Global Internal Audit Standards (GIAS)

What Are the Global Internal Audit Standards (GIAS)?

The Global Internal Audit Standards (GIAS) published by the Institute of Internal Auditors (the IIA) are a unified set of principles and guidelines designed to elevate the internal audit profession. Developed by leading experts and backed by the International Internal Audit Institute (IIAI), these standards serve as a roadmap for internal auditors to enhance their practices, ensure organizational alignment, and deliver value-added insights.

The GIAS focus on five core domains:

  1. Purpose of Internal Auditing
  2. Ethics and Professionalism
  3. Governing the Internal Audit Function
  4. Managing the Internal Audit Function
  5. Performing Internal Audit Services

Each domain includes principles, standards, and actionable evidence to ensure conformance, providing a clear benchmark for auditors, boards, and organizations.

What Does the Checklist Contain?

To ensure adherence to the GIAS, a detailed checklist has been developed. This checklist identifies necessary documents and evidence of conformance required for each domain, principle, and standard. Here’s what the checklist contains:

1. Ethics and Professionalism

This section emphasizes integrity, objectivity, competency, and confidentiality in internal audit practices. The checklist includes:

  • Training plans for ethics education.
  • Signed acknowledgments of ethical commitments.
  • Records of objectivity training and conflict disclosures.
  • Performance evaluations showcasing honesty and professional courage.

2. Governing the Internal Audit Function

This domain ensures the internal audit function is properly authorized and supported. Key checklist items include:

  • A board-approved internal audit charter.
  • Documentation of resources allocated to the audit function.
  • Meeting minutes affirming organizational independence.

3. Managing the Internal Audit Function

This domain focuses on strategic planning, resource management, and effective communication. Checklist items include:

  • Risk-based internal audit plans.
  • Records of coordination with other assurance providers.
  • Documentation of internal audit methodologies and strategic objectives.

4. Performing Internal Audit Services

This is the execution phase, covering engagement planning, work, and reporting. Checklist components include:

  • Engagement work programs and documented findings.
  • Final reports with clear conclusions and recommendations.
  • Exception tracking systems for monitoring corrective actions.

Why the GIAS Matter

The GIAS provide a structured framework to elevate the internal audit profession and meet the evolving challenges of modern governance. By adhering to these standards, organizations can:

  • Ensure consistency and quality in audit practices.
  • Strengthen governance, risk management, and control processes.
  • Enhance stakeholder confidence through transparency and accountability.

Consolidated list of necessary documents to evidence conformance with the Global Internal Audit Standards

Domain II: Ethics and Professionalism

Principle 1: Demonstrate Integrity

  1. Training plan for ethics education and training.
  2. Attendance records for ethics training (e.g., sign-in sheets, certificates).
  3. Performance evaluations with honesty and professional courage objectives.
  4. Stakeholder feedback on honesty and courage.
  5. Records of participation in workshops on ethical expectations.
  6. Signed forms acknowledging commitment to ethics policies.
  7. Audit plan, work programs, or workpapers addressing ethics-related risks and objectives.
  8. Documentation of ethical issues communicated to senior management and regulators.
  9. Records of training on laws, regulations, and ethical behavior.
  10. Acknowledgment forms for legal and professional expectations.
  11. Methodology for handling illegal behavior.
  12. Records of communication regarding legal concerns.
  13. Reviewed and signed-off workpapers.
  14. Final engagement communications (if applicable).

Principle 2: Maintain Objectivity

  1. Internal audit charter referencing objectivity responsibilities.
  2. Policies and procedures for maintaining objectivity.
  3. Records of objectivity training sessions.
  4. Signed forms confirming understanding of objectivity.
  5. Documentation of disclosed conflicts of interest.
  6. Supervisory and mentoring records.
  7. Policies for identifying objectivity impairments.
  8. Documentation on stakeholder feedback about objectivity.
  9. Quality review notes.
  10. Compensation plans ensuring unbiased assessments.
  11. Meeting minutes on objectivity impairments.
  12. Alternative action plans for unavoidable impairments.
  13. External quality assessment reports.
  14. Methodology for disclosing impairments.
  15. Documentation showing the absence or presence of impairments.
  16. Records of disclosed impairments and stakeholder approvals.

Principle 3: Demonstrate Competency

  1. Records of certifications, education, and experience.
  2. Performance evaluations highlighting development needs.
  3. Attendance records for training and education.
  4. Stakeholder feedback on competency.
  5. Training plans addressing development needs.
  6. Self-assessment documentation for competency improvement.

Principle 4: Exercise Due Professional Care

  1. Checklists demonstrating adherence to standards.
  2. Internal and external quality assessment records.
  3. Documentation showing auditors’ familiarity with standards.
  4. Audit programs based on comprehensive planning.
  5. Records of regular work reviews.
  6. Compliance evidence with laws and regulations.
  7. Documentation of critically evaluated information.
  8. Records addressing identified risks.
  9. Stakeholder feedback on professional skepticism.

Principle 5: Maintain Confidentiality

  1. Records of sensitive information handling.
  2. Evidence of adherence to confidentiality policies.
  3. Training records on information security.
  4. Policies for safeguarding information.
  5. Logs of security measures (e.g., encryption, access controls).
  6. Documentation of responses to confidentiality breaches.
  7. Information security training records.

Domain III: Governing the Internal Audit Function

Principle 6: Authorized by the Board

  1. Board-approved internal audit mandate.
  2. Meeting minutes on mandate reviews.
  3. Documentation of periodic mandate updates.
  4. Current internal audit charter.
  5. Records of charter communication.
  6. Meeting minutes on charter updates.
  7. Documentation of resources allocated to the audit function.
  8. Records of interactions between the CAE and senior management.

Principle 7: Positioned Independently

  1. Policies ensuring organizational independence.
  2. Meeting minutes affirming the CAE’s independence.
  3. Documentation of direct CAE reporting lines.
  4. CAE’s resume and qualifications.
  5. Documentation of the CAE selection process.
  6. Records of CAE’s professional development.

Principle 8: Overseen by the Board

  1. Meeting minutes of CAE interactions with the board.
  2. Approved internal audit plan records.
  3. Board discussions on audit findings.
  4. Internal audit budget documents.
  5. Resource allocation meeting minutes.
  6. Internal and external quality assessment results.
  7. Documentation of improvement initiatives.
  8. External quality assessment reports.

Domain IV: Managing the Internal Audit Function

Principle 9: Plan Strategically

  1. Governance, risk management, and control process analyses.
  2. Records of governance-related training.
  3. Risk-based internal audit strategy.
  4. Documentation of internal audit methodologies.
  5. Approved internal audit plan.
  6. Coordination meeting records with assurance providers.

Principle 10: Manage Resources

  1. Audit budget and expenditure reports.
  2. Staff recruitment and development plans.
  3. Records of training participation.
  4. Technology and tool assessments.
  5. Technology training records.

Principle 11: Communicate Effectively

  1. Records of stakeholder meetings.
  2. Stakeholder analysis documentation.
  3. Communication plans and strategies.
  4. Feedback on audit communication clarity.
  5. Internal audit reports with findings and recommendations.
  6. Documentation of corrected report errors.

Principle 12: Enhance Quality

  1. Internal quality assessment results.
  2. Performance metrics for audits.
  3. Engagement performance review records.

Domain V: Performing Internal Audit Services

Principle 13: Plan Engagements Effectively

  1. Records of engagement communication.
  2. Risk assessment documentation.
  3. Defined engagement objectives and scope.
  4. Documented evaluation criteria.
  5. Engagement resource allocation records.
  6. Work program documentation.

Principle 14: Conduct Engagement Work

  1. Records of information gathering methods.
  2. Analytical methods for findings.
  3. Evaluated findings documentation.
  4. Recommendations and action plans.
  5. Final engagement conclusions.
  6. Work program adherence documentation.

Principle 15: Communicate Engagement Results and Monitor Action Plans

  1. Final engagement communication records.
  2. Exception tracking systems.
  3. Corrective action status reports.

Conclusion

At Leitner & Associates, we are committed to helping organizations implement and comply with the GIAS. Explore our comprehensive checklist and take the first step toward internal audit excellence.

Let’s elevate your internal audit function together!

Sources:

https://www.theiia.org/en

https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards

https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/free-documents/complete-global-internal-audit-standards

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert