The release of the 2024 Global Internal Audit Standards (“Standards”) by the Institute of Internal Auditors (IIA) marks a watershed moment in the evolution of internal auditing. These Standards, to take effect on 9 January 2025, promise to reshape the landscape of internal audit practices worldwide. Below, we examine the implications of these Standards, exploring their potential benefits, challenges, and the path to successful implementation.
- Strategic Alignment and Value Creation
One of the most significant advancements in the Standards is the emphasis on aligning Internal Audit functions with organisational strategic objectives. Standard 9.2 mandates that Chief Audit Executives (CAEs) develop and implement a strategy that supports organisational goals and meets stakeholder expectations. This alignment positions internal audit as a strategic partner, capable of delivering insights that contribute to sound business decisions and foster organisational resilience. - Enhanced Governance and Oversight
The Standards place a renewed focus on board and senior management involvement in internal audit activities. Domain III, “Governing the Internal Audit Function,” outlines essential conditions for effective oversight, ensuring that Internal Audit functions receive the necessary support and resources. This enhanced governance structure strengthens the overall risk management framework of organisations. - Combined Assurance and Comprehensive Risk Coverage
The Standards promote coordination between internal audit and other assurance providers, and the CAE is charged with co-ordinating the Internal Audit function’s activities with those of other assurance providers to improve efficiency of the assurance activities. Combined assurance and integrated assurance are often used interchangeably. There are, however, fundamental differences between the two concepts (See Combined vs Integrated Assurance).Internal Audit functions should consider both combined assurance and integrated assurance when they design their strategy and should develop roadmaps to implement and embed both to the extent that it is feasible and adds value to their organisation. - Topical Relevance and Future-Proofing
The introduction of new topical compulsory requirements addressing areas such as cybersecurity, ESG, and privacy risk management ensures that internal audit remains relevant in an ever-evolving business landscape. This forward-looking approach helps organisations navigate complex regulatory and operational challenges.
- Implementation Complexity
The comprehensive nature of the new Standards may pose significant challenges, particularly for smaller or less mature Internal Audit functions. To overcome this, internal auditors need to embrace the principle-based approach of the new Standards. Attempting to implement every Mandatory Requirement, Common and Preferred Practice and Examples of Evidence of Implemented Practice mentioned in the Global Internal Audit Standards will result in considerable inefficiency and ineffectiveness. With its principle-based approach, the Standards gives Internal Audit functions the opportunity to customise their Internal Audit governance framework and methodologies to their unique situations without risking non-conformance to the Standards. - Principle-based Conformance
The shift from a rule-based to a principle-based approach substantially impacts conformance expectations with the Standards. A rule-based approach often leads to a “tick-the-box” mentality. In contrast, a principle-based approach challenges internal auditors to conform to overarching principles.This shift requires internal auditors to exercise professional judgment and consider the context within which they are operating and the intent behind the Standards, rather than simply following a set of rules when developing the governance framework for the function. Conformance with the Standards will require a deeper understanding of the underlying Principles and a more nuanced application of the Standards. This can be more difficult to achieve, but ultimately contributes to a viable Internal Audit function which meets stakeholder expectations and contributes effectively and efficiently to the governance of the organisation. - Skills Gaps and Resource Constraints
The new topical requirements may expose skills gaps within existing internal audit teams, necessitating investments in training, reskilling and potentially new hires. This could strain resources, especially for organisations with limited budgets.
Implementation should include:
- Performing a thorough gap analysis between current practices and the new Standards
- Developing a detailed implementation roadmap
- Engaging with the Board and senior management on the impact of the new Standards on their roles and responsibilities, and the relationship between the CAE, the Board and senior management
- Developing an internal audit operational strategy for long term viability and sustainability
- Updating the internal audit framework (e.g. charters, methodologies)
- Developing a technology roadmap in conjunction with the IT department
- Developing a human resource development and transition roadmap
- Training internal audit staff in the new methodology
- Establishing an effective quality assurance programme that includes internal quality assessments, annual feedback to the Board on the results of the quality assurance programme and Internal Audit’s performance, and periodic external
As organisations prepare to embrace these new Standards, it’s crucial to approach implementation strategically, with a focus on long-term value creation rather than mere compliance. By doing so, Internal Audit functions can position themselves as indispensable partners in organisational success, meaningfully contributing to organisational innovation, resilience, and sustainable growth in an increasingly complex business environment.
The journey towards successful implementation of these Standards will undoubtedly be challenging, but it also presents an unparalleled opportunity to elevate the role and impact of Internal Audit within your organisation. Andile’s subject matter experts have extensive experience in the operational management of Internal Audit functions and are available to support you on this daunting but exciting journey. To find out how we can help you refresh your methodology, design your strategy, develop performance metrics, and implement an effective and efficient quality assurance programme, contact liesl@andilesolutions.com.
- The Institute of Internal Auditors (IIA). “2024 Global Internal Audit Standards.” https://www.theiia.org/en/standards/
- Deloitte. “2024 Global Internal Audit Standards.” https://www2.deloitte.com/us/en/pages/risk/articles/global-internal-audit-standards.html
- RSM US. “2024 Global Internal Audit Standards.” https://rsmus.com/insights/services/risk-fraud-cybersecurity/2024-global-internal-audit-standards.html
- KPMG. “2024 Global Internal Audit Standards.” https://home.kpmg/xx/en/home/insights/2023/07/2024-global-internal-audit-standards.html
- PwC. “Internal Audit Transformation.” https://www.pwc.com/us/en/services/risk-assurance/library/internal-audit-transformation.html
- IIA. “Standards Knowledge Center.” https://www.theiia.org/en/standards/standards-knowledge-center/
- IIA website (https://www.theiia.org/en/), “Combined Assurance”
- IIA website (https://www.theiia.org/en/), “Integrated Assurance”