From Compliance to Confidence: Navigating the Shift from the 2017 Internal Audit Standards to the 2024 Global Internal Audit Standards
The release of the Global Internal Audit Standards by the Institute of Internal Auditors (IIA) in January 2024 marks a pivotal evolution in the internal audit profession. Replacing the 2017 International Standards for the Professional Practice of Internal Auditing (IPPF), the new standards represent a fundamental rethinking of internal audit’s role, expectations, and strategic importance.
The previous IPPF Standards, effective from January 1, 2017, aimed to regulate every practicing internal auditor across all industries, fostering uniformity across the profession. The new standards, effective from January 2025, introduce 15 principles that provide detailed guidance for practicing internal auditors and Chief Audit Executives (CAEs). These are:
Domain 1: Purpose of Internal Auditing
Domain 2: Ethics and Professionalism
- Principle 1: Demonstrate Integrity
- Principle 2: Maintain Objectivity
- Principle 3: Demonstrate Competency
- Principle 4: Exercise Due Professional Care
- Principle 5: Maintain Confidentiality
Domain 3: Governing the internal Audit Function
- Principle 6: Authorized by the Board
- Principle 7: Positioned Independently
- Principle 8: Overseen by the Board
Domain 4: Managing the Internal Audit Function
- Principle 9: Plan Strategically
- Principle 10: Manage Resources
- Principle 11: Communicate Effectively
- Principle 12: Enhance Quality
Domain 5: Performing Internal Audit Services
- Principle 13: Plan Engagements Effectively
- Principle 14: Conduct Engagement Work
- Principle 15: Communicate Engagement Results and Monitor Action Plans
Each principle is linked to specific requirements, considerations for implementation, and evidence of conformance. Principles 6 to 8 emphasize the mandatory practices that the Board must undertake, focusing on three key themes:
- Authorizing and setting the authority of the Internal Audit Function
- Positioning the internal audit function to retain its objectivity and independence
- Overseeing the performance of the Internal Audit Function to ensure quality audit work
These elements are crucial for ensuring the independence, autonomy, and effectiveness of the internal audit function. Organizations, CAEs, and audit stakeholders must now focus on understanding and responding to these changes effectively.
Domain I: Purpose of Internal Auditing
The 2024 standards emphasize internal audit’s role in enhancing organizational value, not just ensuring compliance. The purpose now highlights objectivity, insight, and proactive contributions to organizational success.
Stakeholder Response:
- Boards and Audit Committees: Align expectations with this value-driven purpose, seeking advisory insight, not just assurance.
- Chief Audit Executives: Articulate internal audit’s strategic contributions in terms of risk management, governance, and performance enhancement.
Domain II: Ethics and Professionalism
Ethical standards are now embedded into the core structure, reinforcing that professionalism is a continuous responsibility. Integrity, due professional care, and objectivity are integrated with guidance on professional skepticism and courage.
Stakeholder Response:
- Chief Audit Executives: Model ethical leadership and invest in ethics training and culture-building within the audit team.
- Management: Human Resources and Learning & Development can support by aligning ethics training for all risk and control functions.
Domain III: Governing the Internal Audit Function
Governance responsibilities have been clarified and strengthened, particularly around the role of the board and senior management in ensuring internal audit’s independence, authority, and resourcing.
Stakeholder Response:
- Audit Committees: Reassess whether they provide sufficient oversight, independence safeguards, and resources for internal audit.
- Management: Senior Executives should support internal audit’s ability to access information and operate independently from management influence.
Domain IV: Managing the Internal Audit Function
This domain expands the expectations of CAEs as strategic leaders, responsible for aligning the internal audit function with organizational goals. There is a new emphasis on competency development, technology use, and performance measurement.
Stakeholder Response:
- Audit Committees: CAEs should revisit their audit strategy, structure, and resource model to ensure alignment with evolving business risks.
- Management: Investment in data analytics, automation, and upskilling becomes essential for delivering modern audit services.
Domain V: Performing Internal Audit Services
Audit execution is now guided by flexible principles rather than rigid procedures, allowing for agile, risk-based, and forward-looking audits. Considerations for planning, communication, and documentation are clarified, and the role of continuous improvement is elevated.
Stakeholder Response:
- Audit Committees: Internal audit teams should adopt agile methodologies, emphasize root cause analysis, and strengthen their communication with stakeholders.
- Management: Organizations must support internal audit in conducting real-time audits, integrated assurance activities, and value-adding advisory reviews.
The transition from the 2017 IPPF to the 2024 Global Internal Audit Standards is not just a technical update; it is a strategic reset. It calls for a reimagining of internal audit’s purpose, posture, and practice. Stakeholders from audit committees to CAEs and executive leaders must collaborate to ensure that internal audit is positioned to meet the demands of a dynamic risk environment.
By embracing the new principles within each domain, internal audit functions can become more agile, insightful, and influential, providing trusted assurance and strategic advice that drives organizational resilience and performance.
BAGAKA
Leave your details below with a brief message and we will be in-touch!
