The Institute of Internal Auditors (IIA) introduced its revised Global Internal Audit Standards™—commonly referred to as “the Standards.” These updates were designed to propel the profession forward and equip organisations to navigate today’s intricate risk landscape.
This presents a substantial chance for Internal Audit (IA) departments to integrate recent advancements in best practices and spearhead change to enhance the benefits they can offer to their stakeholders.
All organisations are required to evaluate their approach and execute modifications for the new Standards in 2024, preparing to comply by 2025. Discover how PwC can assist you in the following section.
A chance for transformation: Principal modifications in the Standards
The Standards, accessible on the IIA’s global website, have an enhanced emphasis on areas such as
- Involvement of the board (or equivalent) in IA
The mandate, vision, and strategic plan of IA
Comprehension of risks and coverage across the organisation
Performance planning, tracking, and measurement (for instance, efficiency and quality)
Reporting of IA, evaluation of findings, and effective communication
There will also be new topical requirements and guidance to aid IA functions in concentrating on critical risk areas. These encompass subjects like cybersecurity, information technology governance, privacy risk management, sustainability and ESG (Environmental, Social & Governance), and third-party management.
A coordinated strategy: Leadership’s required response
The new Standards are not solely pertinent to IA—they have implications for the entire organisation. This necessitates a collaborative effort from the board and all departments to seize the opportunities presented by the new Standards. This involves:
Board/audit committee and senior management reflect on how a robust IA function can aid the company in achieving its vision by fostering resilience to safeguard value, and instilling confidence in the business to undertake transformative actions. |
Second line (e.g. risk, compliance) seize the opportunity to align and cooperate with IA to fortify the company’s risk approach and optimise assurance and monitoring activities. |
IA Leaders (e.g. Chief Audit Executive) everage the new Standards to perpetuate the IA transformation journey and interact differently with stakeholders. |
Questions to ponder: |
Questions to consider: | Questions to contemplate: |
1. Has the leadership received adequate input into the IA plan concerning strategic priorities? |
1. Can we utilise assurance mapping to re-evaluate risk coverage? | 1. Is there an opportunity to rejuvenate our IA strategy and align it with the organisation’s most recent objectives? |
2. Can the new IIA topical requirements assist us in concentrating more effectively on strategic risks? |
2. Where can combined training and skill enhancement boost collective expertise in key risk areas? | 2. How can the new Standards facilitate change in IA (people, processes, and technology)? |
3. Is it possible to coordinate investments and efforts across teams to maximise the return on investment from the changes? |
3. What are the possibilities for collaboration with IA on approach, tools, technology, and data? | 3. How can the advantages of implementing the new standards be quantified and tracked? |
The benefits of unleashing the potential of IA
The maturity of organisations concerning corporate governance and risk management will vary. Essential to this is the presence of a contemporary IA function capable of adjusting to a shifting risk environment and integrating the most recent Standards and best practices.
Considering the primary focus areas in the new Standards, potential advantages might encompass:
Improved stakeholder alignment - achieved through increased board and senior management participation in the IA lifecycle, alignment on strategic priorities and coverage, and enhanced IA reporting
More efficient auditing of significant risks - by incorporating IIA topical requirements and guidance to assist IA in improving its approach to addressing key risk areas
Enhanced efficiency and risk coverage - through increased collaboration with the second line and a clear comprehension of assurance activity mapped to key risk areas
Additional insights and value to the organisation - as a consequence of IA training and skill development, including understanding of strategic/business risks, audit methodology, and technology and data.
Five steps to initiate transformation: How PwC can assist
There are five crucial steps in the application of the new Standards. Please consult with your local PwC team on how they can aid you in enhancing the value at each phase. Click on each for more details:
- 1. Evaluate preparedness and establish priorities
- 2. Formulate transformation strategy and update IA plan
- 3. Execute the plan advancing to the subsequent phase of IA maturity
- 4. Inform and educate your team
- 5. Evaluate results
1. Evaluate preparedness and establish priorities
Assurance in your reaction to the new Standards
Conduct an IA readiness assessment to pinpoint necessary alterations for compliance with the new Standards
Discuss the implications of changes with key stakeholders, including the Board/Audit Committee, senior management, and risk and compliance functions (for instance, in stakeholder workshops)
Consent on actions and priorities that will yield the most beneficial results for the organisation
2. Formulate transformation strategy and update IA plan
New avenues to generate value and establish stronger alignment
Synchronise actions and priorities with the organisation’s vision, strategy, and governance model, and revise the IA strategic plan
Develop an IA transformation plan to fulfil the IA strategic plan and apply the new Standards, encompassing key actions, success factors, resources, communication strategy, and timeline
Integrate a digital IA strategy to incorporate technological changes to enhance IA and governance activities. This should detail how IA will seize opportunities presented by Artificial Intelligence (AI)
Chart and agree on organisational dependencies necessary to execute the plan, including input from the board/senior management, investment, and collaboration of the first and second line
3. Execute the plan advancing to the subsequent phase of IA maturity
Carry out plans; which may involve modifications to:
IA’s mandate and strategy
Coordination and collaboration with the second line IA competencies and resource model
IA reporting and communications
Quality Assurance and Improvement Programme (QAIP)
IA technology and data
Incorporate these changes in your IA policies, procedures, and templates
4. Inform and educate your team
Utilising the new Standards to unleash your IA ‘superpowers’
Revamp your IA training and development programme to reflect the new Standards
Incorporate the IIA’s new topical guidance
Conduct stakeholder briefings and workshops to raise awareness, enhance engagement, and instil behaviours (e.g. how to effectively manage increased board/senior management involvement and coordination with the second line)
5. Evaluate results
Monitor and enhance successes for continuous improvement
Track the achievement of success factors and monitor IA Key Performance Indicators (KPIs) to measure benefits
Solicit open feedback from stakeholders to determine where they are deriving the most value from the changes and amplify this across other areas, where suitable
Refine QAIP activities in response to KPIs and feedback. Capture and implement additional improvements or incorporate into the next IA plan Prepare for the upcoming external/strategic quality assessment to independently verify conformance with the new Standards
