Global Internal Audit Standards: What’s Changed?
The future of internal audit is rapidly evolving, driven by technological advancements and a changing business landscape. The new Global Internal Audit (GIA) Standards (currently in draft form and open for public comment through May 2023) from the Institute of Internal Auditors (IIA) promise to revolutionize the field by providing a framework for auditors to adapt and thrive in the years to come.
The new GIA Standards, a progressive refresh of the previous International Professional Practices Framework (IPPF), are transforming internal audit by providing a forward-thinking, comprehensive framework for internal audit practitioners to ensure the effectiveness and efficiency of their organizations’ internal controls, risk management, and governance processes. These updated Standards emphasize the importance of a risk-based approach to the use of technology, enabling auditors to adapt to the changing business environment and generate more value for their organizations. The IPPF elements are now concisely organized into five domains that more clearly and comprehensively reflect the roles and responsibilities of internal audit in modern organizations:
- Purpose of internal auditing.
- Ethics and professionalism.
- Governing the internal audit function.
- Managing the internal audit function.
- Performing internal audit services.
A Spotlight on Emerging Technologies
The key reason for these changes is the simplification and adaptation of emerging audit technologies. The previous Standards had been in place for nearly two decades and were no longer sufficient to address the complexities of modern organizations and the new risks they face, such as cyber threats, data privacy concerns, and regulatory changes.
The new GIA Standards place a strong emphasis on the use of data analytics, automation, and artificial intelligence (AI) in the internal audit process. They recognize that these technologies can enhance the effectiveness and efficiency of internal audits by enabling auditors to analyze copious amounts of data quickly and accurately and identify trends and patterns that might otherwise go unnoticed.
“The GIA Standards place additional emphasis on the due professional care required when leveraging unfamiliar audit techniques and new technologies. Most importantly, additional guidance is provided on how to manage these risks and develop mitigation strategies.”
Karalee Britt, Integrated Risk Management Partner
From continuous auditing to sophisticated data analysis, the internal audit approach is transforming daily. As such, the new Standards require internal audit functions to develop a strategy for leveraging emerging audit technologies. This strategy should include an assessment of the organization’s current technology infrastructure and capabilities, an evaluation of potential risks and opportunities associated with the use of modern technologies, and a plan for implementing and monitoring the use of these technologies in the audit process.
Success Through Synergy
The new Standards also emphasize the importance of collaboration between internal audit and other functions, such as risk management and compliance, leading to a more integrated approach to governance and risk management. They recognize that emerging technologies can impact multiple areas of the organization, and internal auditors must work closely with other departments to ensure that modern technologies are integrated effectively and efficiently.
Explore expert Risk Management solutions that solve real-world problems
Increase the value of internal audit and transform your enterprise risk function holistically to stay ahead of new standards, complexities, technologies, and threats.
In pursuit of greater synergies, internal auditors must be transparent about their use of technology and ensure the tools they’re leveraging are consistent with the organization’s values and objectives. In doing so, all departments with which internal auditors work adhere to the same foundational technological principles and best practices, creating a unified approach to the management of key platforms, communications, and data. Additionally, internal audit must maintain confidentiality and privacy when handling data, another key touch point with multiple functions.
Benefits and Risks
Organizations must calibrate their new internal audit approach to the realities of both the benefits and risks implicated in the Standards.
The benefits of aligning with emerging audit technologies, such as continuous monitoring and automated audit procedures, are numerous. These technologies can enhance the effectiveness and efficiency of internal audits by enabling auditors to analyze large amounts of data quickly and accurately and identify trends and patterns that might otherwise go unnoticed. Use of these techniques, including automation and AI, can provide deeper insights and better decision-making support, which can lead to improved risk management and better business outcomes.
Conversely, there are also potential risks and challenges associated with this approach. For example, these technologies may require significant investments in infrastructure, training, and personnel. They also introduce new considerations related to data privacy, data quality, addressing biases of automated audit techniques, security, and governance. The GIA Standards place additional emphasis on the due professional care required when leveraging unfamiliar audit techniques and new technologies. Most importantly, additional guidance is provided on how to manage these risks and develop mitigation strategies.
Ready for Tomorrow’s Challenges
The GIA Standards are open for public comment and review through May 2023, will be issued in late 2023, and are effective 12 months after release.
In advance of full adoption, alignment with emerging audit technologies is critical, as it provides a roadmap for internal audit functions to remain relevant and effective in an increasingly complex and technology-driven business and regulatory environment.
For expert support navigating an evolving internal audit landscape, contact CrossCountry Consulting.