Time to reflect on your internal audit function

read timeRead time: 3 mins

On 9 January, the Institute of Internal Auditors refreshed their Global Internal Audit Standards which guide the worldwide professional practice of internal auditing. The 15 guiding principles are each underpinned by 52 standards that contain requirements, considerations, and examples for conformance.

Senior management and internal audit functions must take heed of these updates and understand what the changes mean for them, as these will be essential to maintain an effective internal audit function and demonstrate adequate oversight and leadership. A high-level overview of the key changes is set out in the table below – watch this space for a detailed gap analysis guide to help internal audit functions get ready for implementation in January 2025!

Additional features / considerations

High level details

Changes to IIA’s “fundamentals”

  • Now includes and highlights the public interest elements of internal audit.

  • Internal audit functions can achieve the standards’ intent even if unable to conform to them – Chief Audit Executive to document and convey the rationale for this.

  • Small internal audit functions need to implement the standards appropriately.

Shift in responsibilities

  • Boards and senior management are called upon to communicate and ensure they adequately utilise their internal audit functions. They should have a greater involvement in setting the mandate, developing a strategic plan, establishing effective capabilities, budget, and measurable performance indicators.

  • Chief Audit Executives are urged to ensure the most appropriate and effective conformance or application to meet the spirit of the standards. They are also urged to consider the overall strategic direction of the organisation looking at this holistically and covering the organisation’s bespoke internal and external risks that will make the biggest impact overall.

  • Chief Financial Officers need to ensure there is a holistic and joined up approach between internal audit and other forms of assurance in the organisation. The standards emphasise the need to ensure internal audit functions are fully aware of the strategic and financial direction of the organisation and any budgets for internal audit support.

Next steps

  • The new standards are effective from January 2025 – internal audit functions should conduct a gap analysis and prepare for a transition to the new standards. You will also need to communicate the new standards to your Audit Committee and advise them of resulting changes in your internal audit approach / methodology.
  • If your internal audit function has an EQA process falling in 2024, you will be able to measure against the current standards. If it falls in 2025, you can accelerate this to 2024 and measure against current standards, with a readiness assessment to identify any gaps against the new standards.
  • Consider adding a project for 2024 covering internal audit reforms in light of the new standards or as an ongoing project, perhaps using an independent external firm to conduct or support the exercise.

  • Refresh your mandate / charter, the scope and breadth of support and communication with the Board and other senior managers. This is particularly important as there is now a much stronger emphasis on senior managers to oversee principle and material risks and controls, and ensure there is adequate assurance over these as part of the FRC’s new Corporate Governance Code 2024.
  • Think outside the box. Take the opportunity to reframe and rebrand your internal audit function, increase your footprint across the organisation to provide the highest quality work, assurance, support, and advice that ultimately aligns your function to what is important to your organisation.

  • Watch out for PKF’s detailed gap analysis guide to be issued in due course.

If you are looking for additional support and guidance on how to implement the new internal audit standards, please do not hesitate to get in touch.