Conformance With Internal Audit Standards: Whose Job Is It Anyway?

This year marks the 35th anniversary of The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards). Over the years, the Standards has become recognized as a critical means by which internal auditing’s stakeholders gain assurance on the quality of internal audit’s work. Conforming with the Standards lets our stakeholders know that the internal audit function is a reliable resource because it’s independent; operates with a high degree of professionalism; is staffed with ethical, objective professionals; and adds true value to the organization. As such, The IIA’s Code of Ethics and Certified Internal Auditor designation make conformance with the Standards a requirement for IIA members, IIA certification holders, and candidates.

Yet, often times, internal auditors — especially those at the staff auditor level — may wonder, “What is my responsibility in ensuring my department conforms with every standard?” After all, many internal auditors lack the authority to establish the function’s independence, ensure interaction with the board, or maintain a robust quality assurance and improvement program — all requirements of our Standards. In fact, standards such as Standard 2000: Managing the Internal Audit Activity appear to be written specifically with a chief audit executive (CAE) audience in mind.

The apparent disconnect begs the question, “Whose job is conformance anyway?”

I’m pleased to see that the newly revised Standards, which went into effect Jan. 1, 2013, includes one key piece of additional information that will make conformance that much easier: an introductory paragraph that provides clarification on who is responsible for conformance. The paragraph states:

“The Standards apply to individual internal auditors and internal audit activities. All internal auditors are accountable for conforming with the Standards related to individual objectivity, proficiency, and due professional care. In addition, internal auditors are accountable for conforming with the Standards, which are relevant to the performance of their job responsibilities. Chief audit executives are accountable for overall conformance with the ​Standards.”​ T​his addition highlights the fact that the Standards applies both to individual auditors and the audit activity, or audit department.

The new paragraph clarifies that as individual professionals, we are all responsible for conforming with the Standards by maintaining an impartial, unbiased attitude and avoiding conflicts of interest, by possessing the knowledge and competencies to do our jobs effectively, and by applying the care and skill expected of a prudent and competent audit professional. We also must abide by those standards relevant to the performance of our job responsibilities, such as those on engagement planning, performing the engagement, and communicating results.

So, what is the CAE responsible for? The final sentence in that new introductory paragraph explains that, as the head of the internal audit activity, the CAE is accountable for overall conformance with theStandards. There are a number of standards that pertain to managing the internal audit activity, ensuring that internal audit has a charter, and ensuring that the audit activity maintains a quality assurance and improvement program and undergoes an external quality assessment at least once every five years. More CAEs recognize that the cost of non-conformance is higher than the cost of an external quality assessment. It’s the CAE’s responsibility to conform with those standards.

Ultimately, Standards conformance enhances the reliability of internal audit’s work and the stature of our profession. It’s critical that we all value the Standards, recognize which standards we’re individually and collectively responsible for upholding, and strive for conformance. I encourage you to take the time to review the Standards revisions. (A marked-up PDF version of the revised Standards, which highlights the changes, can be accessed by clicking here.) When you do, I’m confident it will become apparent to you whose job it is to conform with the Standards: Everyone’s.

For more information on changes to the Standards, I also invite you to check out the new AuditChannel video in which I discuss the five most significant revisions that became effective earlier this month.​