Risk Advisory

IIA GLOBAL INTERNAL AUDIT STANDARDS

Following a consultation phase, the Institute of Internal Auditors (IIA) published the Global Internal Audit Standards (hereinafter: Standards) on 9 January 2024.

These standards represent a significant evolution in the practice of internal auditing, incorporating essential content from the 2017 Standards for the Professional Practice of Internal Auditing and the mandatory guidance of the International Professional Practice Framework (IPPF).

The “International Standards for the Professional Practice of Internal Auditing” (IPPF) from 2017 will thus be replaced.

The new standards represent a further development of internal audit practice and have an impact on the working methods of internal audit, interaction with stakeholders and, in particular, other corporate governance functions.

The Standards At a Glance

The standards are divided into five domains with 15 principles and a further 52 standards as well as considerations for implementation and examples.

The five domains are:

1. Objectives of internal auditing
2. Ethics and professionalism
3. Governance of internal audit
4. Management of internal audit
5. Provision of auditing services

The standards are supplemented by the so-called “topical requirements”. These are cyber security, sustainability / ESG, service provider management, information technology governance. In response to the increasingly complex risk landscape of companies, they are to be included in audit activities where applicable.

Relevant Changes To The Global Internal Audit Standards Include, For Example

Binding requirements for the (further) development of an audit mission statement and an audit strategy for the first time
Greater involvement and need for interaction between internal audit and the management / supervisory body, and recommendation of the reporting line to the CEO. Understanding the risk map of the entire organization and the audits of the risk management function
Increased use of data analytics & tools in audit activities
Clarification of the requirements for reporting and communicating findings
Specification of the information protection requirements
Greater focus on measuring the performance of auditing activities
Increased requirements for external quality assessments

What Is Important For a Successful Implementation ?

A number of measures are necessary for organizations to ensure compliance with the new IIA Global Internal Audit Standards. This process is also a suitable opportunity for internal audit organizations to question and adjust their existing audit system in line with the new requirements and to strengthen the focus on added value and stakeholder needs.

In this context, we recommend the following three-stage approach:

Analyse the new requirements and standards
- Analyse the Global Internal Audit Standards and derive relevant changes
- Classify the necessary adjustments, taking into account the current status quo of the individual internal audit system
- Creating a roadmap for the implementation of relevant adjustments

Implementation and transformation
- Deriving work packages and priorities
- Involving the relevant stakeholders
- Releasing and implementing the requirements
- Monitoring the implementation
Communication and training
- Communication with the relevant stakeholders about the changes
- Training of audit staff on the application of the new standards
- The type and scope of measures required to comply with the new standards can vary significantly depending on the size of the audit organization and the sector in which it operates.

A certain level of capacity within Internal Audit is required to derive and coordinate measures with the relevant stakeholders and to effectively implement the new standards.

In addition, an audit review can be carried out as a kind of “dry run” in 2025 in order to train the handling of the new standards.

Conclusion

The need to share information and collaborate intensively across functions in the interests of efficient corporate governance cannot be overlooked – not least because compliance is a cost factor.

The new standards offer a good opportunity to further develop internal auditing, to further intensify interaction with stakeholders and to strengthen the integration of governance, risk and compliance systems while maintaining independence and objectivity.

The following measures are recommended in this context:

Discussion with management and the supervisory body about their expectations, the mission statement and the strategic contribution of internal audit to supporting the corporate vision, safeguarding corporate values and increasing resilience

Discussion of the company-wide risk map and the analysis and management of these (new) risks by risk management
Use of tools, technology and data & analytics to generate added value in audit activities
Clear commitment to high quality standards in internal auditing
Training & further development of audit staff

The extent and maturity of corporate governance and, in particular, internal auditing varies depending on the sector and size of the company.

In conclusion, it can be said that the IIA’s new Global Internal Audit Standards will have a considerable impact on the interaction and working methods of internal audit – with a clear commitment to audit quality, dealing with relevant corporate risks, technology and data & analytics as well as increasing integration of the GRC function and interaction with the relevant stakeholders such as management and the supervisory body.