menu close NewsContact Us search close
Global Site close
  • Americas
  • Asia Pacific
  • Europe
  • Middle East and Africa
ArgentinaArubaBahamasBarbadosBoliviaBrazilCanadaCayman IslandsChileColombiaCosta RicaCuracaoDominican RepublicEcuadorEl SalvadorGuatemalaHondurasMexicoPanamaParaguayPeruPuerto RicoSaint MartinSurinameUnited StatesUruguayVenezuela
AfghanistanAustraliaCambodiaChinaHawaiiHong KongIndiaIndonesiaJapanMacauMalaysiaMaldivesMongoliaMyanmarNepalNew ZealandPakistanPhilippinesSingaporeSouth KoreaSri LankaTaiwanThailandVietnam
AlbaniaAndorraArmeniaAustriaAzerbaijanBelgiumBulgariaCroatiaCyprusCzech RepublicDenmarkEstoniaFinlandFranceGeorgiaGermanyGreeceHungaryIrelandItalyKazakhstanLatviaLiechtensteinLithuaniaLuxembourgMaltaMoldovaNetherlandsNorwayPolandPortugalRomaniaSerbiaSlovakiaSloveniaSpainSwedenSwitzerlandTajikistanTurkeyUkraineUnited KingdomUzbekistan
AlgeriaAngolaBahrainCôte d’IvoireEgyptGhanaIraqJordanKenyaKuwaitLebanonLiberiaMaliMauritiusMoroccoMozambiqueNigeriaOmanQatarSaudi ArabiaSenegalSierra LeoneSouth AfricaTanzaniaTogoTunisiaUgandaUnited Arab EmiratesYemenZimbabwe
Services
close Services
Tax
Services
Sectors
close Sectors
Sectors
Insights
close Insights
Insights
About Us
close About Us
About Us
Careers
close Careers
Careers
NewsContact Us
search close
home Insights
International internal audit standards are changing

International internal audit standards are changing

Carron Heffernan, Certified IIA Internal Auditor
19/09/2024
International internal audit standards are changing
What does it mean for you?

Following an extensive consultation with stakeholders in 2023, the Institute of Internal Auditors (IIA) released new Global Internal Audit Standards in January 2024, which will come into effect on 9 January 2025. The new Standards apply to all practising internal audit professionals and seek to raise the bar in our profession by providing increased rigour. The new Standards apply to any individual or function that provides internal audit services, whether an organisation employs internal auditors directly, contracts them through an external service provider, or both.

The Global Framework known as the International Professional Practices Framework (IPPF) includes both the mandatory Global Internal Audit Standards and the Topical Requirements, and also the supplementary Global Guidance.

The Standards provide a new structure with their arrangement under five domains, namely:

  1. Purpose of Internal Auditing;
  2. Ethics and Professionalism;
  3. Governing the Internal Audit Function;
  4. Managing the Internal Audit Function; and
  5. Provision of Internal Audit Services.

Across the five domains are 15 Principles and 52 Standards. They are responsible for guiding the worldwide professional practice of internal auditing and serve as a basis for evaluating and elevating the quality of internal audit functions. Each Principle is supported by Standards that contain requirements, considerations for implementation, and examples of evidence of conformance.

Any change can be daunting, particularly one such as this with many obligations and masses of information. One of the key things to be aware of is that the Standards oblige organisations, Chief Audit Executives, and Audit Committees to perform a readiness assessment to understand where they are currently and where they need to be by January 2025 to comply with the new Standards.

We have identified and summarised below the key changes in the 2024 Standards compared to the 2017 Standards. (This is a summary and detailed changes should be studied carefully):

  • In Domain I: Purpose of Internal Auditing, the concept of Internal Audit remains fundamentally the same but there is now a revised definition of the purpose. Essentially, the value of internal audit is articulated in a purpose statement, combining the Mission and Definition from the 2017 IPPF.
  • Domain II: Ethics and Professionalism sets out the behavioural expectations for professional auditors, including the requirement for professional scepticism, integrity, objectivity, confidentiality, and professional courage. Internal auditors must exhibit courage and skilled communication and take appropriate action if they meet difficult situations while auditing. It is the responsibility of the Chief Audit Executive to maintain a work environment whereby auditors feel supported when expressing the results of their engagement, be they positive or negative.
  • There is an emphasis in the new Standards for the audit function to have sufficient and appropriate audit knowledge and skills and to maintain competence. Audit functions must have appropriate resources and budget to invest in training programmes for auditors. This will add value to the audit function and allow them better tools to strengthen governance, risk management, and control processes in the organisation.
  • We can see a significant change in Domain III: Governing the Internal Audit Function. The requirements for internal audit are followed by essential conditions for boards/audit committees and senior management. These essential conditions enable the internal audit function to be effective.
  • Internal audit functions require an internal audit mandate and this must be approved by the Board and the Audit Committee. It is to be documented within the internal audit charter, and it must set out the authority, role, responsibilities, scope, and types of services to be provided by the internal audit function.
  • The External Quality Assessment (EQA) is considered in Standard 8.4. The Chief Audit Executive must develop a plan for an EQA and discuss the plan with the Board. The external assessment must be performed at least once every five years by a qualified, independent assessor or assessment team. The requirement for an EQA may also be met through a self-assessment with independent validation.
  • In Domain IV: Managing the Internal Audit Function we can see that the Chief Audit Executive will be required to develop and implement a strategy detailing the vision, strategic objectives, and related initiatives for the internal audit function. This strategy must align with the expectations of the Board, Senior Management Team, and key stakeholders.
  • Technology is a recurrent theme throughout the new Standards and specifically in ensuring audit functions are making the best use of the technology available in the market and within their budget. Internal audit functions should be considering how to use technology such as data analytics and artificial intelligence to create better workflows and control paths.
  • In alignment with the 2017 Standards, conclusions from internal audit engagements must be communicated to the Board and Senior Management. The new Standards place a greater emphasis on the need for root cause analysis for recommendations brought to light in audit reports. The internal audit functions should work collaboratively with Senior Management to find the root cause(s) of the findings (where possible), which will in turn encourage further discussions between committee members and Senior Management.
  • Domain V: Provision of Internal Audit Services specifies that if internal auditors and senior management disagree on engagement results, auditors must discuss and reach a mutual understanding of the issue with management. The internal auditor function must follow an established methodology to allow both parties to express their positions. This process must therefore be documented in the internal audit’s methodology papers.
  • The new standards also see the addition of guidance on applying the standards in the public sector.

Finally, the new Standards also introduce “Topical Requirements”. Essentially the Global Standards are timeless guides to the worldwide practice of internal auditing, whereas the Topical Requirements are timely and are designed to enhance the consistency and quality of internal audit services related to specific audit subjects such as Cybersecurity, Environmental, Social, and Governance (ESG), and third-party management.

What can Crowe do to help and support you?

The expert team at Crowe are here to help you navigate the changes in the Global Internal Audit Standards and help you achieve compliance regardless of the size or maturity level of your internal audit function. We want to help you increase strategic value and the overall impact of your internal audit function within your organisation.

Some of the areas we can help with include (but are not limited to):

  • Gap Analysis/Readiness Assessment: We can perform a Gap Analysis and a Readiness Assessment to ascertain how your current methodology compares against the new 2024 Standards. We can also assist you in prioritising your next steps to achieve compliance with the 2024 Standards.
  • Assurance Map: We can assist in the development of an Assurance Map for your organisation. An Assurance Map is a structured means of identifying and mapping the main sources and types of assurance in an organisation across the four lines of defence and coordinating them to best effect. It is a powerful tool that provides great insights for Boards, Senior Management, and audit committees, and will assess the collaboration between internal audit and other lines of defence.
  • Internal Audit Strategy: We can assist in refreshing your Internal Audit Strategy and Methodology to ensure they are aligned with the new 2024 Standards. We want to make sure your internal audit function supports your organisation to create, protect, and sustain value.
  • Workshops: Our expert team can facilitate workshops for both staff and audit committee members. The workshops can provide training to staff to introduce and explain the new Standards and give key stakeholders a chance to get up to speed with the changes to the Standards and what they mean for affected parties. The Board and Senior Management will need to be aware of the essential conditions within the new Standards. We can also support your Head of Internal Audit to drive better engagement between Committee members and Senior Management, as emphasised in the new Standards.
  • External Quality Assessment: If your internal audit function is planning an External Quality Assessment, our in-house and certified internal auditors can perform these for you.
  • Technology: We can assist you to assess the use of technology and data in your internal audit function, to identify areas for improvement.

 Get in touch with our team to find out how we can help your organisation during this transition period.

Contact us:

Internal audit services
Consulting Partner Shane McQuillan Crowe Ireland
Shane McQuillan
Partner, Consulting
+353 86 044 2084
View profile
Alan Davidson - Crowe Ireland
Alan Davidson
Director, Internal Audit & Consulting
+353 86 836 6662
View profile
Internal audit services

Stay connected

Sign up to stay connected and receive updates and insights directly into your inbox.