Reframe internal audit with the IIA’s new standards

The Institute of Internal Auditors (IIA) revised its Global Internal Audit Standards in 2023 to support the profession's evolution and help organisations navigate today's complex risk landscape.

Effective from 9 January 2025, these new standards present a significant opportunity for internal audit (IA) functions to adopt best practices and drive transformation, thereby increasing the value they provide to stakeholders.

Transforming your internal audit function

Now is the time to reframe your IA function. By aligning with the IIA’s new Global Internal Audit Standards, you can build greater trust, drive business transformation, unlock efficiencies, expand risk coverage and enhance the value you provide.

Practical guidance and insights

This series offers practical tips, examples and PwC’s perspective on effectively and efficiently implementing the Global Internal Audit Standards while embedding transformation elements into IA’s strategic roadmap.

Series overview

1. Introduction: The new standards have introduced significant changes that impact the IA function. It is essential to understand why these changes matter and identify key actions to align with the new requirements effectively.

2. Mandate: Ensuring the IA department's goals align with the board's, particularly the audit committee's expectations, is vital. This alignment is the core intent of the IA mandate as specified in the new standards.

3. Strategic Plan: IA functions are now required to develop a formal strategic plan. This document should define the IA's goals and ensure they are in harmony with the company's overall objectives.

4. Board Engagement: Domain III of the standards emphasises the board's specific oversight responsibilities. This includes engagement in IA's mandate, strategic planning, resource allocation and quality assurance, alongside monitoring key performance metrics.

5. Assurance Ecosystem: IA functions must consider both internal and external assurance providers. Developing an assurance map can help the organisation understand these providers' contributions to the assurance landscape.

6. Performance Measurement: The standards now treat performance measurement as a distinct requirement. Previously part of the quality assurance and improvement plan, it demands a clear focus on monitoring and evaluating IA's effectiveness.

7. Internal Audit Plan: IA must now communicate to senior management and the board regarding high-risk areas lacking assurance, conflicting stakeholder demands and resource limitations impacting IA coverage. It must also consider the coverage of IT governance, fraud risk and compliance effectiveness.

8. Audit Spectrum: In today's dynamic and complex business environment, IA functions must be versatile. The standards call for clarity on IA's service variety and encourage diverse engagement approaches, covering both assurance and advisory activities.

9. Reporting and Communication: Standard 15.1 introduces new requirements for final communications, mandating action plan owners and deadlines, Chief Audit Executive (CAE) approval, disclosure of any nonconformance, and distribution to relevant parties. It also requires that assurance communications include finding significance, prioritisation, aggregation, effective process acknowledgements and a conclusion on governance effectiveness.

10. Capabilities: The standards now explicitly require internal auditors to undertake tasks only if they are competent or can become competent. This focus on skill development and knowledge application is crucial for delivering effective internal audit activities.