Changes to the Internal Audit IPPF: What You Need to Know and How to Prepare
Article

Navigating the New IPPF: A Roadmap to Internal Audit Excellence

by Bianca Sarrach, Sophia Riebe
March 29, 2024

Share

On January 9, 2024, the Institute for Internal Auditors (IIA) Standards Board released the updated Global Internal Audit Standards (Standards), the main component of the International Professional Practices Framework (IPPF). The new guidance, which replaces the 2017 Standards, is effective January 9, 2025.

The Standards serve as the conceptual framework for internal audit professionals and departments worldwide. They’re meant to address current internal audit practices while enabling practitioners and stakeholders to be flexible and responsive to the ongoing needs for high-quality internal auditing in diverse environments and organizations of different purposes, sizes, geographies and structures.

While not mandatory for private companies, it benefits any organization to apply the Standards so that key stakeholders — including investors, banks, external auditors, customers, vendors and boards — can rely on the internal audit and its findings and recommendations. Applying the guidance also adds value to your organization by empowering those who oversee audits to meet stakeholder expectations for efficiency and risk mitigation.

Below is a summary of the new guidance and what you can do to prepare.

Overview of the Global Internal Audit Standards

The Standards guide the worldwide professional practice of internal audit and serve as the basis for evaluating and elevating the quality of the internal audit function. They are mandatory for public companies. At the heart of the Standards are 15 principles comprised of five domains:

Domain I: Purpose of Internal Auditing – provides a unified description of the profession.

Domain II: Ethics and Professionalism – incorporates the profession’s Code of Ethics and Standards on practitioner conduct, including Standards on due professional care (Principles 1-5).

Domain III: Governing the Internal Audit Function – clarifies the board’s role and responsibilities in supporting an effective internal audit function and addresses how the chief audit executive (CAE) can support the board in carrying out its responsibilities (Principles 6-8).

Domain IV: Managing the Internal Audit Function – clarifies the CAE role and responsibilities for effectively managing an internal audit function (Principles 9-12).

Domain V: Performing Internal Audit Services – codifies requirements and considerations to help internal auditors perform internal audit engagements with consistency and quality (Principles 13-15).

Supplemental guidance

Global Guidance – supports the Standards by providing nonmandatory information, advice, and best practices. Global Practice Guides and Global Technology Audit Guides are included under this category, providing detailed approaches, step-by-step guidance, and examples on various subjects.

Key Differences From Previous IPPF Guidance

The new Standards differ from the 2017 guidance in several ways:

  • Emphasis on risk management alignment: Internal audit activities are required to be aligned with the organization’s risk management framework to ensure a comprehensive approach to risk management.
  • Formalized communication channels: Clear and effective communication channels between internal auditors and stakeholders are mandated, promoting transparency and accountability.
  • Expanded scope of activities: Governance, culture and cybersecurity are considered integral components of the audit scope, with increased integration between assurance and advisory projects for comprehensive coverage.
  • Focus on technology and data analytics: Internal audit functions are encouraged to develop and implement plans for leveraging technology-driven tools to enhance audit efficiency and effectiveness.
  • Structural changes: The overall makeup of the Standards has been simplified and integrated for easier understanding and implementation.

How to Prepare Your Organization for the IPPF Standards

To prepare for the new Standards, internal audit departments, audit committees and stakeholders should consider these actions:

  • Develop and implement a conformance plan for the creation and execution of an internal audit strategy aligned with your organizational and risk management objectives.
  • Define relevant key performance indicators (KPIs) and establish, track and report KPIs to ensure alignment with organizational goals.
  • Obtain board input and approval for the internal audit mandate to ensure alignment with organizational objectives.
  • Maintain a direct reporting relationship with the board, including document expectations and interactions.
  • Execute stakeholder engagement plans to build trust and ensure transparent communication with key stakeholders.
  • Review audit scopes to ensure adequate integration of new requirements, including governance, culture and cybersecurity.
  • Implement technology-driven processes to enhance audit efficiency and effectiveness.
  • Perform a gap assessment for structural changes and content to prioritize conformance during the transition.

Jumpstart Your Transition to the New Internal Audit Standards

If your internal audit department is already stretched thin, aligning to the new IPPF Standards on your own can be daunting. From a gap assessment to customized internal audit and stakeholder training to time-saving monitoring tools, Armanino can help you successfully make the shift with minimal stress. Reach out to our Internal Audit consultants today to learn more about how to start your seamless transition to the new IPPF.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Authors
Bianca Sarrach - Risk Assurance & Advisory | Armanino
Partner
Bianca Sarrach
Sophia Riebe - Audit | Armanino
Managing Director
Sophia Riebe
Resources
Related News and Insights
Build Operational Resilience: 4 Internal Audit Trends to Help You Address Emerging Risks
Article
Operational Resilience: 4 Internal Audit Trends to Help You Address Emerging Risks
As your organization evolves, an internal audit can provide a roadmap to understand risks and identify opportunities.
April 03, 2025
From Local to Global: Scaling Your Information Security and Data Privacy Practices
Webinar
From Local to Global: Scaling Your Information Security and Data Privacy Practices
Master global compliance and protect your organization’s data and reputation.
September 5, 2024 | 10:00 AM - 11:00 AM PT
Understanding Single Audits and Financial Statement Audits
White Paper
Understanding Single Audits and Financial Statement Audits
Learn eight questions to ask when selecting an auditor and tips to properly prepare for your first audit.
August 06, 2024
View All