New mandatory IIA standards for internal auditing from 2025

In January 2024, the “Institute of Internal Auditors” published the updated “Global Internal Audit Standards”, which are to be implemented by Internal Audit from January 9, 2025.

In addition to the updated Global Internal Audit Standards, the updated framework (IPPF 2024) includes “topical requirements” for the first time, which define binding structures and requirements for audits in predefined risk areas.

Such risk topics include cyber security, service provider management, sustainability / ESG, data protection risk management, fraud risk management, IT governance, organizational governance and performance audits in the public sector.

Why is this important right now?

When the new standards come into force next year, internal auditors will be required to implement the new main areas of focus (including the use of technological resources, relationships and communication lines between stakeholders). In order to ensure timely implementation, it is recommended that a gap analysis is carried out in the current year to validate the extent to which the new requirements have already been implemented and which process adjustments need to be made within the organization.

Would you like to delve deeper into the topic? Then we recommend the detailed article (in German language) by our Moore BRL colleagues

and