Update: Setting the Standards

The IIA is entering month two of the public comment period on its draft Global Internal Audit Standards. These new Standards transform both the International Professional Practices Framework and the International Standards for the Professional Practice of Internal Auditing. 

Over two years, The IIA’s International Internal Audit Standards Board received input from 115 IIA affiliates, nearly 4,000 internal audit practitioners, and other relevant stakeholders to reimagine the Standards in a more clear, direct form that better reflects today’s risk environment.

“Internal auditors told us they need clear and direct guidance from The IIA,” says IIASB Chairman Mike Peppers. “Now more than ever, we need standards that meet their needs and raise the quality of the internal audit services they provide.” The new Standards simplifies the six components of the IPPF into two areas, Standards and Guidance. Each of these is organized into five domains: Purpose of Internal Auditing, Ethics and Professionalism, Governing the Internal Audit Function, Managing the Internal Audit Function, and Performing Internal Audit Services. The updated Standards also include:

• Considerations for implementation and evidence of conformance, making it easier for practitioners to understand and conform with individual standards.
• Sections that specifically address the nuances of public sector internal auditors, small audit functions, and outsourced services.

No Hiding from Tougher Data Privacy Laws

Organizations need to keep better track of personally identifiable information and the laws around it.

The protection of personal data is in the spotlight this year. That’s because data privacy laws are getting more stringent in the U.S., European Union, and other parts of the world. In 2022, fines levied for violations of the EU’s General Data Protection Regulation roughly tripled, from more than $1 billion in 2021 to $3.1 billion in 2022, according to a report by global law firm DLA Piper. The GDPR applies to organizations that do business with consumers in the EU, the U.K., and countries that are part of the European Free Trade Association.

Further, the European Commission, the EU’s executive body, announced in January that it was committing to conducting regular oversight of how state data protection authorities enforce the GDPR’s rules, particularly with big cases. “This heralds the beginning of true enforcement of the GDPR, and of serious European enforcement against Big Tech,” says Johnny Ryan, an Irish Council for Civil Liberties senior fellow.

Meanwhile in the U.S., several states have decided to model portions of their privacy laws after the GDPR. The California Privacy Rights Act and the Virginia Consumer Data Privacy Act both went into effect in January, and similar measures in Colorado and Connecticut will begin in July. An updated data privacy law for Utah goes into effect Dec. 31. According to some experts, more states and countries will likely follow Europe’s rights-based approach to personal data protection. —Christine Janesko

Meet COSCO's New Board Chair

Lucia Wind is COSO board chair and CAE and vice president of Internal Audit at UnisysFairfax, Va.

What motivated you to take on this position?

What intrigued me most about this role was the opportunity to give a voice to all the internal audit and risk practitioners, such as me. We are one of the ultimate consumers of the frameworks and thought leadership papers produced by COSO and often have a unique perspective from our experience in the field. Practical knowledge and experience continue to be crucial components of successful adoption of any thought leadership guidance. COSO is a household name for any internal audit or risk function, providing us with tools to be more effective practitioners as we navigate the work of risk and compliance.

How do you see internal audit's role evolving?

Consistent with the trends we already see in this era of disruption and business transformation, I expect internal audit to continue to move toward more automated, analytical, and predictive functions within organizations. The availability of data will enable auditors to audit smarter, faster, and more efficiently. With the pervasive use of technology enabling companies to automate even the simplest of business processes, the lines between traditional business process and financial audit skills and IT audit skills will likely fade, as audit professionals will need both sets of core skills. This will not eliminate the need for subject matter experts — rather, it will optimize routine audits many internal audit functions have on their annual audit plans.