| The Global Internal Audit Standards have been available since January 2024, what has changed now that we have reached January 2025? |
The GIAS were released on 9 January 2024 to allow internal auditors to become familiar with the requirements and to prepare their internal audit function for the changes. From 9 January 2025 the GIAS are effective, meaning that they are to be complied with from this date onwards. Members of the IIA-Australia are expected to comply with the 2024 IPPF including the GIAS. |
| There are lots of references to the ‘board’ in the Global Internal Audit Standards. If the board has an audit sub-committee, is it sufficient to report through to the audit sub-committee (where mandated in the Global Internal Audit Standards)? |
The definition of “board” in the GIAS allows for reporting to an audit committee, which is common in Australia. The key requirement is that the audit committee members are not part of organisational management—they must function as a governance body, not a management one. |
| What do I do if my audit committee does not support compliance with the 2024 International Professional Practices Framework including the Global Internal Audit Standards? |
Compliance is not mandatory in all Australian jurisdictions. IIA-Australia acknowledges this and continues advocacy with regulatory and parliamentary bodies to promote understanding and adoption of internal audit standards. |
| What happened to the Code of Ethics, which used to be a separate part of the 2017 International Professional Practices Framework? |
The four principles of the Code of Ethics are now part of the GIAS under Domain II ‘Ethics and Professionalism’. Internal auditors must demonstrate compliance during Quality Assessments. Members must complete at least two CPE hours in ethics annually, with free webinars and resources available. |
| What is the internal audit mandate referred to in the Global Internal Audit Standards? |
The internal audit mandate refers to the internal audit function’s authority, role, and responsibilities as granted by the board or regulations. It is embedded within the audit charter, which should address legal authority, access, independence, and reporting structure. |
| What are the Topical Requirements included in the 2024 International Professional Practices Framework? |
Topical Requirements are mandatory when auditing specific topic areas and ensure consistent methodology. The first Topical Requirement — Cybersecurity — was released in February 2025 and becomes effective in February 2026. Member resources to support the application of the Cybersecurity Topical Requirement are located here.
Forthcoming topics include Third-Party (expected to be finalised by the end of 2025), Organisational Behaviour (currently in draft), and Organisational Resilience. More information about these will be shared through our newsletters, website and member events to keep you informed.
|
| Could you expand on the change in relation to the CAE role being outsourced to a service provider in the Global Internal Audit Standards? |
The GIAS permits outsourcing the CAE role, provided it's held by an individual within the service provider. However, jurisdictional rules apply—for example, NSW local governments must employ their CAE directly. |
| Where do the Global Internal Audit Standards require a Certified Internal Auditor qualification? |
A CIA must be part of the external quality assessment team (Standard 8.4). The CAE themselves does not need to be a CIA but must possess adequate qualifications and experience. CIA exam changes will take effect in May 2025. |
| How does the 2024 IPPF address Quality Assurance and Improvement Plan (QAIP) requirements? Are the quality assurance standards still mandatory? |
Yes, QAIP requirements remain mandatory, now outlined in five standards across Domains III and IV. These include enhanced expectations for strategic alignment, regulatory consideration, performance measures, and supervision protocols. |
| Will external quality assessments measure my internal audit function’s conformance with the 2017 IPPF standards or 2024 IPPF? |
From 9 January 2025, assessments will measure conformance against the GIAS. 2024 work will be assessed based on the standards in place at the time. IIA-Australia’s assessors meet CIA requirements, and the organisation shares insights to support the profession. |
| How have the IIA-Australia’s technical resources been updated for the 2024 International Professional Practices Framework? |
All resources from 2024 onward are aligned to the GIAS. Members-only access includes factsheets, templates, and videos, with a new Quality Toolkit expected by January 2025. Updates and reminders are shared via the member newsletter and upcoming events. |