In July this year the Institute of Internal Auditors (IIA) unveiled enhancements to its International Professional Practices Framework (IPPF). It’s important to know what’s changed and what hasn’t and that’s why we’ve summarized the changes for you. More resources and comprehensive update descriptions can be found on the IIA website (https://global.theiia.org/standards-guidance/Pages/New-IPPF-What-to-Expect.aspx). A great video of the changes developed by the IIA can be found here: https://global.theiia.org/standards-guidance/Pages/New-IPPF.aspx#ippfvid
What’s new?
Mission
The IPPF now contains a “Mission of Internal Audit” statement. The mission reads as follows:
“To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.”
This mission describes what the internal audit function aspires to accomplish within an organisation. This is different to the “Definition of Internal Auditing” which describes what Internal Audit is. Achievement of the mission is supported by all of the different elements of the IPPF, as illustrated in this image:
Core Principles
The IPPF Standards have always been “Principles-based”, but these principles were not defined in previous versions of the framework. The new IPPF has defined 10 Core Principles for the Professional Practice of Internal Auditing. To be effective, internal audit practitioners and the activities that they serve must be able to demonstrate achievement of all ten principles.
The 10 principles are as follows:
- Demonstrates integrity
- Demonstrates competence and due professional care
- Is objective and free from undue influence (independent)
- Aligns with the strategies, objectives, and risks of the organisation
- Is appropriately positioned and adequately resourced
- Demonstrates quality and continuous improvement
- Communicates effectively
- Provides risk-based assurance
- Is Insightful, proactive, and future-focused
- Promotes organisational improvement
Other changes
The way that the mandatory, recommended, implementation and supplementary guidance is defined and how the purpose is conveyed has changed in this update.
- Practice Advisories are being changed into Implementation Guidance which falls as a layer of Recommended Guidance. As of this update, Implementation Guide 1000: Purpose, Authority, and Responsibility and Implementation Guide 2110: Governance have been released and the corresponding practice advisories will be retired. Implementation Guides will be released on a quarterly basis throughout 2015–16, beginning in October 2015.
- Existing practice guides are now classified as “Supplemental Guidance”.
The words “Strongly Recommended” have changed to “Recommended” for the non-mandatory elements of the IPPF.
- The mandatory elements are: Core Principles, Definition, Standards, and Code of Ethics
- The non-mandatory elements are: Implementation guidance and Supplemental guidance
What hasn’t changed?
Definition of Internal Auditing
The “Definition of Internal Auditing” remains the unchanged in the updated IPPF. The definition continues to read as:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Code of Ethics
The Code of Ethics remains unchanged in the new IPPF. The principles of Integrity, Objectivity, Confidentiality and Competency remain expected of every internal auditor.
All existing standards
No changes to the existing standards have been made in this update.