How Your Government Internal Audit Team Can Prepare to Meet New Global Standards

Key Takeaways:

• The Institute of Internal Auditors (IIA) has issued new Global Internal Audit Standards that will take effect in January 2025.
• The new Standards introduce 15 guiding principles across five domains, while Topical Requirements provide another new element for internal auditors to be aware of for specific audit areas like cybersecurity.
• Public sector organizations aligning with Red Book standards will need to evaluate and realign their internal auditing practices to comply with these changes and should consider engaging experienced advisors to assist with the transition.

~

The auditing landscape is evolving, and a significant shift is on the horizon with the new Global Internal Audit Standards set to take effect in January 2025. Issued by The Institute of Internal Auditors (IIA), these comprehensive updates aim to align internal audit with an evolving risk landscape and improve the consistency and quality of audit services across industries and sectors.

What does this evolution mean for your public sector internal auditing function? It's an opportunity to elevate your practices, establish consistency with a global professional framework, and ultimately, deliver more valuable insights to your organization. However, it also presents a significant challenge — one that will require a strategic and proactive approach to achieve full compliance by the 2025 implementation deadline.

Navigating New Internal Auditing Standards

At the core of the Standards are 15 guiding principles aimed at enabling effective internal auditing across organizations of all sizes and sectors.

These principles are organized into five domains — which also include mandatory practices for internal auditing, considerations for implementation, and examples of ways to demonstrate the requirements have been implemented.

Here is a brief summary of each of the five domains:

1. Purpose and positioning: Emphasizes the importance of establishing your internal audit function's role, mandate, and degree of organizational independence.

2. Operating with proficiency: You must possess the necessary knowledge, skills, and competencies to deliver reliable assurance and advisory services effectively.

3. Planning and performing engagements: Outlines requirements for risk-based planning, effective execution of audit engagements, and quality assurance mechanisms.

4. Communicating results: You must communicate your findings clearly, concisely, and promptly to relevant stakeholders, fostering transparency and action.

5. Monitoring and improving: Continuous improvement is key; your internal audit function must monitor performance and implement measures to enhance its value proposition.

The IIA has also introduced a new component called "Topical Requirements", which are a set of specific methodologies your internal audit team must apply when assessing the effectiveness of governance, risk management, and controls on a particular area. Designed to provide structure and consistency for common, higher risk topics, Topical Requirements help to define the potential scope of an internal audit engagement.

The first Topical Requirement, focused on cybersecurity audits, is already under development, with a draft open for public comments until July 3, 2024. This initial release offers a glimpse into what's to come as the IIA rolls out additional Topical Requirements over the coming years, covering other specific areas that may be critical to your public sector operations.

Applying the Standards in the Public Sector Environment

Noting that internal auditors in the public sector may work in environments that differ from those in the private sector, the Standards contain a section titled "Applying the Global Internal Audit Standards in the Public Sector". This section describes strategies for conforming to the Standards in conditions unique to your work in the public sector.

Public-sector specific information includes:

• Situations in which laws or regulations may affect the ability of internal audit functions to conform with the Standards
• Examples of governance and organizational structures in which internal audit functions may need to adjust the application of some standards
• Public sector conditions that may limit the way chief audit executives may spend allocated funds

Preparing Your Team for the Auditing Transition

Compliance with the new Global Internal Audit Standards will require a review and update of your current policies, procedures, and practices. Here's a high-level overview of the steps your team should consider:

• Conduct a thorough gap analysis by mapping your existing internal audit methodologies against the new Standards and Topical Requirements. As a result, identify areas requiring enhancement or development.
• Develop an implementation roadmap to address identified gaps including revisions to audit policies, procedures, and templates, as well as training plans for your team.
• Establish mechanisms for continuous monitoring and improvement, keeping your internal audit function compliant with evolving Standards and Topical Requirements.
• Collaborate with executive management and the audit committee to secure necessary resources and support for this transformation journey.

While this process may seem daunting, it presents a valuable opportunity to enhance your internal audit function and align with global best practices. If this process seems overly complex or — like many in the public sector — your team is facing persistent staffing shortages, engaging experienced advisors well-versed in the new Standards and public sector auditing can be a strategic investment.

An advisory firm with dedicated government and internal audit practices can offer valuable support during your transition to the new Standards by providing:

• Gap assessments and tailored roadmaps for Standards implementation
• Policy and procedure revisions, aligning with the new requirements
• Training and knowledge transfer to upskill your internal audit team
• Quality assurance reviews to validate your adherence to the updated Standards
• Strategic guidance on enhancing your internal audit function's efficiency and effectiveness

Charting Your Course: Next Steps for Standards Compliance

While the journey ahead may seem challenging, embracing change is crucial to staying relevant and delivering impactful insights. As the January 2025 implementation date approaches, now is the time to assess your readiness and develop a comprehensive strategy for compliance with the new Global Internal Audit Standards.

How MGO Can Help

With extensive experience in public sector auditing and a dedicated State and Local Government team, our knowledgeable advisors can guide you through this transition — enhancing the capabilities of your internal audit function and minimizing disruptions to your organization. Reach out to our team today to discuss how we can help you.