Internal audit shifts to strategic partner

Internal audit teams are being pushed to act less like compliance checkers and more like advisers on future risks under the profession’s new global rulebook. (theiia.org) The Institute of Internal Auditors published its 2024 Global Internal Audit Standards on January 9, 2024, and made them effective on January 9, 2025. The standards are now a mandatory part of the International Professional Practices Framework used across the profession. (theiia.org) The framework is organized into five domains, including “Governing the Internal Audit Function” and “Managing the Internal Audit Function.” Those sections tell chief audit executives to work with boards, set strategy, allocate resources, and measure performance instead of focusing only on individual audits. (theiia.org) KPMG said one of the biggest changes is Standard 9.2, which requires the chief audit executive to develop a strategy for the internal audit function that supports the company’s strategic objectives and stakeholder expectations. The firm also highlighted new “essential conditions” for boards and senior management to support effective oversight. (kpmg.com) That shift pulls internal audit closer to the audit committee and the board. Forvis Mazars said Domain III spells out board responsibilities more directly, including authorizing the function, protecting its independence, and overseeing its performance. (forvismazars.us) The standards also widen the list of risks internal audit is expected to cover. PwC said the related topical requirements and guidance point teams toward areas including cybersecurity, information technology governance, privacy, sustainability and environmental, social and governance issues, and third-party management. (pwc.com) That matters for companies dealing with artificial intelligence rollouts, climate reporting, and vendor concentration at the same time. The standards require audit planning to be based on documented assessments of the organization’s strategies, objectives, and risks, rather than a static checklist. (kpmg.com) LeadershipAcademy, which offers external quality assessments for audit functions, is pitching that change as a governance issue as much as a compliance one. On its site, it says internal audit should provide “assurance, advice, insight, and foresight” and be positioned as a strategic partner to boards and management. (governanceacademy.co.za) The profession’s baseline has not disappeared. The Institute of Internal Auditors still describes the standards as the basis for evaluating and elevating audit quality, while saying conformance builds trust in auditors’ work and judgment. (theiia.org) The practical question in 2026 is no longer whether internal audit files meet the standard. It is whether audit leaders can show boards that their plans cover the next wave of risks before those risks become failures. (theiia.org)