Applying the

Global Internal Audit Standards

THE INSTITUTE OF INTERNAL AUDITORS INDONESIA
PRESENTED AT FORUM PENGUATAN GRC OTORITAS JASA KEUANGAN
Agenda
• From Proposed Standards to Issued: IPPF Project Update,
Overview of Governance and Standards-setting Process.
• Overview of Updated Global Internal Audit Standards.
• Applying the Global Internal Audit Standards in the Public
Sector.
• Our Recommendations.
• What’s Next.
 IPPF Project Update,
Overview of Governance and
Standard-setting Process
 IPPF Governance Process

IIA Global Board of Directors

strategically direct and govern

Stakeholder Groups
provide knowledge, feedback, & input

IPPF Oversight Council

advise and oversee
Affiliates and Chapters

IIA Global HQ
Staff IIA Member Volunteers
(Knowledge Groups)
International Internal Audit coordinate, manage,
Global Guidance Council market, and maintain
Standards Board
develop, direct, and approve Standards
develop, direct, and approve Guidance projects Direct Stakeholders
(IIA members and other in
the internal audit profession)

Indirect Stakeholders
GB Authorization (Public, non-IA Profession)
IPPFOC Independent Oversight
Project Management

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 International Internal Audit Standards Board (IIASB)

• Mission: To serve the

public interest by
developing, issuing,
maintaining, and
promoting the
International
Standards for the
Professional Practice
of Internal Auditing
on a worldwide basis.
• Representing the
internal audit
profession globally
with 21 members
from 18 countries and
various industries and
sectors.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 IPPF Oversight Council

• Mission: To evaluate the due process for setting

standards and guidance to promote inclusiveness and
transparency, which ultimately serves the public
interest and increases stakeholder confidence in The
IIA’s Standards.

Organizations represented:

Publication:
Framework for Setting Internal Audit
Standards in the Public Interest

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
IPPF Evolution Timeline with Resources
Now Q2-Q4 Q1-Q2
Available 2024 2025

• Global Internal Audit StandardsTM basic PDF. • Tool: for CAE communication with board • New Standards become effective
• Condensed version of the Global Internal Audit Standards. and senior management about Domain III. Jan 9, 2025.

• Report on the Standard-setting and Public Comment • Conformance Assessment Readiness Tool • Updated Internal Audit
Processes for the Global Internal Audit Standards. Practitioner exam: no changes
• Refreshed and New Global Guidance before effective date.
• 2-Way Standards and Glossary Mapping. (Global Practice Guides, Global Technology
• Updated Learning Library (2 new courses). Audit Guides). • CIA® exam and study materials:
• Internal Auditor magazine special issue. no changes before May 2025.
• Topical Requirement on Cybersecurity –
iia.mydigitalpublication.com/february-2024. issued for public comment (Apr), followed • New Topical Requirements –
• Standards Knowledge Center: by release (Q4). issued for public comment,
Tools, courses, events, webinars, podcasts, and articles. • Global Internal Audit Standards (The followed by release.
─ Tool: Model Internal Audit Charter (General and Public Redbook) hardcover book (Q3, June).
Sector).
• New GTAG & Practice Guide.
• Global Internal Audit Standards digitally enhanced e-book.
• Translated Standards (including in Bahasa Indonesia).

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Resources: Available at www.theiia.org

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 New IPPF and
Global Internal Audit Standards –
Structure
 The IPPF Evolution
2017 2024

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 The New Structure
5 Domains
15 Principles
• 52 Standards
• Requirements
• Considerations for Implementation
• Examples of Evidence of Conformance

Additional features:
• Fundamentals
• Applying the Standards in the Public Sector
• Glossary

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Global Internal Audit Standards
1. Demonstrate
Integrity
III. Governing the Internal Audit
Function
6. Authorized by the Board
7. Positioned Independently
8. Overseen by the Board
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
5 Domains, 15 Principles
Domain I: Purpose of Internal Auditing
II. Ethics and Professionalism
2. Maintain 3. Demonstrate 4. Exercise Due 5. Maintain
Objectivity Competency Professional Care Confidentiality
IV. Managing the Internal Audit V. Performing Internal Audit
Function Services
9. Plan Strategically 13. Plan Engagements Effectively
10. Manage Resources
14. Conduct Engagement Work
11. Communicate Effectively
15. Communicate Engagement
Conclusions and Monitor Action
12. Enhance Quality Plans
Global Internal Audit Standards –
Glossary & Fundamentals
 Glossary
Old Term or Concept Updated Term New to the Glossary
consulting services advisory services Assurance engagement Internal audit public sector risk tolerance
supervisor charter
engagement opinion engagement
conclusion
competency finding internal audit residual risk root cause
internal audit activity internal audit manual
function
purpose, authority, responsibility internal audit
mandate condition impact internal audit results of senior
plan internal audit management
policies and procedures (internal methodologies services
audit)

Existing Terms With New Definitions criteria inherent risk likelihood risk and stakeholder
control
board
matrix
control processes
engagement integrity may risk workpapers
fraud planning assessment
internal auditing
risk appetite *Not a comprehensive list.
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Board - Definition
Highest-level body charged with governance, such as:
• A board of directors.
• An audit committee.
• A board of governors or trustees.
• A group of elected officials or political appointees.
• Another body that has authority over the relevant governance functions.

In an organization that has more than one governing body, “board” refers to the body or bodies
authorized to provide the internal audit function with the appropriate authority, role, and
responsibilities.
If none of the above exists, “board” should be read as referring to the group or person that acts
as the organization’s highest-level governing body. Examples include the head of the organization
and senior management.
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Fundamentals of the Global Internal Audit Standards

Elevated Introduction highlights 4 main sections:

• Internal Auditing and the Public Interest.

• Demonstrating Conformance with the Standards.
• Application in Small Internal Audit Functions.
• Application in the Public Sector.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
Fundamentals of the Global Internal Audit Standards

Demonstrating Conformance with the Standards

• Conformance is expected but may not always be possible to
achieve.
• Examples of circumstances limiting conformance are often related
to insufficient resources or specific aspects of a sector, industry,
and/or jurisdiction.
• Implement alternative actions to achieve intent of related standard
when possible.
• Documentation and communication of nonconformance is
required.
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Small Internal Audit Functions

The Introduction will recognize the challenges Small Internal Audit

Functions may face in conforming with the Global Internal Audit
Standards:
• Internal audit functions must determine for themselves if they are ‘small.’
• Small may be dependent on the size of the organization or the size of the
internal audit function itself.
• The most significant impacts are likely to be resources and the ability to
meet all the requirements (such as supervision).
• Single person functions may be especially challenged to adequately
implement a Quality Assurance Improvement Program.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Global Internal Audit Standards:
Domains

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain I: Purpose of Internal Auditing
Purpose Statement:
Internal auditing strengthens the organization’s ability to create, protect, and sustain value by providing
the board and management with independent, risk-based, and objective assurance, advice, insight, and foresight.

Internal auditing enhances the organization’s: Internal auditing is most effective when:
• Successful achievement of its objectives. • It is performed by competent professionals in
conformance with the Global Internal Audit
• Governance, risk management, and control
Standards, which are set in the public interest.
processes.
• The internal audit function is independently
• Decision-making and oversight.
positioned with direct accountability to the
• Reputation and credibility with its stakeholders. board.

• Ability to serve the public interest. • Internal auditors are free from undue influence
and committed to making objective assessments.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain II: Ethics and Professionalism
1. Demonstrate 2. Maintain 3. Demonstrate 4. Exercise Due 5. Maintain
Integrity Objectivity Competency Professional Care Confidentiality
Internal auditors Internal auditors Internal auditors apply Internal auditors apply Internal auditors use
demonstrate integrity in maintain an impartial the knowledge, skills, due professional care in and protect information
their work and behavior. and unbiased attitude and abilities to fulfill planning and performing appropriately.
when performing their roles and internal audit services.
internal audit services responsibilities
and making decisions. successfully.
1.1 Honesty and 4.1 Conformance
2.1 Individual 5.1 Use of
Professional 3.1 Competency with Global Internal
Objectivity Information
Courage Audit Standards
3.2 Continuing
1.2 Organization’s 2.2 Safeguarding 4.2 Due 5.2 Protection of
Professional
Ethical Expectations Objectivity Professional Care Information
Development

2.3 Disclosing
1.3 Legal and 4.3 Professional
Impairments to
Ethical Behavior Skepticism
Objectivity

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain III: Governing the Internal Audit Function
Domain III standards include “essential conditions” for an effective internal audit function.

6. Authorized by the Board 7. Positioned Independently 8. Overseen by the Board

The board establishes, approves, and The board establishes and protects The board oversees the internal audit
supports the mandate of the internal the internal audit function’s function to ensure the function’s
audit function. independence and qualifications. effectiveness.

6.1 Internal Audit Mandate 8.1 Board Interaction

7.1 Organizational Independence

8.2 Resources
7.2 Chief Audit Executive
6.2 Internal Audit Charter Qualifications
8.3 Quality

6.3 Board and Senior

Management Support 8.4 External Quality Assessment

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain IV: Managing the Internal Audit Function
9. Plan Strategically
The chief audit executive plans
strategically to position the
internal audit function to fulfill its
mandate and achieve long-term
success.
9.1 Understanding Governance,
Risk Management, and
Control Processes
10. Manage Resources
The chief audit executive
manages resources to
implement the internal audit
function’s strategy and achieve
its plan and mandate.
10.1 Financial Resource
Management
11. Communicate
Effectively
The chief audit executive guides
the internal audit function to
communicate effectively with its
stakeholders.
11.1 Building Relationships and
Communicating with Stakeholders
12.1 Internal Quality Assessment
12. Enhance Quality
The chief audit executive is
responsible for the internal
audit function’s conformance
with the Global Internal Audit
Standards and continuous
performance improvement.

10.2 Human Resource

9.2 Internal Audit Strategy Management 11.2 Effective Communication
12.2 Performance Measurement

9.3 Methodologies 10.3 Technological Resources 11.3 Communicating Results 12.3 Oversee and Improve
Engagement Performance

9.4 Internal Audit Plan 11.4 Errors and Omissions

9.5 Coordination and Reliance 11.5 Communicating the

Acceptance of Risks

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain V: Performing Internal Audit Services
13. Plan Engagements Effectively
Internal auditors plan each engagement
using a systematic, disciplined approach.
13.1 Engagement Communication
13.2 Engagement Risk Assessment
13.3 Engagement Objectives and Scope
14. Conduct Engagement Work
Internal auditors implement the engagement
work program to achieve the engagement
objectives.
14.1 Gathering Information for Analyses
and Evaluation
14.2 Analyses and Potential Engagement
Findings
14.3 Evaluation of Findings
15. Communicate Engagement
Conclusions and Monitor Actions
Plans
Internal auditors communicate the
engagement results to the appropriate
parties and monitor management’s
progress toward implementation of
recommendations or action plans.
15.1 Final Engagement Communication

13.4 Evaluation Criteria

14.4 Recommendations and Action Plans 15.2 Confirming the Implementation of
Action Plans
13.5 Engagement Resources 14.5 Developing Engagement Conclusions

13.6 Work Program 14.6 Documenting Engagements

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Applying the Global Internal Audit
Standards in the Public Sector

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain I. Purpose of Internal Auditing
Purpose Statement:
Internal auditing strengthens the organization’s ability to create, protect, and sustain value by providing
the board and management with independent, risk-based, and objective assurance, advice, insight, and
foresight.
Internal auditing enhances the Internal auditing is most effective when:
organization’s: • It is performed by qualified internal auditors in
• Successful achievement of its objectives. conformance with the Global Internal Audit
Standards, which are set in the public interest.
• Governance, risk management, and control
processes. • The internal audit function is independently
positioned with direct accountability to the
• Decision-making and oversight. board.
• Reputation and credibility with its • Internal auditors are free from undue influence
stakeholders. and committed to making objective
• Ability to serve the public interest. assessments.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain II: Ethics and Professionalism
1. Demonstrate 2. Maintain 3. Demonstrate 4. Exercise Due 5. Maintain
Integrity Objectivity Competency Professional Care Confidentiality
Internal auditors Internal auditors Internal auditors apply Internal auditors apply Internal auditors use
demonstrate integrity in maintain an impartial the knowledge, skills, due professional care in and protect information
their work and behavior. and unbiased attitude and abilities to fulfill planning and performing appropriately.
when performing their roles and internal audit services.
internal audit services responsibilities
and making decisions. successfully.
1.1 Honesty and 4.1 Conformance
2.1 Individual 5.1 Use of
Professional 3.1 Competency with Global Internal
Objectivity Information
Courage Audit Standards
3.2 Continuing
1.2 Organization’s 2.2 Safeguarding 4.2 Due 5.2 Protection of
Professional
Ethical Expectations Objectivity Professional Care Information
Development

2.3 Disclosing
1.3 Legal and 4.3 Professional
Impairments to
Ethical Behavior Skepticism
Objectivity

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain III: Governing the Internal Audit Function
Domain III standards include “essential conditions” for an effective internal audit function.

6. Authorized by the Board 7. Positioned Independently 8. Overseen by the Board

The board establishes, approves, and The board establishes and protects The board oversees the internal audit
supports the mandate of the internal the internal audit function’s function to ensure the function’s
audit function. independence and qualifications. effectiveness.

6.1 Internal Audit Mandate 8.1 Board Interaction

7.1 Organizational Independence

8.2 Resources
7.2 Chief Audit Executive
6.2 Internal Audit Charter Qualifications
8.3 Quality

6.3 Board and Senior

Management Support 8.4 External Quality Assessment

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Domain IV. Managing the Internal Audit Function
9. Plan Strategically
The chief audit executive plans
strategically to position the
internal audit function to fulfill its
mandate and achieve long-term
success.
9.1 Understanding Governance,
Risk Management, and
Control Processes
9.2 Internal Audit Strategy
9.3 Methodologies
9.4 Internal Audit Plan
9.5 Coordination and Reliance
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
10. Manage Resources
The chief audit executive
manages resources to
implement the internal audit
function’s strategy and achieve
its plan and mandate.
10.1 Financial Resource
Management
10.2 Human Resource
Management
10.3 Technological Resources
11. Communicate
Effectively
The chief audit executive guides
the internal audit function to
communicate effectively with its
stakeholders.
11.1 Building Relationships and
Communicating with Stakeholders
11.2 Effective Communication
11.3 Communicating Results
11.4 Errors and Omissions
11.5 Communicating the
Acceptance of Risks
12. Enhance Quality
The chief audit executive is
responsible for the internal
audit function’s conformance
with the Global Internal Audit
Standards and continuous
performance improvement.
12.1 Internal Quality Assessment
12.2 Performance Measurement
12.3 Oversee and Improve
Engagement Performance
 Domain V. Performing Internal Audit Services
No distinction between Assurance and Advisory engagements

13. Plan Engagements Effectively 14. Conduct Engagement Work
Internal auditors plan each engagement Internal auditors implement the engagement
using a systematic, disciplined approach. work program to achieve the engagement
objectives.
13.1 Engagement Communication 14.1 Gathering Information for Analyses
and Evaluation
13.2 Engagement Risk Assessment 14.2 Analyses and Potential Engagement
Findings
13.3 Engagement Objectives and Scope
14.3 Evaluation of Findings
15. Communicate Engagement
Conclusions and Monitor Actions
Plans
Internal auditors communicate the
engagement results to the appropriate
parties and monitor management’s
progress toward implementation of
recommendations or action plans.
15.1 Final Engagement Communication

13.4 Evaluation Criteria

14.4 Recommendations and Action Plans 15.2 Confirming the Implementation of
Action Plans
13.5 Engagement Resources 14.5 Developing Engagement Conclusions

13.6 Work Program 14.6 Documenting Engagements

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Unique Aspects of Auditing in the Public Sector

• Accountability in Public
Funding.
• Nature of Politics.
• Governance.
• Public Good/Public Interest.
• Transparency, Ethics and
Integrity.
• Legal, Regulatory, and Fiscal
Compliance.
• Efficiency, Effectiveness, and
Equity in Public Service
Delivery.
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Our Recommendations

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 IIA Indonesia Recommends
Familiarize with the new
Standards
Enforce ethics
Develop IA strategic
plans: GRC-based plan,
IA strategy, restructuring
audit methodology.
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
Refresh understanding on Align actions and priorities
organization values and to the organization's
Update the IA Charter to
assess what value can Obtain feedback from key vision, strategy, and
incorporate the new ethics
Internal Audit provides to stakeholders governance model and
and professionalism
the organizations in update the IA Strategic
relation to GRC Plan
Perform an IA Readiness
Create plans to develop Develop Quality
Assessment to identify
Assess Chief Audit coordination and Assurance and
what needs to change to
qualifications collaboration with the first Improvement Programme
conform with the new
and second line (QAIP)
Standards.
Reflect these changes in Socialize [new] IA
Refresh your IA training
Develop IA performance your IA policies, reporting and
and development
measurements. procedures, and communications approach
programme
templates to all IA stakeholders
Keys to Successful Implementation of the Global Internal
Audit Standards
1. Align with key stakeholders.
2. Get and develop the right resources.
3. Continue to improve.
4. Deliver value.
5. Manage internal audit strategically.
6. Proactively assess your organization’s risk management and governance
processes.
7. Strive for excellence (performance + conformance).

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 What’s Next

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
What’s Next?
• Implement!
• Topical
Requirements.
• Quality Assessments.
• Certifications.
• Additional Resources.
• To Learn More
www.theiia.org/New
Standards

Keep up with the latest!

theiia.org/IPPFEvolution
 Topical Requirements
A Topical Requirement Is: Why Topical Requirements?
• Required when an internal auditor is performing an • Strengthen the ongoing relevance of the IPPF by
assurance engagement on a topic/risk area for which a addressing pervasive and evolving risks.
Topical Requirement exists. • Ensure consistency and quality of engagement
• Subject to applicability as determined by risk-based internal performance.
audit plan. Limitations must be documented.
• A baseline for engagement performance when the topic/risk area is How?
subject to review.
• Development by experts and internal audit leaders
• Covers aspects of governance, risk management, and control representing various sectors and industries globally.
processes.
• Broad proactive stakeholder outreach and feedback
• Subject to external quality assessment. collected through a public comment period.
• Ongoing oversight of due process by IPPF Oversight
A Topical Requirements Is Not: Council, an independent body comprising
• A requirement to perform an engagement on the topic. representatives of global organizations.
• A comprehensive work program.
• Designed to address emerging topics.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 External Quality Assessments
Options for Planning EQAs
Based on the January 2024 issuance of the Global Internal Audit Standards and the effective
date of January 2025.

If the EQA is due in 2024:

2024
• The quality assessment should be conducted as scheduled in conformance with the
current IPPF.
• A gap assessment should be considered in 2024 in addition to the current EQA to
prepare for the transition.

2025 or If the EQA is due in 2025 or beyond:

beyond
• The quality assessment can be accelerated into 2024 to allow for the assessment to be
conducted in conformance with the current IPPF.
• A readiness assessment can be conducted in 2024 to identify any gaps for the
implementation of the Global Internal Audit Standards.
©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
 Changes to Examinations for IIA Credentials

Exam
• No changes before May 2025. • No changes before effective
date.
Transition period
• Now available. Scan QR code for details.

• Not affected; remains the

same.

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
Upcoming IIA Happenings

Professional Auditor Forum WORKSHOP 2024 ACIIA REGIONAL WORKSHOP

CONFERENCE
Effective Data-Driven, Navigating The Global Impactful
Board-Ready Audit Internal Audit Standards IIA INDONESIA is hosting Communication
the 2024 Asia Pacific Skill
Management, in
13 – 14 June 2024 regional conference
cooperation with Diligent
Tentrem Hotel, Semarang 30 August 2024
28 – 29 August 2024 Bali Nusa Dua
12 June 2024, 09:00 – 12:00
Bali Nusa Dua Convention Convention Centre
Le Meridien Ballroom, Jakarta
Centre
FREE for members

https://iia-indonesia.org/paf-12jun24/ https://iia-indonesia.org/workshop- https://aciia.iia-indonesia.org/ https://aciia.iia-indonesia.org/

navigation-global-ia-standards-13jun24/

©2024, The Institute of Internal Auditors. All rights reserved. For individual personal use only.
Q&A
COPYRIGHT NOTICE
The Global Internal Audit Standards and related materials are protected by
copyright law and are operated by The Institute of Internal Auditors, Inc.
(“The IIA”). ©2024 The IIA. All rights reserved.

No part of the materials including branding, graphics, or logos, available in

this publication may be copied, photocopied, reproduced, translated or
reduced to any physical, electronic medium, or machine-readable form, in
whole or in part, without specific permission from the Office of the
General Counsel of The IIA, copyright@theiia.org. Usage and distribution
for commercial purposes is strictly prohibited.

For more information, please read our statement concerning copying,

downloading and distribution of materials available on The IIA’s website at
www.theiia.org/Copyright.
 Thank you!

Elevating the Standards.

Elevating the Profession.
Elevating Impact!