The Evolving Role of Internal Audit
By CPA Peter Kibet Kitur
Internal auditing has travelled a long and transformative journey—from ancient civilisations that emphasised accountability and separation of duties, to modern organisations that demand strategic insights and risk-based assurance. Historically perceived as the “police officers” of organisations, auditors were mainly tasked with detecting fraud, enforcing compliance, and issuing warnings. While this role was vital in safeguarding resources, it often created a perception of auditors as adversaries rather than partners. Over time, however, both global practice and the Kenyan context have witnessed a profound shift. Adopting the Global Internal Audit Standards (GIAS)—structured around five domains, fifteen principles, and fifty-two supporting standards—is repositioning internal auditing as a dynamic profession that ensures accountability and creates, protects, and sustains organisational value. This evolution is further accelerated by technology, governance reforms, and an increased demand for transparency, making internal audit a trusted advisor and strategic partner in Kenya’s growing economy. Internal auditing has a long history, tracing as far back as 4000 B.C., when governments and businesses in the Near East developed checks and counterchecks to safeguard resources and ensure accountability. Ancient China, Babylonia, Greece, and Rome also instituted mechanisms to curb fraud, incompetence, and mismanagement, while biblical texts highlighted the need for honesty, restricted access, and separation of duties.
Over the centuries, milestones such as the introduction of double-entry bookkeeping in the 15th century and financial scandals like the South Sea bubble in the 18th century reinforced the importance of stronger internal controls. By the 20th century, as businesses became more complex, the demand for independent assurance gave rise to the modern internal audit function. Initially, the role centred on detecting fraud, preventing payroll theft, and enforcing compliance. This heavy focus on rule enforcement earned auditors the reputation of “police officers” within organisations—figures whose primary job was to catch mistakes and issue warnings, often creating a perception of adversarial oversight rather than partnership.
In Kenya, this traditional view of auditors as watchdogs shaped how the profession was practised, particularly in government institutions and the corporate sector, where corruption, fraud, and misuse of resources are a persistent challenge. For many years, the auditor’s role has primarily been confined to exposing irregularities and ensuring compliance with laws and regulations. Stakeholders often perceive auditors as outsiders or enforcers, rather than contributors to organisational growth. However, as international practice evolved, Kenya’s audit profession began to transform, with internal auditors now expected to provide value beyond compliance. Institutions like the Institute of Internal Auditors Kenya have been central in this shift, promoting a broader approach where auditors ensure accountability and play a crucial role in guiding organisations toward sustainable growth and effective governance.
Global changes in the internal audit landscape have accelerated this evolution. The adoption of the New Global Internal Audit Standards (GIAS) is reframing the profession’s purpose: to create, protect, and sustain organisational value by offering boards and management independent, risk-based, and objective assurance, advice, and foresight. Internal auditing is no longer simply about reporting past errors—it strengthens governance, improves decision-making, and enhances an organisation’s reputation and credibility with stakeholders. By aligning with these global standards, Kenyan organisations also recognise that internal auditors can help them comply with regulations, anticipate risks, seize opportunities, and serve the public interest transparently and sustainably.
The rapid emergence of new technologies such as artificial intelligence, data analytics, and big data has further disrupted and redefined the internal audit function worldwide. For Kenya, where digital transformation is reshaping both public and private sectors, auditors increasingly leverage these tools to improve efficiency, uncover hidden risks, and provide deeper insights. This technology-driven approach moves the profession from its document-heavy past toward a more data-centric model that enhances enterprise risk management. Internal auditors are no longer just “checkers” but strategic partners—advisors who help organisations navigate complexity, harness innovation, and safeguard long-term value. This new role not only reshapes the auditor’s identity but also positions internal auditing as a cornerstone of effective governance in Kenya’s evolving economic and regulatory environment.
Structure of the New Global Internal Audit Standards,
The GIAS serve as the global compass for internal auditing, structured into five meaningful domains, each anchored by clear, action-oriented principles that guide the function from purpose to performance. Let’s navigate them:
Domain I: Purpose of Internal Auditing
Purpose of Internal Auditing: Internal audit exists to create, protect, and sustain value, offering independent, risk-based assurance, advice, insight, and foresight to boards and management. It elevates an organisation’s governance, oversight, reputation, and ability to serve the public interest.
Domain II: Ethics and Professionalism
(1) Demonstrate Integrity – Act with honesty, courage, and adherence to ethical principles—even when uncomfortable.
(2) Maintain Objectivity – Preserve impartiality and guard against biases and undue influence.
(3) Demonstrate Competency – Cultivate and apply the skills necessary to deliver effective internal audit services.
(4) Exercise Due Professional Care – Plan and perform audits with diligence, judgment, and professional scepticism.
(5) Maintain Confidentiality – Use and protect the information entrusted to you appropriately and securely.
Domain III: Governing the Internal Audit Function
(6) Authorised by the Board – The board endorses the internal audit mandate and charter, providing authority and direction.
(7) Positioned Independently – The internal audit function must report directly to the board, free from management interference.
(8) Overseen by the Board – The board provides oversight, ensuring the internal audit function remains effective and resourced.
Domain IV: Managing the Internal Audit Function
(9) Strategic Planning – The chief audit executive (CAE) should position internal audit strategically to deliver on its mandate and long-term goals.
(10) Resource Management—The CAE must effectively manage financial, human, and technological resources to ensure the internal audit’s success.
(11) Stakeholder Communication – Build trust through clear, timely, and constructive interactions with all key stakeholders.
(12) Conformance & Continuous Improvement – The CAE is accountable for aligning the internal audit function with GIAS and fostering an improvement culture.
Domain V: Performing Internal Audit Services
(13) Plan Engagements Effectively – Each audit must be deliberately planned, scoped, and resourced to meet objectives.
(14) Conduct Engagement Work – Execute audits systematically using reliable, relevant, and sufficient evidence.
(15) Communicate Engagement Results & Monitor Action Plans – Clearly report findings, foster action, and verify follow-through.
Based on the GIAS, internal auditing is evolving from its historical role as a compliance-driven function focused on fraud detection and error correction into a modern, strategic partner that supports governance, risk management, and organisational value creation. Traditionally seen as the “police officer” of organisations, internal audit was primarily tasked with safeguarding assets and ensuring policy adherence. Still, as business complexity and risks grew over time, the function expanded to provide operations, technology, and overall governance. The five domains and fifteen principles of the Global Internal Audit Standards reflect this transformation by emphasising purpose, ethics, independence, quality, and effective performance of engagements, while embedding risk-based assurance, advice, and foresight as central pillars. This progression demonstrates how internal audit has shifted from a narrow, record-checking exercise to a dynamic and globally recognised profession that strengthens accountability, supports strategic decision-making, and enhances organisational resilience in an increasingly complex environment.
Conclusion
The journey of internal auditing from its traditional “watchdog” role to its current position as a strategic partner illustrates how the profession has adapted to the changing needs of organisations and societies. Guided by the GIAS, internal audit goes beyond error detection and compliance to embed ethics, independence, governance, strategy, and performance into its core mandate. In Kenya, this transformation is evident as auditors increasingly provide risk-based assurance, foresight, and advice that drive sustainable growth, accountability, and public trust. As technology and organisational complexity continue to evolve, internal auditors are expected to safeguard resources and guide decision-making, enhance resilience, and strengthen governance systems. The profession’s future lies in balancing its traditional guardianship role with its expanded strategic mandate—making it an indispensable cornerstone of good governance and organisational success.
CPA Peter Kibet Kitur is an Associate Partner with Bon and Drew Associates, chairs a public entity audit committee, is the ICPAK Central Rift Region’s Branch Chairman and a member of ICPAK’s Devolution subcommittee.
