In the ever-evolving landscape of internal auditing, staying informed of the latest standards and guidelines is paramount for ensuring efficacy and compliance. The Institute of Internal Auditors (IIA) has introduced significant updates to the International Professional Practices Framework (IPPF) audit standards, now referred to as the Global Internal Audit Standards (“Standards”), that will go into effect January 9, 2025. Here are four key insights internal auditors need to know about the revamped guidelines in 2024, along with a comparison of how they have evolved over time.
Structural Changes to Standards
Due to years of iterations, the IPPF had become challenging to navigate. The IIA Standards Board has now introduced a streamlined structure. The new Standards organize 52 standards across five domains:
- Purpose of Internal Auditing
- Ethics and Professionalism (incorporates and replaces the standalone Code of Ethics)
- Governing the Internal Audit Function
- Managing the Internal Audit Function
- Performing Internal Audit Services
These domains encompass a total of 15 principles, each followed by related standards (the mandatory “Requirements”) and guidance known as “Considerations for Implementation.”
TIP: Be sure to update audit handbooks, policies, software, and other documents that reference the old IPPF sections and numbering. The IIA has provided a two-way mapping reference to assist with this.
Enhanced Emphasis on Technology Integration
In response to the digital transformation sweeping across industries, the Standards place a heightened emphasis on technology integration within internal audit processes. With the proliferation of data analytics, artificial intelligence, and automation, internal auditors are tasked with harnessing technology to enhance audit effectiveness and efficiency. The new guidelines underscore the importance of leveraging technology tools for risk assessment, data analysis, and continuous monitoring.
Compared to previous iterations, such as the 2017 IPPF audit standards, the 2024 update represents a significant shift towards embracing technological advancements. While earlier versions acknowledged the role of technology in internal auditing, the latest guidelines underscore its indispensable nature in navigating modern audit landscapes.
TIP: Embrace technology-driven audit approaches in order to adapt to evolving risk profiles and deliver value-added insights to your organization.
Emphasis on Audit Strategy
Another notable aspect of the Standards is the emphasis on the internal audit strategy used which may include initiatives such as agile audit methodologies and further development of performance measurement for the internal audit function. Recognizing the need for flexibility and adaptability in response to rapidly changing business environments, the new guidelines advocate for audit approaches that prioritize iterative planning, quick decision-making, and continuous feedback loops — including more specific requirements around the Chief Audit Executive’s interactions with senior management as well as the Board. By adopting agile methodologies, internal auditors can adhere to the updated requirements around the internal audit plan as well as better respond to emerging risks, deliver timely insights, and enhance stakeholder engagement.
Contrasting with previous iterations, such as the 2017 IPPF audit standards, which predominantly endorsed traditional audit methodologies, the 2024 update reflects a paradigm shift towards embracing agility and innovation in internal audit practices. The evolving nature of business ecosystems necessitates dynamic audit approaches that can swiftly respond to disruptions and uncertainties.
TIP: Consider agile methodologies to drive resilience in your organization.
Enhanced Communication and Reporting
Principle 11 of the Standards emphasizes the importance of effective communication and reporting. It stresses that internal auditors must communicate their findings, conclusions, and recommendations in a manner that is: accurate, objective, clear, concise, constructive, complete, and timely. Based on Standard 15.1, when issuing a final engagement communication auditors are required to include:
- The findings and their significance and prioritization
- An explanation of scope limitations, if any, and
- A conclusion regarding the effectiveness of the governance, risk management, and control processes of the activity reviewed.
TIP: Under this guidance, communications to the Board and senior management should include thematic or systemic issues, actions, or progress across multiple engagements or business units within your organization.
In conclusion, with the new Global Internal Audit Standards, internal auditors can navigate complex business landscapes, drive organizational resilience, and deliver value-added insights to their stakeholders. As the pace of change accelerates and new challenges emerge, internal auditors must remain agile, innovative, and forward-thinking to effectively fulfill their role in safeguarding organizational integrity and performance.
Contact us today to discuss how these changes may impact your organization.
Learn More About Our Risk Assurance & Advisory Services