Understanding the new IIA Standards

You’ve worked hard to establish a seasoned, well-oiled internal audit function at your organization – but with changes coming to the standards, now’s the time to make sure you remain compliant.

The new IIA Global Internal Audit Standards (the 2024 Standards) were released on January 9, 2024, and will become effective on January 9, 2025. All quality assessment reviews performed after that date will utilize the new Standards. Because compliance is imperative, your CAE and internal audit function must be up-to-date and functioning prior to the effective date.

There should be a systematic approach to achieving compliance with the new Standards. Broadly, comprehensive assessment and gap analysis, training and development, and continuous monitoring and evaluation should be performed to assist in your preparation for the new Standards becoming effective.

Although not all-inclusive, steps that should be considered include:

  • Have conversations with senior management, audit committee members, and board members to discuss these changes and the need for updates in policies and procedures, including their roles, consideration, approval, and support.
  • Consider past quality assessment reports, both internal and by third parties, and make sure you have addressed any areas of concern or non-conformance.
  • Incorporate updates to your audit operating and policy manuals, processes, and procedures, and get them approved.
  • Build out risk assessments, audit plans, and budgets to incorporate the changes.
  • Initiate and provide training to employees, senior management, audit committee members, and the board on the changes both broadly for the organization as a whole and within your internal audit function.
  • Visit the IIA website and review published materials to determine if you have gaps between the 2017 IPPF and the 2024 Standards. Any gaps must be addressed.

These steps will serve as a starting point in your quest to comply with the new Standards. The new Standards retain a strong focus on five key areas:

  • The purpose of internal auditing
  • Performing internal audit services
  • Managing the internal audit function
  • Governance of the internal audit function
  • Ethics and professionalism

There are several enhancements to areas such as scope, clarity, emphasis on risk management, communication, reporting, professional competence, and due professional care.

The IIA has provided many tools, articles, training, and supplements to help with the transition to the new Standards. The changes fall into various categories, but we stress the importance of exploring the associated changes in more detail.  Here are some changes to consider that could influence your internal audit function as you move forward:

Known concepts, new definitions

  • Professional courage
  • Ethical expectations
  • Professional skepticism

Still CPE but new conformance

  • Core competencies and knowledge, skills, and abilities
  • Continuing professional development
  • Methodologies, policies, and procedures aligned with the Standards

More IT, data, and information protection

  • Information and data access should be least privilege, and establish and follow a methodology

Additional governance, support, and CAE oversight

  • Governing of the internal audit function must be discussed with the board and senior management
  • Board and senior management support
  • CAE’s overall responsibility to facilitate, their qualifications/competencies, and roles and responsibilities of the board and senior management
  • External quality assessment every five years; ensuring quality assessor holds a CIA certification
  • Establish internal audit strategy including mission, vision, and strategic objectives

Increased documentation and engagement reporting

  • Communicating results, findings, and conclusions considered in the totality of the audit plan
  • Evaluating the function’s performance
  • Ongoing communications, e.g., engagement objectives, scope, and timing
  • Evaluating and discussing limitations and changes to objectives and scope
  • Documenting relevant information that cannot be obtained as a finding
  • Evaluating findings in relation to risk and significance
  • Process to resolve disagreements on recommendations and action plans to determine resolution
  • Final engagement communications, specify action plan, responsible parties, and implementation date

The updates to the Standards represent a continued focus on accountability, integrity, and excellence in internal auditing practices worldwide. Adherence to the Standards provides many benefits, including enhanced governance and oversight, improved risk management, and increased stakeholder confidence. By embracing the Standards, organizations reaffirm their commitment to these core values and drive sustainable growth and resilience in an ever-evolving environment and world.

In addition to the information mentioned above, CAEs and internal audit functions are advised to monitor and continue to evaluate information released by the IIA regarding the 2024 Standards for more specific guidance.

Jamie Braswell is a senior manager with the risk assurance and advisory services group at KraftCPAs. Reach her at 615-782-4227 or jbraswell@kraftcpas.com.

 

Helpful links

Conformance Readiness Assessment Tool (theiia.org)

Global Internal Audit Standards (theiia.org)

Two-Way Mapping: 2017 IPPF Mandatory Elements to 2024 Global Internal Audit Standards (and Back) (theiia.org)

Benchmark Hub (theiia.org)

Introducing the New Quality Assessment: Aligned to the Global Internal Audit Standards (theiia.org)

Search Site

Search Team

Search Articles