In July this year the Institute of Internal Auditors (IIA) unveiled enhancements to its International Professional Practices Framework (IPPF). It’s important to know what’s changed and what hasn’t and that’s why we’ve summarized the changes for you. More resources and comprehensive update descriptions can be found on the IIA website (https://global.theiia.org/standards-guidance/Pages/New-IPPF-What-to-Expect.aspx). A great video of the changes developed by the IIA can be found here: https://global.theiia.org/standards-guidance/Pages/New-IPPF.aspx#ippfvid
The IPPF now contains a “Mission of Internal Audit” statement. The mission reads as follows:
“To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.”
This mission describes what the internal audit function aspires to accomplish within an organisation. This is different to the “Definition of Internal Auditing” which describes what Internal Audit is. Achievement of the mission is supported by all of the different elements of the IPPF, as illustrated in this image:
The IPPF Standards have always been “Principles-based”, but these principles were not defined in previous versions of the framework. The new IPPF has defined 10 Core Principles for the Professional Practice of Internal Auditing. To be effective, internal audit practitioners and the activities that they serve must be able to demonstrate achievement of all ten principles.
The 10 principles are as follows:
The way that the mandatory, recommended, implementation and supplementary guidance is defined and how the purpose is conveyed has changed in this update.
The words “Strongly Recommended” have changed to “Recommended” for the non-mandatory elements of the IPPF.
Definition of Internal Auditing
The “Definition of Internal Auditing” remains the unchanged in the updated IPPF. The definition continues to read as:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Code of Ethics
The Code of Ethics remains unchanged in the new IPPF. The principles of Integrity, Objectivity, Confidentiality and Competency remain expected of every internal auditor.
All existing standards
No changes to the existing standards have been made in this update.