Today’s global business landscape continues to change and evolve, and with it, new risks emerge. These risks can materialize quickly and disrupt the operational effectiveness of an organization and what it needs from its internal audit function.
To address this new risk landscape and deliver on heightened expectations from the board, management, and the multitude of other stakeholders, internal audit must chart a new course in response. Internal audit leaders within every organization should be knowledgeable of the recent changes to professional internal auditing standards (the Standards) announced by the Institute of Internal Auditors (IIA). Earlier in 2024, the IIA’s International Internal Audit Standards Board released the 2024 Global Internal Audit Standards, which on January 9, 2025 will replace the 2017 International Standards for the Professional Practice of Internal Auditing. While paying attention to the most high-impact changes will not only help you conform with the updated Standards, it will also provide guidance on how to improve the overall performance of your internal audit function.
Before examining the most significant changes, one should keep in mind that the International Internal Audit Standards Board referred to the 2024 updates as an evolution. Many of the changes are restructurings of existing internal audit requirements and elevating certain leading practices to mandatory requirements. Some internal audit functions that have already embraced these leading practices may not find the updates to the Standards to be significant.
Charting a New Course With the Updated Standards
The below diagram illustrates the updated Standards’ five domains. Domain I is the foundation and provides a streamlined description of internal auditing, its value to the organization, and the critical ingredients to ensure its effectiveness. Domain II prescribes the essential behavioral requirements of internal audit professionals. Domains III, IV, and V comprise the key activities of an internal audit function.
| Domain III: Governing the Internal Audit Function | Domain IV: Managing the Internal Audit Function | Domain V: Performing Internal Audit Services |
|---|---|---|
Highlights the relationship between the board, internal audit function, and the chief audit executive (CAE) to pinpoint roles and responsibilities of the board in governance.
| Details how the CAE’s roles entail strategic planning, managing resources, communicating effectively, and enhancing the quality of the internal audit function.
| Describes an approach to project management that includes elements such as planning, performing, and communicating about internal audit services.
|
Updated Standards Changes to Navigate
Although requirements in all the domains are important, think of Domains I and II as the foundation of any internal audit function. The following revisions in Domains III to V warrant chief audit executives’ (CAEs) focused attention to map out their internal audit function’s journey toward meeting new requirements in 2025 and elevate their internal audit function’s performance:
Mapping Out the Internal Audit Function of Tomorrow
Creating the momentum to embrace these updated Standards requires engagement by the CAE with the board of directors and/or audit committee and senior management. Here are the key actions CAEs should take now:
- Understand the potential changes and challenges faced in the road to adoption, assess conformance, identify gaps, and provide supplemental guidance as needed.
- Internal audit professionals or teams assigned to the Quality Assurance and Improvement Program should:
- Identify the potential changes along with potential challenges their function will face in adoption.
- Determine updates to be incorporated into quality assurance activities throughout 2024 to assess conformance, identify gaps, and provide supplemental guidance focused on conformance by January 1, 2025.
- Review existing internal audit policies, procedures, methodologies, and governing documents and map to the updated Standards to identify gaps and required enhancements.
- The CAE should:
- Meet with the board and senior management to educate them on the updated Standards and discuss the changes and the impacts to the internal audit function and the broader organization.
- Start educating and training management and internal audit staff.
- Evaluate the need to accelerate the internal audit’s external quality assessment (EQA). If the EQA is due in 2025, it is recommended to conduct the EQA in 2024 against the current Standards and include a gap analysis/readiness assessment against the updated Standards as part of this project.
The path forward for an effective internal audit function will require adept navigation of these updated Standards and preparing for organizational conformance by 2025.
If you have any questions or need assistance, please reach out to a professional at Forvis Mazars.