IIA Proposed Standards: What's in for IA practitioners.

The Institute of Internal Auditors Inc. the governing body responsible for providing auditing standards and governing guidelines for the profession is in the process of documenting changes to existing standards that will help the next generation of IA practitioners succeed. 

As the era of AI and the 4th Industrial Revolution dawns upon us, Internal audit services are required to be timely, relevant, agile, and impactful, thus requiring standards that are insightful, prescient, clear, and direct.

The #ippf is not being done away with and will exist still as a larger framework that encompasses the Global Internal Audit standards, Guidance, and a newly proposed element (under development): Topical Requirements and Guidance.

Proposed Structure:

The new document comprises of:

• The Mission of Internal Auditing.
• Core Principles for the Professional Practice of Internal Auditing.
• Definition of Internal Auditing.
• Code of Ethics.
• International Standards for the Professional Practice of Internal Auditing.
• Implementation Guides and Practice Advisories.

53 Standards organized under 15 Principles arranged in five Domains:

1. Purpose of Internal Auditing.
2. Ethics and Professionalism.
3. Governing the Internal Audit Function.
4. Managing the Internal Audit Function.
5. Performing Internal Audit Services.

Domain I: Reinvigorates the Purpose of Internal Auditing by clarifying and boosting the Mission without introducing any new expectations or enhanced role of IA. It includes a reference to internal auditing strengthening an organization’s ability to serve the public interest.

Domain II: The code of ethics expanded to include the fifth principle Exercise Due Professional Care a standard previously. This domain comprises 13 standards.

Domain III: The explicit role of the board in the governance of IA function has been emphasized in no fewer words, the phrase “the board must” is used multiple(30) times. It is vital a board recognizes and accepts its role in governance including the need to ensure appropriate provision of independent and objective assurance. The devil lies in the detail, and how boards respond to it will be seen with time

Domain IV: Enlists the revised and updated POSDCORB responsibilities of the CAE as the head of the IA function.

Domain V: This is concerned with the fundamentals of engagements: namely planning, performing, communicating, and following up.

Responsibility as an IA practitioner:

Being an internal audit professional it is not only mandatory for capacity enhancement, but also a binding obligation to review timely i.e. before 30th May, and share our constructive feedback on proposals put forward.

• Do proposals achieve the objectives intended for by creating standards that are “insightful, prescient, clear, and direct”?
• Are the changes being recommended forward-looking, based upon the challenges faced by the profession in recent times and has it utilized the repository of historical knowledge and collective memory?
• Will the consolidation of standards under five domains provide the outcomes expected of each domain, are there any gaps overlooked, that might surface later on, and finally have they been reviewed prudently?
• Overall, will the changes lead to achieving timeliness, relevancy, agility, and impactfulness, to enhance the impact of internal auditing on organizational success?

CAE/CIA Responsibility: Q3-Q4 2023:

The Chief Audit Executive as the operation in charge of audit activity in his/her organization is required to undertake a proactive approach. Standards are expected to be made public by the end of 2023. It is advised that the CAE respond by:

• Familiarize themself with the proposals and consider the implications for their internal audit function and stakeholders.
• Hold an internal interactive discussion on proposed changes to help the audit team understand the future of auditing.
• Specifics be shared with stakeholders (senior management and the board), and document and respond to their queries. Formulate a practical plan for the transition phase with a call to action. 

Conclusion:

The role of internal auditors is bound to undergo a major shift as far as the planning, conducting, reporting, and closing of the audit process is concerned. There are specific takeaways with regard to the way the audit practices need to change. 

• The proposed Standards mandate each finding and for the aggregated result to be rated, ranked, or prioritized. (Audit Operations)
• The proposed Standards have assigned specific responsibilities pertaining to governance directly to the board, with “should” replaced with “must”. (Audit Governance)
• In the proposed Standards, recommendations are required, while action plans remain optional. (Audit Operations)
• Proposed Standard 4.1, requires a specific statement of conformance with Standards or disclosure of non-conformance. Standard 15.1 mandates listing standards/clauses non-conformed to, their explicit reasons for non-conformance along with their impact assessment. (Audit Operations)
• The proposed Standards would require CAEs to ensure that QAR teams are resourced with an individual having IIA-sanctioned external QA training, and an individual who holds an active Certified Internal Auditor (CIA) designation. (Audit Transformation and Internal QA)
• The proposed Standards expand upon the scope of the Quality Assurance and Improvement Program (QAIP). CAEs should be focused on, and accountable for, continuous improvement. (Audit Transformation and Internal QAIP)

Reference:

• https://shorturl.at/stuJ8 
• https://shorturl.at/uFKT0 
• https://shorturl.at/wyHM1
• https://shorturl.at/qAH14