New Global Internal Audit Standards: What’s Changed and Why Companies Should Take Note

Updated, mandatory internal audit standards from the Institute of Internal Auditors (IIA) became effective on Jan. 9, 2025. The revised Global Internal Audit Standards, which guide the worldwide practice of internal auditing, represent a significant evolution in the practice of internal auditing by emphasizing enhanced alignment with organizational goals, comprehensive documentation and improved governance. The updated standards aim to standardize and elevate internal audit functions, ensuring greater transparency, efficiency and value.

What’s changed?

The updates are reflected in the International Professional Practices Framework, which organizes The IIA’s guidance. At the heart of the Global Internal Audit Standards are 15 guiding principles that enable effective internal auditing. Each principle is supported by standards that contain requirements (the mandatory practices), considerations for implementation (common and preferred practices), and examples of evidence of conformance (i.e., ways to demonstrate the standard has been implemented).

In addition to the 15 guiding principles, the updated framework has changed to include 5 domains and 52 mandatory standards.

Why companies should take note

Proactive companies are eager to strengthen and invest in their internal audit departments by promoting adoption of the updated standards. Conformance with the standards goes a long way toward improving a company’s internal control environment and, ultimately, increasing external auditors’ reliance on controls.

The case for early adoption

Although the updated standards are now in place, this doesn’t mean internal audit departments are required to make a hard changeover, but they’re encouraged to begin working on implementation conversations with key stakeholders, such as boards and senior management who will ideally embrace efforts to upgrade the internal audit function. The first step in the implementation process is to perform a Conformance Readiness Assessment to understand your current internal audit practices and compare them against the new standards to identify gaps.

Once a Conformance Readiness Assessment is completed, companies may find they need to invest in additional training, hiring or certification of internal audit staff, particularly to meet the new requirement to have a certified internal auditor (CIA) participate in external quality assessments that are periodically required by the standards.

The bigger picture

The revised Global Internal Audit Standards represent more than procedural updates; they signal a shift toward a more strategic and impactful role for internal audit functions—one that both internal auditors and their stakeholders should willingly embrace. By adhering to these standards, organizations can not only ensure stronger compliance and risk management; they can also leverage their internal audit processes to drive greater innovation, efficiency and resilience. Moreover, a stronger internal audit department will drive down the time and costs involved with the external audit process, while also providing senior management and boards with greater peace of mind.

If you’re interested in learning more about what’s new and what’s required in the revised standards, we can help.

We’ve performed a comprehensive analysis to identify key changes in the new standards and develop a framework for implementation. Get in touch if you’d like to discuss how we can help you evaluate and elevate your current practices to conform with the new standards and build a better internal audit department.

Notable Changes

The updated Global Internal Audit Standards introduced several notable changes, summarized here:

Unified framework

The new standards are presented in a streamlined framework, providing a singular reference point for IA activities and offering more accessible guidance for practitioners globally.

Alignment with organizational strategy

Chief audit executives (CAEs) are expected to develop strategies that integrate with organizational goals, ensuring internal audits add strategic value.

Enhanced documentation practices

More comprehensive documentation is required to substantiate conformance to principles such as professional skepticism. Internal auditors must detail their processes, decisions and evidence in a way that withstands scrutiny and facilitates external reliance.

Integrated assurance

CAEs are now required to coordinate with internal and external providers of assurance services to reduce duplication of efforts, bridge gaps in risk coverage, and ensure a cohesive assurance framework.

Improved reporting

Internal audit reports must now prioritize findings based on their significance, enabling management to act on critical issues more effectively.

Regular quality assessments

To ensure adherence to the highest professional standards, external quality assessments are now mandatory every five years, with at least one assessor being a Certified Internal Auditor (CIA).

About the Author

Pamela Stacey is a Senior Manager in SolomonEdwards’ Governance, Risk & Compliance practice. She has over 20 years of experience working in both Big Four public accounting and private industry roles in SOX compliance and external and internal audit. Pamela has expertise performing audits of financial, operational and information technology general control (ITGC) environments and has worked across multiple industries, including crypto, pharma, oil and gas, energy, space exploration and transportation.