Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

Heads of Internal Audit and Local Authority Virtual Forum

2023 

Please note:

  • All Institute responses are boxed and highlighted blue.
  • Where the chair comments in that capacity, the box is highlighted in yellow.
  • For confidentiality, the identities of all delegates/attendees are anonymised.

 

Chair opening comments | Derek Jamieson | Head of Member Services, Chartered IIA UK and Ireland

The topic today is the new Global Internal Audit Standards.

They bring a different perspective to what we should be doing as internal auditors. They raise the anti in terms of what to expect from internal audit, and also provide focus for governance leaders.

If you haven’t read the draft or thought about them a great detail, now is the time.

If we are auditing an organisation or function that is going through any change agenda, we would expect them to be aware of what’s needed, plan for it and execute it in plenty of time. We should be doing the same too.

Today Liz Sandwith, Special Advisor, International Internal Audit Standards Board (IIASB) and Independent Consultant Internal Audit, Risk Management and Assurance, will share this journey and what you as internal auditors should be preparing for.

 

 The attached slides detail the change process

  • The process the IIASB have been through to deliver the new Standards
  • Noteworthy changes to the glossary
  • Timeline for topical requirements (which will be mandatory, if the topic is included in your internal audit plan)
  • Options for EQAs
  • Student impact timelines re CIA and IAP 
  1. Click here for presentation slides.
  2. Bookmark this blogpost - regularly updated on the new Global Internal Audit Standards.
  3. Specific documents that you may find useful:

Draft new Standards mapped to existing IPPF
Details of Topical Requirements
Details specific to Public Sector
Suggestions for conversation starters with your audit committee  

Chair closing comments

This is the direction of travel. We need to pick up the Standards to read and digest them. We need to engage with each other as we make sense of them. As part of the programme for 2024, we will have some HIA sessions to get into the detail of the Standards in a practical way. I’m keen that we discuss this as a community – particularly the things that are more challenging.

Thank you for your engagement today. This is critical. It’s the rulebook for what we do.

The bi-monthly schedule for 2024 will be published before Christmas.

Chat Questions and Comments

Answers from speaker, anonymised comments from attendees

Q| Can you confirm that this is the direction of travel for any organisation?

A| Yes, many regulators and governments have been looking for this from internal audit. The IPPF was fragmented and this created the perception that they were lightweight. Now it is all one document and runs to over 100 pages initial feedback is that they now recognise that internal audit has standards.

Q| I welcome the new standards. But they seem to be how we used to work before digitalisation. That seems to be missing so will they attract Gen Z into the profession?

A| It was necessary to make the Standards fit for purpose for all countries, recognising that the pace of digitalisation is different across the globe. I would hope that the topical requirements will go some way to address this.

Q| What about EQAs done by others who have no IIA Qualifications but have significant IA experience being EQA Assessor - will they still be able to carry out the EQA eg Cipfa Member carrying out EQA in Local Government?

A| There is no longer a requirement for an EQA reviewer to have CIA. It is about a relevant qualification, so it depends how you choose to define that. I think it would have been useful for a reviewer to have CAE experience. The EQA manual that complements the Standards is also being refreshed and due for publication next year, which will include more detail.

Q| Are there timetables to align FS IA code and Public Sector Internal Standards to these new standards?

Q| Will there even be a need for separate PSIAS given the 'public sector' elements in the new GIAS?

A | The Chartered IIA is currently working through a review of the existing Codes in light of the new Global Standards. I would hope that the inclusion of specific public sector references in the new standards means that the PSIAS are not required, and discussions are ongoing with regards to drafting a Code of Practice for the public sector.

Q| Is the move to engagement conclusion rather than opinion going to limit Auditors. Conclusions require defined substantiated evidence - opinions allow other information not necessarily able to be physically evidenced to play a part (Auditor Gut Feel).

A| Both need to be appropriately evidenced. A conclusion for example might be made at the end of an individual audit engagement whereas an opinion might relate to a broader view across multiple pieces of work and insights. I would say don’t get too hung up on the terminology, so long as your organisation understands what it is and what it means that’s the most important thing.

Q| Is the CIIA going to compile a defacto pptx for audit committees? 

A| There is a document that Global IIA produced to encourage conversation between the CAE and Audit Committee chair. Click here for the detail. 

Q| The topical requirements may duplicate other frameworks in place - eg Cyber security already has NIST and NCSC frameworks to work to?

A| They are currently being worked on so as yet I haven’t had visibility. Myself and colleagues from other countries have shared thoughts about various frameworks and I would hope they are not being created in isolation. There is good existing work and different requirements across countries.

Q|I work overseas a lot. In many languages there is no distinction between 'must' and 'should'. How will translation be managed to ensure there are truly global internal audit standards?

A| It is a really important part of the translation process. For example, I’ve been told that in Chinese the word assurance translates to guarantee which is a very different nuance.

Q| Looking back across the profession, how quickly have we picked up changing expectations and adopting new styles?

A| No, we’re not quick. Too often we let the grass grow under our feet rather than seize opportunities. I was reading a report recently about the challenges that CEOs are facing. It occurred to me how much more we can do to support not only our audit committees and senior management but also our CEOs. At the start of the pandemic, at this forum, there were Heads of who didn’t want to do things as they thought it would compromise their independence. That attitude has changed so much in the last three years in terms of being more receptive to conversations and contributing more. We need to keep doing that, pushing forward and doing it fast.