Internal Audit: New IIA Standards

Have you familiarized yourself with the key changes to the new IIA Standards?

The Global Internal Audit Standards, published on January 9, 2024, will come into effect on January 9, 2025. The changes encompass the following four key topics:

icon
Stakeholder Interaction and Communication
  • Assurance Mapping
  • Gather Expectations
  • Communication Protocols
icon
Quality: «Conformance & Performance»
  • Adjust QAIP
  • Define Objectives/KPIs
  • Define Strategy to Achieve Objectives
icon
Training & Professional Development
  • Competency Framework & Succession Planning
  • Revise Training Programs
  • Define & Train IA Methodologies
icon
Documentation &
Evidence
  • Revise IA Charter
  • Revise IA Handbook / Policies
  • Adjust Templates / Workpapers

Stakeholder Interaction and Communication

The 2024 IIA Standards put additional focus on stakeholder engagement and their input and expectations. Stakeholders may include the Board, Senior Management, Operational Management, regulatory agencies, internal and external Assurance Providers, and other consultants. Compared to the 2017 IIA Standards, stakeholder interaction is now a «must» criterion, and communication and collaboration with these groups are explicitly required, rather than merely implied. 

We see this as an excellent opportunity to reinforce the value of Internal Audits to all stakeholders and to strengthen collaborative and interactive communication.

Quality

The new 2024 IIA Standards go beyond mere compliance by emphasizing performance. What does this mean in practice? It's not just about adhering to the standards but also about evaluating the performance of Internal Audit and achieving performance goals. An interesting fact: The word «quality» appears 123 times in the new Standards, compared to only 18 times in the 2017 Standards.

This provides an opportunity to elevate Internal Audit to a new level. By focusing on performance enhancement, companies can achieve their goals more effectively and manage risks better.  

Training and Professional Development

The recent changes to the 2024 IIA Standards place a stronger emphasis on competency and training of the IA team. Ensuring competence and offering training opportunities are now explicit requirements. This includes defining, documenting, and effectively training specific Internal Audit methodologies. Having a competency framework and professional development plans is essential for conducting effective and efficient internal audits.

Competency and training aren't merely key words; they are fundamental to achieving long-term success.

Documentation and Evidence

Whether it's updates, revisions, or new creations, documentation plays a crucial role in the new 2024 IIA Standards. Therefore, each standard now includes examples of evidence. A clearly defined IA Charter (see also the IIA Model Charter) and a comprehensive IA Manual with specifically defined methodologies support the Audit process and form the foundation for a successful IA function.

This is an opportunity to clearly (re)define the roles, authorities, and methods of the Internal Audit function.

The 2024 Global Internal Audit Standards as the Core of the New IPPF

The Global Internal Audit Standards are the core of the International Professional Practices Framework (IPPF), which comprises three elements:

1. Global Internal Audit Standards (mandatory)

2. Topical Requirements (mandatory)

3. Global Guidance (non-mandatory)

The new IIA Standards consist of the following 5 domains, encompassing 15 principles and 52 standards:

  • Domain I: Purpose of Internal Auditing.
  • Domain II: Ethics and Professionalism.
  • Domain III: Governing the Internal Audit Function.
  • Domain IV: Managing the Internal Audit Function.
  • Domain V: Performing Internal Audit Services.

Each IIA Standard includes «must» requirements, implementation considerations («should» requirements), and examples of evidence. Additionally, in Domain III, there are «Essential Conditions» within the "must" requirements for the governing body (Board) and Senior Management.

Successful Implementation: Our Pragmatic Approach

To successfully implement the new IIA Standards, we recommend the following pragmatic approach:

icon

1. Familiarization with the New IIA Standards

The first step is to recognize and understand the changes and new requirements of the 2024 Standards. To assist you, we have created a concise presentation outlining and explaining the key changes and to-dos. This presentation is available for you to download below.

icon

2. Discussions with the Board and Senior Management

  • Discussion of Domain III: The Chief Audit Executive (CAE) is responsible for the requirements in Domain III, but the activities of the Board and Senior management are crucial for Internal Auditing to fulfill its purpose and value. The CAE must discuss Domain III with the Board and Senior Management. To assist with this discussion, we refer to the IIA's «Chief Audit Executive Toolkit Implementing Domain III of the Standards».
  • Define/Discuss the IA mandate and objectives.
  • Gather expectations from the Board and Senior Management regarding IA Strategy, communication, and performance objectives and -measurement (KPIs).
icon

3. Gap Assessment / Readiness-Assessment

Many of the changes in the new IIA Standards are best practices that were already implied in the 2017 Standards (though not explicitly required). The 2024 Global Internal Audit Standards, however, are more clearly defined and leave little room for interpretation. Therefore, conducting a Gap Assessment is recommended to identify necessary actions for compliance with the new Standards. We would be pleased to support you with an independent gap assessment and providing a tailored to-do list outlining the specific new requirements applicable to your organization (see below for more details).

icon

4. Execution of key to-dos (Implementing Gap Assessment results)

The results from the Gap Assessment need to be implemented individually. Typical to-dos include:

  • Adjusting the IA Charter - see also IIA Model Charter (DE) and (ENG).
  • Defining the IA Strategy, performance objectives and -measurement (KPIs).
  • Updating the IA Manual/policies, including newly defined methodologies.
  • Assurance Mapping and extend coordination with Internal and External Assurance Providers.
  • Creating communication protocols (a matrix that defines who communicates what to whom ad when).
  • Revising the QAIP = Conformance + Performance.
  • Updating the competency framework and training programs.
  • Updating evidence and documentation (reporting templates, workpaper templates).

We are here to support you: Our Services

January 9, 2025, is approaching quickly, and preparations for the new Global Internal Audit Standards should begin as soon as possible. We would be pleased to support you as follows:

Gap Assessment / Readiness-Assessment

We offer an independent Gap Assessment / Readiness-Assessment to identify areas within your Internal Audit function that require attention regarding the new IIA Standards. Our Gap Assessment includes the following: 

  • An online survey involving all members of the Internal Audit function and key stakeholders (Board, Senior Management, Operational Management, regulatory agencies, internal and external Assurance Providers, and other consultants).
  • A detailed documentation review of relevant IA policies and tools (i.e. IA Charter, IA Strategy and objectives, IA Manual, other relevant policies, annual and engagement planning documents, and other Internal Audit templates and tools).

We will consolidate the results into a concise Gap Assessment report that outlines relevant to-dos for you to address the new IIA Standards effectively.

Global Internal Audit Standards 2024 Training

The new Standard 3.1 «Competence» requires all Internal Auditors to possess or acquire knowledge of the Global Internal Audit Standards. We are here to support you and provide training sessions to thoroughly educate your team about the new IIA Standards and related changes.

Support in executing relevant To-dos

Whether revising (or creating) your IA Charter or IA Manual, developing the IA Strategy, or conducting assurance mapping, we are ready to assist you in executing the necessary to-dos.

External Quality Assessment (EQA)

Is your EQA due in 2024 or 2025? You have several options. If your EQA is due in 2024, you can choose between an assessment based on the 2017 or 2024 Standards. If you choose the 2017 Standards, an additional Gap Assessment is recommended. Starting January 9, 2025, EQAs will be conducted based on the new 2024 Standards. However, it is possible to bring forward an EQA due in 2025 and conduct it in 2024 using the 2017 Standards. In this case, an additional Gap Assessment is also recommended.

We offer all options. In addition to the independent assessment of the compliance with the chosen IIA Standards - or the «International Professional Practices Framework» (IPPF) - we identify improvement opportunities to enhance the effectiveness and efficiency of your Internal Audit function. Our EQAs include the following:

  • An online survey with all members of the Internal Audit function and key stakeholders (Board, Senior Management, Operational Management, regulatory agencies, internal and external Assurance Providers, and other consultants).
  • Interviews with the IA team and key stakeholders of the Internal Audit function.
  • A detailed documentation review of relevant IA policies and tools (i.e. IA Charter, IA Strategy and objectives, IA Manual, other relevant policies, annual and engagement planning documents, and other Internal Audit templates and tools).
  • A detailed review of the audit files of selected audits.

The results are summarized in an EQA report, providing an overview of your audit activity with BDO’s 6P assessment (purpose, profile, planning, protocols, performance, and people).

Gated Download Section

BDO presentation of key to-dos for the new Global Internal Audit Standards 2024


reCAPTCHA requires a site and secret key, which you can configure in the Settings application under Security & Membership > Protection > reCAPTCHA v3.

Key contacts

Marc Sollberger

Marc Sollberger

Head of Performance Advisory, Zurich - Partner
personView bio