Elevation and maturity of the internal audit function

Internal audit plays a vital role in helping organisations achieve improved performance, in ensuring risks are adequately managed in an increasingly complex landscape, and in protecting the public interest. Now is the time to ensure the function in your organisation is meeting the new standards. Amy Daley, Manager — Audit, PKF Sydney and Newcastle

With less than six months to go, has your organisation considered how to implement the new internal audit standards?

Internal Audit (‘IA’) plays a vital role in helping organisations achieve improved performance, in ensuring risks are adequately managed in an increasingly complex landscape, and in protecting the public interest. To perform their role effectively, internal auditors need consistent and appropriate guidance, structure and support. 

This has been recognised with the release of the new Global Internal Audit Standards earlier this year. 

The new standards will come into effect in January 2025 and are designed to promote the value of and elevate the maturity of this important function.

This was the first major review of the standards since 2017 and involved members of the community, senior management and Boards from public and private sectors, practitioners and
regulators to ensure their diverse needs and priorities were reflected.

The standards form part of the International Professional Practices Framework (‘IPPF’), which provide effective and consistent guidance for achieving robust, effective and suitably tailored Internal Audit service delivery.

An overview of the standards

The standards are organised by the following five key focus areas:

1. Purpose: To promote the value of Internal Audit and ensure the function seeks to enhance organisational performance, reputation, governance and risk management practices, and serves the public interest
2. Ethics: To promote an environment of professionalism, integrity, independence, courage and performance.
3. Governance: The ‘essential conditions’ to be documented in the IA Charter and established to ensure the function has adequate support, engagement and oversight. This includes IA being quality assessed by an external assessor at least once every five years.
4. Management: The development, implementation and periodic review of a Board endorsed IA strategy that is closely aligned to the organisation’s vision, goals and governance, and risk management processes. The strategy must be supported by a dynamic, fit for purpose and adequately resourced IA plan. This includes the use of effective methodologies to create and enhance value; positive stakeholder engagement and relationships; clear, objective, accurate and concise communication; and adequate monitoring and supervision.
5. Performance: This includes adequate review planning, development of an effective work program, stakeholder engagement and communication protocols, review and record keeping procedures, and independent review and monitoring of the progress of audit actions. Detailed guidance on each of the specific requirements, considerations and how to evidence compliance can be found within the publicly available document (https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/free-documents/complete-globalinternal-audit-standards/). 

Who is impacted by the changes?

The standards apply to all entities with an IA function, whether performed in-house or via an outsourced arrangement. They impact the entire organisation, including the Board, senior management and second line. It is envisaged there will be improved stakeholder alignment, enhanced insights and value for the business, greater focus and efficiency and mitigation of evolving key risks.

The standards also include guidance for how they can be adapted for the
public sector and for those working in smaller IA teams.

Recommended response

We recommend that affected organisations perform an IA readiness assessment to assist in developing a transformation plan which embodies these new changes. 

Being able to demonstrate compliance with the new standards will also educate your stakeholders on the value and importance of Internal Audit, promote engagement with function, and evidence a genuine commitment to responsible, ethical and effective operations.

The standards apply to all entities with an IA function, whether performed in-house or via an outsourced arrangement, and they impact the entire organisation. Tim Cronin, Partner, PKF Brisbane

For any assistance, contact your local PKF Audit and Assurance advisor.