On Jan. 9, 2024, the Institute of Internal Auditors (IIA) issued the 2024 Global Internal Audit Standards, replacing the 2017 International Standards for the Professional Practice of Internal Auditing. The standards provide a framework to guide the quality and effectiveness of internal audit (IA) activities and list 15 guiding principles that internal auditors globally are expected to adhere to.
The revisions emphasize that compliance with the standards is not only a function of IA, but should be embedded in the organizational culture supported by a strong tone at the top. The board of directors, senior management, chief audit executives and IA professionals are expected to understand the new specifications and assess them against the current state of IA to assess gaps and identify opportunities for changes. The amount of effort required for alignment with the new standards will vary, depending on the maturity of the IA function within the organization.
Key changes for stakeholders
The standards introduce a number of notable changes. New requirements for quality assurance and improvement programs (QAIPs), expectations on professional skepticism and ethics, and guidance on continuing professional development within the standards seek to strengthen the credibility and quality of the IA function, both within the organization and with regard to public interest.
In addition, explicit definitions of board and senior management responsibilities have been introduced to enhance the influence of IA, while emphasizing the importance of aligning the IA function with the organization’s strategic objectives and stakeholder expectations on value. Lastly, additional considerations added for the public sector empower those IA practitioners to more effectively apply the standards by providing clarity over the differences in applicable structures and terminologies.
Response to the new standards will differ depending on each stakeholder’s role and responsibility. As stakeholders consider the latest standards, they may benefit from considering the following questions:
- Do we have the appropriate IA function oversight and support structures in place?
- How are we communicating across functions, and how are we monitoring IA’s effectiveness?
- What technology, training and information does IA need to effectively carry out audits aligned with the organization’s strategic objectives?
- How can we leverage the new standards to drive transformative change in our organization?
The board and senior management
The new standards clarify the board’s role in the governance of IA, including a requirement for oversight of the QAIP. To adhere to the new standards, boards should ensure they are asking the right questions to provide appropriate oversight over the IA function, with the objective of evaluating and elevating the quality of IA. For example, the board should evaluate the sufficiency of the IA charter, and whether IA is effectively communicating across functions. Working collaboratively with the board, senior management must ensure that they understand their role in supporting and embracing IA, and supplying IA with the necessary information and tools to fulfill the IA mandate.
Chief audit executive
Chief audit executives are responsible for managing resources effectively and establishing methodologies—policies, processes and procedures—to guide the IA function. The new standards require chief audit executives to ensure at least one individual on the assessment team for external quality assessments is a certified internal auditor. As new challenges and demands of IA rise in an ever-evolving and increasingly complex risk landscape, chief audit executives will need to demonstrate their acumen for strategy, technology and relationships more than ever.
Internal auditors
With an increased focus on quality and continuous improvement, evidenced by the new and enhanced standards relating to professional skepticism, communication and analyses, IA professionals will need to hone and develop skills that demonstrate agility, critical thinking and communication. Professional development concepts encourage internal auditors to practice introspection to identify areas for development and take steps to enhance their skills and abilities through continuous learning. The standard’s code of ethics also highlights internal auditors’ duty to uphold the integrity, objectivity, confidentiality and competence of the profession.
Effective date
The new standards will become effective on Jan. 9, 2025, but early adoption is encouraged. The previous version of the standards, released in 2017, remains approved for use during the one-year transition period.
Road to adoption
To prepare for adoption, your organization should conduct a readiness assessment to evaluate readiness against the standards, identify areas of improvement, and develop an implementation plan and road map toward compliance. The readiness assessment should include a value-forward strategic assessment to align the IA function against your organization’s objectives, stakeholder expectations and industry-leading practices. A robust training and coaching program integrated into the implementation plan will encourage and empower internal auditors to embrace the principles outlined in the standards. Lastly, quality assurance reviews and audits are a critical component to performance measurement and, ultimately, monitoring of compliance.