Global Internal Audit Standards(GIAS)

By CPA Dauglas Muhati

About the Global Internal Audit Standards and the International Professional Practices Framework

The Standards serve as guidelines for the international professional practice of internal auditing and offer a basis for evaluating and enhancing the quality of the internal audit function. The 15 guiding principles in the Standards make effective and efficient internal auditing possible. Released in January 2024, the Global Internal Audit StandardsTM will come into effect in January 2025. 

The Institute of Internal Auditors published the International Professional Practices Framework (IPPF)®, an official body of knowledge for internal auditing professionals. The two main elements of the IPPF are supplemental, which includes Global Guidance, and mandatory, which provides for Topical Requirements and Global Internal Audit Standards.

The 2024 IPPF includes Topical Requirements, Global Guidance, and Global Internal Audit Standards (Published January 9, 2024)

 They are no longer separate entities because the Global Internal Audit Standards incorporate all five of the 2017 IPPF’s required components: Definition of Internal Auditing, the Mission of Internal Audit, Core Principles for the Professional Practice of Internal Auditing, Code of Ethics, and Standards, as well as one of the recommended (non-mandatory) components, Implementation Guidance.

Fundamentals of the Global Internal Audit Standards

The global professional practice of internal auditing is governed by the Institute of Internal Auditors’ Global Internal Audit Standards, which also provide a foundation for assessing and improving the calibre of the internal audit function. These Standards are based on 15 guiding principles that facilitate effective internal auditing and are divided into five (5) major domains.

Application of the Standards

The Global Internal Audit Standards outline principles, requirements, concerns, and examples for the professional practice of internal auditing worldwide. Whether a company hires internal auditors directly, contracts with them through an outside service provider, or does both, the Standards apply to any person or function that offers internal audit services. 

These Standards are organised into five domains:

Domain I: Purpose of Internal Auditing.

•        Domain II: Ethics and Professionalism.

•        Domain III: Governing the Internal Audit Function.

•        Domain IV: Managing the Internal Audit Function.

•        Domain V: Performing Internal Audit Services.

Application in Small and Public Sector Internal Audit Functions

The size of the business or its internal audit function may impact its capacity to comply fully with the standards. An adequate quality assurance and improvement program will need support from outside the internal audit function if there is just one member in the internal audit function.

Although the Global Internal Audit Standards cover all internal audit responsibilities, public sector internal auditors operate in a political setting with financing, organisational, and governance systems that may differ from those in the private sector. 

Domain I: Purpose of Internal Auditing

By giving the board and management independent, risk-based, and objective assurance, counsel, insight, and foresight, internal audit enhances the organization’s capacity to generate, safeguard, and maintain value.

Domain II: Ethics and Professionalism

The IIA’s previous Code of Ethics has been replaced by the values and guidelines in the Ethics and Professionalism domain of the Global Internal Audit Standards, which specify the conduct expected of professional internal auditors. All internal audit professionals must adhere to the professional and ethical standards.

1. Demonstrate Integrity

The internal auditor must demonstrate integrity in all dealings and engagements with management. Honesty and professional courage must be on display and in action, together with compliance with ethical and legal requirements.

1. Maintain Objectivity

Objectivity is an unbiased mental attitude that allows internal auditors to make professional judgments, fulfil their responsibilities, and achieve the Purpose of Internal Auditing without compromise. The internal auditor must maintain objectivity throughout the engagement and be able to disclose any threats that undermine the very objectivity. 

1. Demonstrate Competency

In order to demonstrate proficiency, the internal auditor must acquire and use the knowledge, skills, and abilities necessary to deliver internal audit services. The Internal auditor must demonstrate competencies, which include knowledge, skills, and abilities appropriate for their job, and continuously undergo further training and development to keep themselves abreast of the new developments impacting the performance of their duties.

1. Exercise Due Professional Care

Planning and carrying out internal audit services with the diligence, discernment, and scepticism that sensible and skilled internal auditors possess is necessary for due professional care. The Internal auditor must comply with and conform to the Global Internal Audit Standards requirements, exercise utmost professional care, and maintain professional scepticism at all times.

1. Maintain Confidentiality

Since the Internal Auditor has unfettered access to data, records, and other information required to carry out the internal audit mandate, they have a duty to respect the ownership and value of this information they receive. They should use the information solely for the intended purpose and maintain its privacy and confidentiality by not divulging the same to any unauthorised quarters without proper consent.

Domain III: Governing the Internal Audit Function

This domain describes the need for chief audit executives to collaborate closely with the Board to create the internal audit function, position it independently, and monitor its performance. Additionally, this domain delineates the duties of senior management that complement those of the Board and foster robust oversight of the internal audit function.

1. Authorised by the Board

The internal audit function receives its mandate from the Board (or its equivalent), which outlines its power, function, and duties. This mandate is contained in the Internal Audit Charter, which is charged to the Chief Audit Executive (CAE). The CAE oversees its implementation and coordinates the function’s communication with the Board.  

1. Positioned Independently

The Board is responsible for allowing the internal audit function to operate independently, where it operates without circumstances that hinder its capacity to perform its duties impartially. At least once a year, the CAE must confirm to the Board that the internal audit function is independent from the organisation. This includes disclosing any instances in which independence may have been compromised and the steps taken to rectify the impairment. 

1. Overseen by the Board

The CAE and the Board must work together and communicate to accomplish the Board’s oversight of the internal audit function. There must be constant interaction between the Board and the Internal Audit function, through the CAE, to help the Board carry out its oversight role well. The function must be well-resourced regarding human, financial, and technical resources. The Board also must ensure that quality assurance is being carried out on the internal audit function, including having an external quality assessment by an independent assessor. 

Domain IV: Managing the Internal Audit Function

In accordance with the Global Internal Audit Standards and the internal audit charter, the chief audit executive oversees the internal audit function, which includes strategic planning, acquiring and allocating resources, fostering connections, interacting with stakeholders, and guaranteeing and improving the function’s performance. 

1. Plan Strategically

The CAE’s job is to strategically plan and execute the Internal Audit Function’s mandate, such as governance, risk management, and compliance, to position the internal audit to help the organisation succeed. The CAE must first understand the organisation’s governance, risk, and control environment to develop a working internal audit strategy. According to the audit plan, the CAE will then set up procedures to direct the internal audit function in a methodical and disciplined way.

1. Manage Resources

The CAE must be able to manage the available resources (including but not limited to financial, human and technological resources) needed to carry out internal audit duties and allocate them in accordance with the procedures set forth for the internal audit function.

1. Communicate Effectively

In order to develop connections and trust with stakeholders, the CAE must ensure that information flows effectively within the internal audit function by effectively building relationships with all stakeholders and communicating risks, results, and the challenges bedevilling the department.  

1. Enhance Quality

The chief audit executive’s responsibilities include ensuring the internal audit function complies with the Global Internal Audit Standards and enhancing performance on an ongoing basis. These responsibilities require the CAE to continuously carry out internal quality assessments and performance measurements, oversee engagement performance, and improve engagement performance. 

Domain V: Performing Internal Audit Services

Performing internal audit services requires internal auditors to effectively plan engagements, conduct the engagement work to develop findings and conclusions, collaborate with management to identify recommendations and/or action plans that address the findings, and communicate with management and the employees responsible for the activity under review throughout the engagement and after it closes. 

1. Plan Engagements Effectively

When planning engagements, internal auditors gather the information that enables them to understand the organization and the activity under review and to assess the risks relevant to the activity. The most common steps followed in engagement planning include, but are not limited to, engagement communication, risk assessment, determining and setting the engagement objectives and scope, setting the engagement evaluation criteria, determining the necessary resources needed for the engagement and finally drawing a work plan to guide the performance of the engagement. 

1. Conduct Engagement Work

To implement the engagement work plan, the internal auditor shall gather information and perform analyses and evaluations to gather sufficient evidence to support their opinions and conclusions. In the engagement, the internal auditor should collect, analyse, and evaluate the potential findings and draw their recommendations, conclusions, and action plan. They must ensure proper documentation of all the findings and evidence gathered during the engagement.

1. Communicate Engagement Results and Monitor Action Plans

The Internal auditor is ultimately responsible for issuing the final communication after completing the engagement and communicating the engagement results to management. They must keep the communication with management ongoing to ensure that management implements their recommendations.

Applying the Global Internal Audit Standards in the Public Sector

The Internal Auditing’s mandate, organizational position, reporting relationship, scope of work, funding, and other requirements may be established by laws and/or regulations. Internal audit functions in the public sector are often required to focus on:

• Ensuring compliance with laws and/or regulations.
• Identifying opportunities to improve government processes and programs’ efficiency, effectiveness, and economy.
• Determining whether public resources are adequately safeguarded and used appropriately to provide services equitably.
• Assessing whether an organization’s performance aligns with its strategic objectives and goals.

Laws and/or Regulations

The CAE should be cognizant of the laws and/or regulations that impact the internal audit function’s capacity to adhere to all of the Standards’ provisions completely. A charter or other written documentation can explain the internal audit function’s compliance with legal and/or regulatory requirements and the purpose of the Standards. The CAE must also comply with all other Standards obligations, document the reason for nonconformance, and make the necessary disclosures. 

Governance and Organizational Structure 

Several different structures oversee internal auditing operations in the public sector. The CAE’s reporting lines and the supervision and financing of the role may become more complicated in certain public sector companies due to the presence of numerous layers of governance, both inside and outside the company.

Conclusion 

As the Internal audit profession keeps evolving daily, the internal auditors must evolve and align with the ongoing developments in the profession. Coming from the IPPF 2017 to now, the first-ever Global Internal Audit Standards is a significant milestone and a long jump forward in fostering the net impact the function offers in ensuring compliance and good governance in our organizations. The sooner we read, understand, and apply these new standards, the better it will be for us, the profession, and our respective organizations. 

Email; [email protected]