IPPF/Standards

The IPPF: The Framework for Internal Audit Effectiveness 

The International Professional Practices Framework® (IPPF®) organises the authoritative body of knowledge, promulgated by The Institute of Internal Auditors, for the professional practice of internal auditing.

The IPPF includes: 

  • Global Internal Audit Standards™. 

  • Topical Requirements. 

  • Global Guidance. 



 

Global Internal Audit Standards™ The Standards guide professional internal auditing worldwide. They are principle-based and provide a benchmark for evaluating and enhancing the quality of the internal audit function. Central to the Standards are 15 guiding principles, each supported by specific requirements, implementation considerations, and evidence examples. These elements help internal auditors align with the Purpose of Internal Auditing. (Source: IIA Global)
Topical Requirements Applied based on the internal audit function’s risk assessment, Topical Requirements must be followed when conducting assurance services and are recommended for advisory services. Each comes into effect 12 months post-issue and is supported by a user guide. Developed through a public consultation process led by the Global Guidance Council and IIA staff, these documents assist in consistent implementation across functions. (Source: IIA Global)

Navigating the Global Internal Audit Standards (GIAS) – Online Classroom

September 23 — September 24 (11.30 AM to 3:00 PM)


Upon completing this 7-hour training program, participants will be well-equipped to apply the GIAS principles, enhance their audit skills, and contribute effectively to their organisations’ governance and risk management.

View Event

FAQs

The Global Internal Audit Standards have been available since January 2024, what has changed now that we have reached January 2025? The GIAS were released on 9 January 2024 to allow internal auditors to become familiar with the requirements and to prepare their internal audit function for the changes. From 9 January 2025 the GIAS are effective, meaning that they are to be complied with from this date onwards. Members of the IIA-Australia are expected to comply with the 2024 IPPF including the GIAS.
There are lots of references to the ‘board’ in the Global Internal Audit Standards. If the board has an audit sub-committee, is it sufficient to report through to the audit sub-committee (where mandated in the Global Internal Audit Standards)? The definition of “board” in the GIAS allows for reporting to an audit committee, which is common in Australia. The key requirement is that the audit committee members are not part of organisational management—they must function as a governance body, not a management one.
What do I do if my audit committee does not support compliance with the 2024 International Professional Practices Framework including the Global Internal Audit Standards? Compliance is not mandatory in all Australian jurisdictions. IIA-Australia acknowledges this and continues advocacy with regulatory and parliamentary bodies to promote understanding and adoption of internal audit standards.
What happened to the Code of Ethics, which used to be a separate part of the 2017 International Professional Practices Framework? The four principles of the Code of Ethics are now part of the GIAS under Domain II ‘Ethics and Professionalism’. Internal auditors must demonstrate compliance during Quality Assessments. Members must complete at least two CPE hours in ethics annually, with free webinars and resources available.
What is the internal audit mandate referred to in the Global Internal Audit Standards? The internal audit mandate refers to the internal audit function’s authority, role, and responsibilities as granted by the board or regulations. It is embedded within the audit charter, which should address legal authority, access, independence, and reporting structure.
What are the Topical Requirements included in the 2024 International Professional Practices Framework? Topical Requirements are mandatory when auditing specific areas and ensure consistent methodology. The first—on Cybersecurity—was released in February 2025 and becomes effective in February 2026. Forthcoming topics include Third-Party Risk, Culture, and Business Resiliency.
Could you expand on the change in relation to the CAE role being outsourced to a service provider in the Global Internal Audit Standards? The GIAS permits outsourcing the CAE role, provided it's held by an individual within the service provider. However, jurisdictional rules apply—for example, NSW local governments must employ their CAE directly.
Where do the Global Internal Audit Standards require a Certified Internal Auditor qualification? A CIA must be part of the external quality assessment team (Standard 8.4). The CAE themselves does not need to be a CIA but must possess adequate qualifications and experience. CIA exam changes will take effect in May 2025.
How does the 2024 IPPF address Quality Assurance and Improvement Plan (QAIP) requirements? Are the quality assurance standards still mandatory? Yes, QAIP requirements remain mandatory, now outlined in five standards across Domains III and IV. These include enhanced expectations for strategic alignment, regulatory consideration, performance measures, and supervision protocols.
Will external quality assessments measure my internal audit function’s conformance with the 2017 IPPF standards or 2024 IPPF? From 9 January 2025, assessments will measure conformance against the GIAS. 2024 work will be assessed based on the standards in place at the time. IIA-Australia’s assessors meet CIA requirements, and the organisation shares insights to support the profession.
How have the IIA-Australia’s technical resources been updated for the 2024 International Professional Practices Framework? All resources from 2024 onward are aligned to the GIAS. Members-only access includes factsheets, templates, and videos, with a new Quality Toolkit expected by January 2025. Updates and reminders are shared via the member newsletter and upcoming events.

Reference Documents

Resources

This is a members only resource.

Please login to access.

Webinars

Webinars

This is a members only resource.

Please login to access.