by Draginja Waser, Senior Finance Director & Organisational Coach
and Anastasia Weiss, Senior e-Learning & LMS Specialist at Indigita SA
A new era has begun for internal auditors worldwide. Since January 2025, the Global Internal Audit Standards have reshaped the profession, putting governance at the very core of audit effectiveness. For businesses, boards, and executives, this shift signals a profound change: audit is no longer just about assurance, but about strategy, accountability, and trust.
A Step Beyond the 2017 Standards
Released by the Institute of Internal Auditors (IIA), the 2024 Standards replace those of 2017 and reflect the maturity of the profession. Internal audit is no longer seen merely as a watchdog. It is now positioned as a proactive partner in governance, resilience, and ethical clarity.
Accountability at the Top
One of the most notable changes is the explicit codification of board and senior management responsibilities. Their support is now defined as an “essential condition” for conformance. The Chief Audit Executive (CAE) must actively engage both groups in discussions on risk tolerance, audit strategy, and organizational ethics. Without this top-level alignment, performance gaps are no longer considered incidental. They are formally acknowledged as risks to audit effectiveness.
A Strategic Role for the CAE
The CAE is no longer only the head of audit engagements. The role now carries a strategic mandate: defining and communicating a three-to-five-year audit strategy, complete with objectives and initiatives, to be reviewed regularly with the board and management. This elevates the CAE into a governance influencer. The role bridges audit with enterprise strategy and measures success not just by completed engagements, but also by long-term contribution to governance and risk posture.
Quality as a Shared Responsibility
Quality assurance has also been redefined. Where earlier standards emphasized internal monitoring programs, the new framework makes quality a shared responsibility between the audit function, management, and the board. Boards must now approve internal audit performance objectives and participate in annual evaluations. This shift turns quality into a governance-led framework, holding all parties accountable for audit value and effectiveness.
Governance through Communication
Communication has become a governance tool in its own right. The Standards require CAEs to formalize relationships with key stakeholders, from boards to external assurance providers. Transparent engagement, through structured reporting, stakeholder dialogues, and thematic communications, is now an expectation.
Beyond reporting individual findings, CAEs must also identify broader patterns and trends across multiple audits. This analytical role brings internal audit closer to decision-making at the strategic level and helps organizations respond more quickly to emerging risks.
Implications for Business and Banking
These changes mark a turning point: internal audit is moving from a compliance checkpoint to a central pillar of corporate governance. For many industries, this will require significant cultural adjustment.
In banking, however, governance has long been defined by regulation. In Switzerland, for example, supervisory circulars since the mid-1990s have required that internal audit be appointed by and report directly to the board, ensuring independence from management. This contrasts with industrial sectors where no such legal safeguards exist and where internal audit may report to executives, potentially compromising its independence.
Balancing the new Global Internal Audit Standards with established banking regulations means aligning global best practices with national legal requirements. While the Standards encourage extensive interaction with both boards and management, Swiss banking law prioritises strict independence from management. The challenge lies in fostering constructive engagement with executives without blurring the reporting lines that remain firmly anchored with the board.
Looking Ahead
The 2024 Global Internal Audit Standards are more than a technical update. They are a governance blueprint. They raise expectations for boards, executives, and auditors alike, making governance not just a support mechanism but the very foundation of audit effectiveness.
For organizations, the message is clear: success will depend less on checklists and more on independence, communication, and strategic vision.
