What do the new IIA standards mean for your organization?

Recently the Institute of Internal Auditors (IIA) introduced a new set of global standards — ones that your organization will want to pay attention to.

These new changes aren’t only about keeping up with the always-evolving business landscape, they’re about setting a new standard for excellence in how internal audits are conducted. This ensures your organization is better prepared to tackle the risks and challenges of modern business.

Did these standards need updating?

In short, yes. The rapid evolution of technology and the complexity of global regulations have driven the need for more specialized knowledge and a proactive approach to internal auditing.

The new standards set the pace for a higher level of expertise across various domains. Internal auditors can no longer rely on their general knowledge — they need to be able to demonstrate expertise in fields like cyber security, ESG, and governance. This shift makes sure that internal audit functions are equipped to provide meaningful assurance and advice, instead of just ticking off compliance boxes.

Key changes in the standards

One of the most significant changes is the need for internal audit functions to align with the strategic objectives of the organization. The new standards emphasize that internal auditors need to have a deep understanding of the organization’s strategy and the risks that could impede its success.

This alignment forces the transformation of the audit function from simply being compliance focused to a strategic partner that plays a critical role in driving organizational success.

Additionally, these standards place a bigger focus on governance. Internal auditors are expected to maintain a close working relationship with the board and audit committee, providing continuous risk assessments rather than relying on annual reviews. This proactive approach makes sure that boards and audit committees are actively engaged in understanding and addressing risks in real-time. This is critical for maintaining the organization’s resilience in an increasingly complex world.

The new standards: A breakdown

The new IIA standards are organized into five domains, each focusing on a different aspect of the internal audit function. These domains are supported by 15 specific principles that outline the expectations and responsibilities within each area.

Domain I: Purpose of internal auditing

This domain establishes the fundamental role of internal audit in providing independent, objective assurance and advice to help organizations achieve their objectives.

Domain II: Ethics and professionalism

Internal auditors must demonstrate the following principles in their work:

1. Demonstrate integrity: Internal auditors exhibit honesty and professional courage.
2. Maintain objectivity: They remain impartial and unbiased in their decision-making.
3. Demonstrate competency: Auditors apply the necessary knowledge, skills, and abilities to fulfill their roles.
4. Exercise due professional care: They plan and perform audits with diligence and professional skepticism.
5. Maintain confidentiality: Information is used and protected appropriately.

Domain III: Governing the internal audit function

The board is responsible for ensuring internal audits effectiveness by:

6. Authorized by the board: The board establishes and supports the internal audit mandate.
7. Positioned independently: The board ensures the internal audit function’s independence and qualifications.
8. Overseen by the board: The board oversees the internal audit function, ensuring it has the resources and quality measures necessary to succeed.

Domain IV: Managing the internal audit function

The chief audit executive (CAE) should undertake the following to manage the internal audit function:

9. Plan strategically: The CAE develops an internal audit strategy aligned with the organization’s governance, risk management, and control processes.
10. Manage resources: The CAE manages financial, human, and technological resources to achieve the internal audit plan.
11. Communicate effectively: Effective communication with stakeholders is essential, including the reporting of errors, omissions, and acceptance of risks.
12. Enhance quality: The CAE ensures continuous performance improvement and conformance with the Global Internal Audit Standards.

Domain V: Performing internal audit services

This domain focuses on the execution of internal audit engagements by carrying out the following:

13. Plan engagements effectively: Auditors plan each engagement using a systematic approach, considering risk assessments and resource allocation.
14. Conduct engagement work: Engagements are conducted to achieve objectives, gather information, and develop recommendations.
15. Communicate engagement conclusions and monitor action plans: Results are communicated to appropriate parties, and the implementation of action plans is monitored.

The role of technology

Technology is at the heart of these new standards. Internal auditors are now expected to leverage data analytics, automation, and other advanced tools to enhance their processes. The standards recognize that technology is not just a support function but a core element of effective internal auditing, particularly in identifying and mitigating risks in real-time.

Moreover, the standards stress the importance of understanding and assessing emerging technologies. As more organizations adopt digital solutions, internal auditors have to examine the associated risks and make sure that appropriate controls are in place.

Governance and accountability

The new IIA standards also reinforce the importance of governance. Boards and senior management are now explicitly responsible for supporting the internal audit function. That means they ensure their auditors have the necessary resources and authority to effectively perform their duties. This includes approving the internal audit plan, budget, resources, and regularly engaging in discussions about the risks facing the business.

This increased involvement from the board and audit committee helps to ensure the internal audit function can effectively fulfill its role in protecting the organization. The standards make it clear that governing bodies need to take an active role in understanding and addressing risks, rather than simply reviewing reports after the fact.

Practical steps for internal auditors

The new standards offer both challenges and opportunities. The increased focus on expertise, technology, and governance means that internal audit functions will need to invest in training, technology, and maybe even restructuring to meet these new changes.

A practical first step for auditors is to conduct a self-assessment to identify any gaps between its current practices and the new standards. This process offers a chance to reassess the internal audit function and develop a strategy to align with the IIA changes.

The updated standards are not only about compliance — it’s about improving the value that internal audit brings to the organization.

The internal audit function may want to consider using the period of transition to these updated standards to build upon your relationships with key players. The introduction of these updates provides an ideal opportunity to re-engage with the board, management, and other vested parties to demonstrate the strategic value of internal audit and how it can support the business in achieving its objectives.

Embrace the future of internal auditing

The new IIA standards mark a significant evolution in the internal audit professional. By raising the bar on expertise, technology, and governance, they make sure internal audit is well-equipped to navigate the complexities of modern business while providing the assurance and advice the business needs.

For organizations, this means a more strategic, risk-aware approach to internal auditing that aligns with the organization’s objectives and prepares internal audit for future challenges.

Ready to elevate your internal audit function?

If you’re looking to understand how these changes will impact your business or need assistance assessing your current internal audit function, our team can help. We’re here to guide you through this transition and make sure that your audit function is a true asset to your organization. 

To learn more, reach out to Richard Arthurs, Partner.