduct and ethics training programs.
Maintain Objectivity	Maintain independence from the activities audited to avoid conflicts of interest. Use unbiased judgment in all audit processes and decisions.
Demonstrate Competency	Invest in continuous professional development and training for audit staff. Ensure auditors have the necessary skills and knowledge to perform their duties effectively.
Exercise Due Professional Care	Conformance with the Global Internal Audit Standards. Planning and performing internal audit services with the diligence, judgment and professional skepticism of independent and competent auditors.
Maintain Confidentiality	Safeguard sensitive information obtained during audits. Establish clear policies for data protection and confidentiality agreements.
Authorized by the Board	Provide the board and senior management with the necessary information to establish and document the internal audit mandate, including legal requirements, in the charter and approved by the Board. Regularly reassess the internal audit mandate, coordinating with assurance providers and ensuring it aligns with internal audit objectives and organizational changes. Develop and maintain an internal audit charter that outlines the purpose of internal auditing, commitment to the Global Internal Audit Standards and have it approved by the Board.
Positioned Independently	Structure the audit function to report directly to the audit committee or Board of Directors, reinforcing independence and reducing potential conflicts of interest. Avoid assigning auditors to areas where they have personal interests that could compromise objectivity.
Overseen by the Board	Engage with the Board and stakeholders to understand their needs and expectations. Provide value-added insights and recommendations that address stakeholder concerns. Implement an external quality assurance and improvement program. Documentation of agendas and minutes from Board meetings discussions about the internal audit function’s quality assurance and improvement program.
Plan Strategically	Understand the organization’s governance, risk management and control processes to develop an effective internal audit strategy and plan. Create and implement an internal audit strategy that supports the organization’s strategic objectives and aligns with the expectations of the Board, senior management and key stakeholders. Follow a structured audit methodology and plan. Use consistent and repeatable procedures for audit activities. Advisory and consulting projects, which were previously managed on an ad hoc basis, should now adhere to more structured and consistent practices.
Manage Resources	Develop and manage a budget that supports the internal audit strategy and plan, covering necessary resources for the audit function, including training and technology and tools. Seek Board approval for the budget and promptly communicate any impact of insufficient resources to the Board and senior management.
Communicate Effectively	Establish an approach for building strong relationships and trust with stakeholders. Communicate audit findings clearly and concisely to relevant stakeholders. Use effective reporting mechanisms to inform stakeholders of audit results and recommendations. Provide forward-looking insights and recommendations to help the organization anticipate and mitigate risks.
Enhance Quality	Implement an internal quality assurance and improvement program. Regularly review and update audit processes to enhance efficiency and effectiveness. Encourage innovation in audit techniques and methodologies. Continuously seek ways to improve audit processes and add value to the organization.
Plan Engagements Effectively	Effectively communicate during all phases of the audit, and document the objectives, scope and timing of the engagement with management, including any subsequent changes. Develop the engagement risk assessment to understand the activity under review to assess the relevant risks. Document an effective audit work program with relevant and clear criteria to be used to determine whether the activity under review has accomplished its objectives and goals. Solicit management’s feedback and consider management’s request for additional scope areas for the audit.
Conduct Engagement Work	Audit procedures should be developed in response to the identified key risks and key controls. The audit testing approach should include the sampling methodology and the activities to be undertaken throughout the audit. The Audit Program should be reviewed and approved by the chief audit executive or key stakeholder. Audit activities must be documented and reviewed to ensure they support any findings and conclusions reached.
Communicate Engagement Results and Monitor Action Plans	Audit findings should be presented to management for review, ensuring that the factual accuracy of the issues identified, along with the conclusions drawn, are discussed and mutually agreed upon. Findings must be detailed, including the condition, relevant criteria, root cause, potential risk or impact and recommended corrective actions, providing a comprehensive understanding of the issue. Audit reports should be written clearly and concisely, minimizing ambiguity. Recommendations should be practical, actionable and linked to improvements in processes and controls. Management’s progress on resolving audit findings should be actively monitored, with follow-ups to assess the status of agreed-upon corrective actions.

Our Checklist for Conducting Your Readiness Assessment

The new standards not only provide an update, but more importantly a critical step forward in enhancing the value that the internal audit function brings to organizations. It is crucial to conduct a Readiness Assessment starting with a thorough review of your internal audit’s existing strategy, including:

Internal Audit’s Charter Alignment with Organizational Objectives
Internal Audit Procedure Manuals
Annual Risk Assessments
Operational Practices
Key Performance Metrics
Audit Report Writing Effectiveness
Audit Issues, Root Cause Analysis and Deficiency Rating Methodology
Remediation Action and Tracking Guidelines
Stakeholder Feedback Mechanisms
Technology and Tools Assessment
Quality Assurance and Improvement Program

Contact Us

PKF O’Connor Davies Advisory is committed to providing extensive resources to aid organizations in the transition to the new standards, including performing an internal audit readiness assessment, creating transformation plans and implementation guides. This readiness assessment is designed to identify any gaps that need attention or action, ensuring your internal audit function meets the requirements for full conformance with the updated standards.

To discuss how these new standards will impact your internal audit function, please contact your client service team or:

Victor Santos, CPA
Director
Risk Advisory Services
vsantos@pkfod.com | 201.639.0036

Mark Bednarz, CPA, CISA, CFE
Partner
Risk Advisory Practice Leader
mbednarz@pkfod.com | 646.449.6376

Media Contact

Posted In: Articles

Posted On: October 9, 2024