PwC - Implementing the IIA’s new Global Internal Audit Standards

Use the IIA’s new Global Internal Audit Standards™ to drive transformation and value from your Internal Audit function

Focusing on the future: Introducing the new Standards

The Institute of Internal Auditors (IIA) revised its Global Internal Audit Standards™ (“the Standards”) in 2023 to support the continued evolution of the profession and help organisations address today’s complex risk landscape. 

This represents a significant opportunity for Internal Audit (IA) functions to incorporate the latest developments in good practice and drive transformation to increase the value they can provide to their stakeholders.

All organisations will need to consider their response and implement changes for the new Standards in 2024, ready to conform in 2025. Find out below how PwC can help you.

An opportunity to transform: Key Changes in the Standards

The Standards, which can be found on the IIA’s global website, include additional focus on areas such as:

  • Board (or equivalent) involvement in IA

  • IA mandate, vision and strategic plan

  • An understanding of risks and coverage throughout the organisation

  • Planning, tracking and measuring performance (e.g., efficiency and quality)

  • IA reporting, evaluating findings and effective communication

There will also be new Topical Requirements and guidance that help IA functions focus on key risk areas. These include topics such as Cybersecurity, Information Technology Governance, Privacy Risk Management, Sustainability and ESG (Environmental, Social & Governance), and Third-party Management.

A unified approach: How leadership should respond

The new Standards are not just relevant to IA—they impact the whole organisation. This means the Board and each line need to work together to capture the opportunities the new Standards bring. This includes:

Board/Audit Committee and Senior Management

Second Line (e.g., Risk, Compliance)

IA Leaders (e.g., Chief Audit Executive)

Consider how a strong IA function can help the company achieve its vision by building resilience to protect value, and give the business confidence to transform to create value.

Questions to ask:

  1. Has leadership had sufficient input to the IA plan on strategic priorities?

  2. Can the new IIA Topical Requirements help us better focus on strategic risks?

  3. Can we coordinate investment and effort across teams to get the best return on investment from the changes?

Capture the opportunity to align and collaborate with IA to strengthen the company’s approach to risk and optimise assurance and monitoring activities.

Questions to ask:

  1. Can we use assurance mapping to reassess risk coverage?

  2. Where can joint training and upskilling enhance collective expertise on key risk areas?

  3. What opportunities are there to collaborate with IA on approach, tools, technology and data?

Use the new Standards to continue the IA transformation journey and engage differently with stakeholders.

 Questions to ask:

  1. Is there an opportunity to refresh our IA strategy and align with the organisation’s latest objectives?

  2. How can the new Standards help drive change in IA (people, processes and technology)?

  3. How can benefits from implementing the new standards be measured and monitored?

Benefits: Unlocking the potential of IA

Organisations will be at different levels of maturity in relation to corporate governance and risk management. Critical to this is having a modern IA function that can adapt to a changing risk landscape and incorporate the latest Standards and best practices. 

Based on the key areas of focus in the new Standards, benefits could include, for example:

  • Better stakeholder alignment - through additional Board and Senior Management engagement in the IA life-cycle, alignment on strategic priorities and coverage, and optimised IA reporting

  • More effective auditing of important risks - incorporating IIA Topical Requirements and guidance to help IA enhance its approach to addressing key risk areas

  • Increased efficiency and risk coverage - by further cooperation with second line and a clear understanding of assurance activity mapped to key risk areas

  • Additional insights and value to the business - as a result of IA training and upskilling, including knowledge of strategic/business risks, audit methodology, and technology and data

5 steps to drive change: How PwC can help

There are five key steps involved in implementing the new Standards. Please speak to your local PwC team on how they can help you maximise the value at every stage. Click on each to find out more:

1. Assess readiness and agree priorities

Confidence in your response to the new Standards
  • Perform an IA Readiness Assessment to identify what needs to change to conform with the new Standards

  • Discuss impact of changes with key stakeholders, including Board/Audit Committee, Senior Management, Risk and Compliance functions (e.g., in stakeholder workshops)

  • Agree actions and priorities that will have the best outcomes for the organisation

2. Create transformation plan and refresh IA strategy

New opportunities to create value and forge stronger alignment
  • Align actions and priorities to the organisation’s vision, strategy, and governance model and update the IA Strategic Plan

  • Create an IA Transformation Plan to achieve IA strategic plan and implement the new Standards, including key actions, success factors, resources, communication plan, and timeline

  • Incorporate digital IA strategy to embed technology changes to optimise IA and governance activities. This should include how IA will capture opportunities from Artificial Intelligence (AI)

  • Map and agree organisational dependencies required to implement the plan, including Board/Senior Management input, investment, and cooperation of first and second line

3. Implement the plan

Reaching the next stage of IA maturity
  • Implement plans; which may include changes to:
    • IA’s mandate and strategy
    • Coordination and collaboration with the second line
    • IA competencies and resource model
    • IA reporting and communications
    • Quality Assurance and Improvement Programme (QAIP)
    • IA technology and data
  • Reflect these changes in your IA policies, procedures, and templates

4. Brief and train your people

Using the new Standards to unlock your IA ‘superpowers’
  • Refresh your IA training and development programme, to reflect the new Standards

  • Incorporate the IIA’s new Topical Guidance

  • Run stakeholders briefings and workshops to raise awareness, increase engagement, and embed behaviours (e.g., how to effectively manage more Board/Senior Management  involvement and coordination with second line)

5. Monitor outcomes

Track and amplify successes for continual improvement
  • Monitor achievement of success factors and track IA Key Performance Indicators (KPIs) to measure benefits

  • Obtain open feedback from stakeholders to gauge where they are getting the most value from the changes and amplify this across other areas, where appropriate

  • Fine tune QAIP activities in response to KPIs and feedback. Capture and implement additional improvements or factor into next IA plan
  • Prepare for the next External/Strategic Quality Assessment to independently check conformance with the new Standards


Please contact the Internal Audit team of your local PwC firm to find out more about how we can help you implement the new IIA Standards and get the best out of this opportunity for your organisation.

Shaun Willcocks

Global Risk Markets Leader, Global Internal Audit Leader, Partner, PwC Japan

+81 (0)90 6478 6991


Mike Maali

US Internal Audit Leader, Partner, PwC United States

+1 (630) 209 6384


Richard Thomas

EMEA Internal Audit Leader, Partner, PwC Switzerland

+41 79 816 27 00


Justin Martin

UK Internal Audit Leader, Partner, PwC United Kingdom

+44 (0) 7881 802 336


Sophie Langshaw

Australia Internal Audit Leader, Partner, PwC Australia

+61 41 052 0548


Eric Yeung

China and Hong Kong Internal Audit Leader, Partner, PwC Hong Kong

+852 2289 1953


Kathrin Kersten

Germany Internal Audit Leader, Partner, PwC Germany

+49 69 9585 1201


Carlie Persson

Canada Internal Audit Leader, Partner, PwC Canada

+1 780-441-6700


Deborah Mack

US Internal Audit Partner, PwC United States

+1 646-592-0031


Featured content

Discover more on creating a world class IA function and read other information from PwC on related areas:

Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.