The Institute of Internal Auditors’ new Global Internal Audit Standards took effect on January 9, ushering in a new era in the practice of internal auditing. The Standards were first released in January of 2024 as part of the broader International Professional Practices Framework Evolution project. They provide a basis for assuring effective internal auditing. Many internal audit departments have chosen to implement the guidelines as an opportunity to review internal audit processes and improve practices.
Since their initial release a year ago, the Standards have been translated into 25 languages and downloaded nearly 600,000 times. According to the IIA, they were “designed to help elevate internal audit performance, quality, and consistency across sectors.”
The Standards have been updated with a focus on internal audit strategy, stakeholder relationships, and internal audit performance measurement and accountability. They also introduce the governance conditions essential for effective internal auditing. The Standards were developed through a multiyear process engaging thousands of stakeholders globally including internal audit practitioners, service providers, standard-setters, and others with interests in effective internal auditing.
Among the other notable changes introduced by the new version are:
- Updated governance frameworks intended to improve organizations’ responsiveness to rapidly changing business environments.
- Specific guidance to assist internal auditors in the public sector and for small internal audit functions.
- A more flexible framework that can adapt to the unique challenges faced by auditors in different parts of the world.
- Specific guidance and standards on critical areas like cybersecurity.
“The new Standards going into effect represents a pivotal achievement in The IIA’s mission to advance the internal audit profession and empower auditors to deliver even greater value to the organizations they serve,” said Anthony Pugliese, president and CEO of the IIA. “At the IIA, our priority is to equip practitioners with the agility and adaptability needed to navigate the profession’s ever-evolving demands. I’m immensely proud of our efforts to engage stakeholders throughout the IPPF Evolution process and to support our global members as they embrace these transformative Standards.”
Over the past year, The IIA says it has worked to educate practitioners, Board members, and senior management to encourage early adoption and implementation of the Standards, producing a portfolio of resources including educational webinars, virtual and in-person courses, speaking engagements, and conference sessions and workshops.
The IPPF evolution continues this year with the release of Topical Requirements, which provide a baseline for providing assurance services in specific risk areas. The first Topical Requirement on Cybersecurity will be available in multiple languages in February, followed by Third-Party Risk, Culture, and Business Resiliency.
“The release of the Topical Requirements marks the next phase of our mission to ensure the IPPF remains relevant and valuable to practitioners worldwide,” said Benito Ybarra, IIA executive vice president of global standards, guidance, and certifications. “The Topical Requirements are intended to address the most pervasive global risks, helping ensure practitioners are well-equipped to review and respond to these priority risks in a consistent and uniform manner.” 