The new Global Internal Audit Standards (2024) focus on Risk Management

Posted on by Nathan

The Institute of Internal Auditors (IIA) has introduced significant updates to the International Professional Practices Framework (IPPF) with the release of the 2024 Global Internal Audit Standards, which replaces the 2017 Standards effective from January 9, 2025. This structure shifts from a rules-based to a principles-based approach, promoting flexibility and adaptability in application.

The Global Internal Audit Standards 2024 underscore internal audit’s evolving role in safeguarding organisations against risks by strengthening risk-based methodologies, addressing emerging risk areas, and improving collaboration on governance and risk oversight. This broader and deeper integration of risk management reflects its importance in modern internal auditing practices

Fundamentals of the Global Internal Audit Standards

The Institute of Internal Auditors’ Global Internal Audit Standards guide the worldwide professional practice of internal auditing and serve as a basis for evaluating and elevating the quality of the internal audit function. At the heart of the Standards are 15 guiding principles that enable effective internal auditing. Each principle is supported by standards that contain requirements, considerations for implementation, and examples of evidence of conformance. Together, these elements help internal auditors achieve the principles and fulfill the Purpose of Internal Auditing.

The Standards apply to the internal audit function and individual internal auditors including the chief audit executive. While the chief audit executive is accountable for the internal audit function’s implementation of and conformance with all principles and standards, all internal auditors are responsible for conforming with the principles and standards relevant to performing their job responsibilities, which are presented primarily in Domain II: Ethics and Professionalism and Domain V: Performing Internal Audit Services.

The Standards are organized into five domains:

  • Domain I: Purpose of Internal Auditing.
  • Domain II: Ethics and Professionalism.
  • Domain III: Governing the Internal Audit Function.
  • Domain IV: Managing the Internal Audit Function.
  • Domain V: Performing Internal Audit Services.

Domains II through V contain the following elements:

  • Principles: broad descriptions of a related group of requirements and considerations.
  • Standards, which include:
    • Requirements: mandatory practices for internal auditing.
    • Considerations for Implementation: common and preferred practices to consider when implementing the requirements.
    • Examples of Evidence of Conformance: ways to demonstrate that the requirements of the Standards have been implemented.

The Standards use the word “must” in the Requirements sections and the words “should” and “may” to specify common and preferred practices in the Considerations for Implementation sections. Each standard ends with a list of examples of evidence. The examples are neither requirements nor the only ways to demonstrate conformance; rather, they are provided to help internal audit functions prepare for quality assessments, which rely on demonstrative evidence. The Standards use certain terms as defined in the accompanying glossary. To understand and implement the Standards correctly, it is necessary to understand and adopt the specific meanings and usage of the terms as described in the glossary.

The Global Internal Audit Standards (2024) emphasis on Risk Management

The Global Internal Audit Standards (2024) place a greater emphasis on risk management compared to the IPPF 2017 Standards. This enhanced focus reflects the evolving landscape of organisational risks and the critical role internal auditors play in identifying, assessing, and addressing these risks.

Key aspects highlighting the increased focus on risk management include:

  1. Integration of Risk into Internal Audit Purpose and Principles

    • The 2024 Standards emphasize the role of internal auditing in providing assurance on the adequacy and effectiveness of risk management processes. This is explicitly linked to the Purpose of Internal Auditing and its alignment with governance and risk frameworks.
    • The Principle of Risk-Based Planning directs internal audit functions to prioritise efforts based on the organisation’s most significant risks, ensuring alignment with strategic objectives.

  2. Enhanced Risk-Based Methodology

    • A more robust, principles-based approach in IPPF 2024 strengthens the guidance on risk-based internal audit planning, execution, and reporting.
    • Internal audit activities are expected to adopt a forward-looking perspective, focusing on emerging risks (e.g., cybersecurity, ESG risks, geopolitical changes etc.) that could impact the organisation’s objectives.

  3. New Topical Standards for Risk Areas

    • The inclusion of Topical Requirements introduces specific guidance on managing audits in critical risk domains, such as cybersecurity, data privacy, and environmental, social, and governance (ESG). These topical standards ensure auditors address rapidly changing risk areas effectively.

  4. Governance and Risk Collaboration

    • IPPF 2024 expands on the internal audit function’s role in enhancing governance processes by working with management and the board to improve risk management structures and ensure better risk oversight.
    • There is stronger language around the internal audit function’s duty to communicate significant risks to the board or senior management, ensuring accountability.

  5. Dynamic and Emerging Risk Identification

    • The updated framework expects internal auditors to continuously monitor and adapt to dynamic risks, such as technological advancements, global economic uncertainties, and regulatory changes. This focus ensures audits remain relevant and proactive rather than reactive.

  6. Stronger Quality Assurance Programs with a Risk Lens

    • IPPF 2024 mandates internal audit quality assurance programs to incorporate a risk perspective, ensuring the audit function itself remains aligned with current and emerging organisational risks.

The Global Internal Audit standards (2024) reference to Risk Management

Conclusion

In summary, the Global Internal Audit Standards 2024 underscore internal audit’s evolving role in safeguarding organisations against risks by strengthening risk-based methodologies, addressing emerging risk areas, and improving collaboration on governance and risk oversight. This broader and deeper integration of risk management reflects its importance in modern internal auditing practices.

Useful links

https://barnowl.co.za/solutions/internal-audit-software

https://barnowl.co.za/knowledge-centre/audit-featured/6-ways-risk-based-auditing-adds-value-to-your-organisation

https://barnowl.co.za/knowledge-centre/insights/4-ways-auditors-can-add-value-to-your-organisation

https://barnowl.co.za/barnowl-knowledge-base

About BarnOwl

BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by over 150 blue-chip organisations. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework.

Please seewww.barnowl.co.za for more information.

Leave a Reply

Your email address will not be published. Required fields are marked *