Navigating the New Global Internal Audit Standards: Key Changes You Need to Know

On January 9, 2024, the Institute of Internal Auditors (IIA) unveiled the updated Global Internal Audit Standards, which will come into effect on January 9, 2025. This revision builds on the 2017 framework, aiming to simplify the structure, enhance practical application, and address both current and emerging issues to improve internal audit performance.

Key Changes in the New Standards

The revised Standards streamline the International Professional Practices Framework (IPPF) into a more intuitive format, reorganising them into 52 standards across five domains:

1. Purpose
2. Ethics and Professionalism (replacing the standalone Code of Ethics)
3. Governing the Internal Audit Function
4. Managing the Internal Audit Function
5. Performing Internal Audit Services

These domains comprise of 15 principles; each principle is followed by the related standard’s mandatory “Requirements”, the related guidance called “Considerations for Implementation” and examples of conformance.

Notably, the new structure integrates “attribute” and “performance” categories, eliminating separate “interpretations” sections. Assurance (.A) and consulting (.C) implementation standards have now been embedded in the main body of the Standards.

Significant Changes to Note:

1. Purpose of Internal Auditing: The updated Standards redefine the purpose of internal auditing to include enhancing the organisation’s ability to serve the public interest, alongside providing assurance, advice, insights, and foresight. Internal Audit Functions (IAFs) must clearly articulate their purpose and how their work supports the public interest.
2. Board Oversight of Internal Audit Function’s (IAF) Performance: A new focus is placed on the board’s oversight of the IAF’s performance. The Chief Audit Executive (CAE) must provide the board and senior management with necessary information to support the IAF, and the board must champion the IAF’s objectives, understanding the CAE’s qualifications and competencies.
3. Internal Audit Strategy, Relationship-Building, and Communication: New standards, such as Standard 9.2 (Internal Audit Strategy) and Standard 11.1 (Building Relationships and Communicating with Stakeholders), emphasise the need for a robust internal audit strategy and improved communication. The CAE must develop performance measurement methodologies and engage in continuous dialogue with the board and senior management.
4. Managing Resources: New standards address the management of financial, human, and technological resources. Standard 10.3 mandates that the CAE ensures access to appropriate technology and conducts regular tech evaluations. Training for new technology and collaboration with IT and Information Security functions are also emphasised.
5. Engagement Delivery: The new Standards require prioritisation of audit findings based on significance and include engagement conclusions tied to objectives. Ratings/rankings are recommended but not mandatory. The standards stress the importance of assessing risks and communicating findings effectively.
6. Exercise Professional Skepticism: Standard 4.3 now explicitly requires internal auditors to exercise professional skepticism, which involves questioning the validity and truthfulness of information to make objective judgments based on facts and logic.
7. Quality Assessments: The standards for quality assessments have evolved, requiring both internal and external assessments to consider performance objectives beyond mere conformance. For external assessments, at least one assessor must hold an active Certified Internal AuditorⓇ designation.

Preparing for the Transition

To ensure a smooth transition to the new Standards, Chief Audit Executives should:

1. Review and understand the new requirements.
2. Conduct a Gap Analysis to assess current conformance.
3. Identify Necessary Actions to achieve full compliance.
4. Develop a Project Plan with milestones to address gaps.
5. Inform and Update Stakeholders about the new requirements and actions.
6. Perform a Readiness Assessment as the implementation date approaches.

For those navigating this transition, the Governance, Risk & Controls Advisory team at Vincents are ready to assist. We can help your organisations align with the updated Standards, ensuring a smooth transition and enhanced internal audit performance. Feel free to reach out for support and guidance in adapting to these significant changes in internal audit standards.

Disclaimer: The content of this article is general in nature and is presented for informative purposes. It is not intended to constitute tax, financial or legal advice, whether general or personal nor is it intended to imply any recommendation or opinion about a financial or legal product. It does not take into consideration your personal situation and may not be relevant to circumstances. Before taking any action, consider your own particular circumstances and seek professional advice. This content is protected by copyright laws and various other intellectual property laws. It is not to be modified, reproduced or republished without prior written consent.