Beroepsnormen IPPF 2024
IPPF-evolutie
De beroepsnormen van internal auditing worden geactualiseerd. Informatie over het gehele proces van deze ‘IPPF evolutie’ kunt u vinden op de website van IIA Global. Hieronder vindt u nadere informatie over de resultaten van deze evolutie.
IPPF 2024
Het nieuwe IPPF bestaat uit 3 onderdelen:
- GIAS
- Topical Requirements
- Global Guidance
GIAS
| U kunt hier de tranisitietabel tussen de oude en de nieuwe standaarden downloaden. | U kunt de glossary comparison tussen de oude en de nieuwe standaarden hier downloaden. |
Nieuws:
- Nieuwsbericht: Het IIA publiceert nieuwe wereldwijde standaarden voor internal audit om het beroep de toekomst in te leiden
- Nieuwsbericht: Gaan de nieuwe GIAS de professie helpen? - Audit Magazine in gesprek met Peter Hartog
- Nieuwsbericht: Nieuwe IIA-standaarden tillen het beroep naar een hoger niveau
- Uitgangspunten die we hebben gehanteerd bij deze vertaling zijn uiteengezet in dit document.
Tools:
 |  |
| U kunt de ''Conformance Readiness Assessment Tool'' hier downloaden. | How to Implement the Global Internal Audit Standards in the Public Sector |
 |  |
| Bekijk hier de publicatie over de tool Performance Measurement | Bekijk hier de publicatie over de tool Ethics and Professionalism Acknowledgement |
 |  |  |
Bekijk hier de webinar over de nieuwe Global Internal Audit Standards™ | Download hier de ''Chief Audit Executive’s Domain III Toolkit'' |
Alle nieuwste tools in het standard knowledge center kun je hier in de gaten houden.
Topical Requirements
Op 9 januari 2024 zijn de nieuwe standaarden (GIAS) gepubliceerd. Aanvullend worden er in het IPPF ook Topical Requirements (TR) opgenomen. Dat zijn richtlijnen voor het auditen van specifieke topics, die grote impact kunnen hebben op de organisatie en door veel IAF’s worden onderzocht. De TR beogen de consistentie en kwaliteit van dergelijke audits te borgen.
Als eerste TR is nu de TR Cybersecurity verschenen; deze zal een jaar na publicatie, op 5 februari 2026 effectief zijn.
Meer informatie over de TR’s in het algemeen en de TR Cybersecurity in het bijzonder kunt u vinden op de website van IIA Global.
Daar kunt u ook de Engelse versies downloaden.
De Nederlandse vertalingen zijn hieronder beschikbaar.
 |  |
| U kunt de Nederlandse vertaling van de TR Cybersecurity hier downloaden | U kunt de Nederlandse vertaling van de TR Cybersecurity Gebruikershandsleiding hier downloaden. |
Public Consultation Drafts
Third-Party Topical Requirement
 | |
| Public Consultation Draft Third-Party Topical Requirement | Third-Party Topical Requirement Draft - User Guide |
Cybersecurity Topical Requirement
Global Guidance
Alle informatie m.b.t. de Global Guidance is hier te vinden.
Global Practice Guide: Communicating Final Engagement Results
Strengthen your model risk management (MRM) framework with this guide and its companion tool. As organizations increasingly rely on complex models to drive decisions and meet regulatory standards across multiple industries, the risk of model errors grows.
This resource outlines how internal audit functions can evaluate MRM systems to ensure accuracy, compliance, and governance — helping mitigate risk and enhance model reliability.
The guidance replaces the previous edition published in 2018.
GTAG: Auditing Computing Infrastructure and IT Operations
Strengthen your model risk management (MRM) framework with this guide and its companion tool. As organizations increasingly rely on complex models to drive decisions and meet regulatory standards across multiple industries, the risk of model errors grows.
This resource outlines how internal audit functions can evaluate MRM systems to ensure accuracy, compliance, and governance — helping mitigate risk and enhance model reliability.
The guidance replaces the previous edition published in 2018.
GTAG: Auditing IT Governance and IT Management, 3rd Edition
As organizations grow more reliant on technology, effective IT governance and management are critical to ensuring systems support strategic goals and operate securely and efficiently. Insufficient IT oversight can lead to control failures and operational risk.
This guide helps internal auditors identify gaps, evaluate alignment with organizational objectives, and provide recommendations to bolster IT oversight and resilience.
The guidance replaces “GTAG: Auditing IT Governance” published in 2018 and “Management of IT Auditing” published in 2013.
As a member you can download the rapport here.
GTAG: Auditing Computing Infrastructure and IT Operations
Computing infrastructure and IT operations are the fundamental technology assets and services required for organizations to conduct business operations, manage data, and achieve objectives
This guide helps internal auditors assess risks, evaluate controls, and ensure IT infrastructure and operations support organizational performance, continuity, and resilience
This guide expands on “IT Infrastructure” section of the GTAG “IT Essentials for Internal Auditors,” providing an in-depth look at risks and controls relevant to the hardware and software that run an organization’s technology environment.
This content is exclusively for our members.
Global Practice Guide: Developing a Risk-Based Internal Audit Plan, 2nd Edition
This guide, aligned with the Global Internal Audit StandardsTM, describes a systematic approach for an organization to create and maintain a risk-based internal audit plan.
Comprehensive risk-based planning enables internal audit functions to properly align and focus limited resources on producing insightful, proactive, and future-focused assurance and advice on an organization’s most pressing issues.
The guidance replaces “Developing a Risk-based Internal Audit Plan” published in 2020.
As a member you can download the rapport here.
Global Practice Guide Internal Auditing Competency Framework
This Global Practice Guide provides a practical approach and tools for internal auditors, chief audit executives, and others to define and meet the expectations of their roles. It includes three main components:
- An identification of the competency-related requirements of the Global Internal Audit Standards.
- An Internal Auditing Competency Framework that identifies significant groupings of knowledge and skill areas, along with standardized expectations for proficiency levels.
- A section on how to use the Competency Framework Templates to help identify and assess relevant competencies, promote continuous professional development, and conform with the requirements in the Standards.
- The flexible framework allows each organization to reflect its priorities in its desired mix of competencies and proficiency levels.
This practice guide is available in several languages and free to everyone.
Competency Framework nu beschikbaar in het Nederlands
Het vernieuwde Internal Auditing Competency Framework is nu naast de Engelstalige versie ook in het Nederlands beschikbaar. Dit raamwerk biedt internal auditors wereldwijd een gestructureerde methode om kennis en vaardigheden te beoordelen, te ontwikkelen en af te stemmen op de prioriteiten van hun organisatie.
Naast de vertaling van de de practice guide zijn ook de bijbehorende tools (templates) voor het uitvoeren van zelfevaluaties, het opstellen van opleidings- en ontwikkelplannen en het monitoren van voortgang vertaald. Toegang tot deze documenten is exclusief voor leden van het IIA.
Download de Nederlandse versie van het Competency Framework
Download hier de Nederlandse vertaling van de tools
Global Practice Guide: Coordination and Reliance: Working with Other Assurance Provider
This Global Guidance, aligned with the Global Internal Audit StandardsTM, describe an approach for the chief audit executive to align risk assessments and coordinate with other assurance providers. Such coordination includes documenting the level of assurance each one provides over the organization’s risk areas. The guide also describes an approach to assessing the level of reliance that the internal audit function may place on their work.
Two IIA Audit Tools are available to IIA members with this practice guide.
- Assurance Mapping
- Reliance Assessment
The guidance incorporates content from and replaces “Coordination and Reliance: Developing an Assurance Map,” published in 2018; “Coordinating Risk Management and Assurance,” published in 2012; and “Reliance by Internal Audit on Other Assurance Providers, published in 2011, thus superseding those guides.
As a member you can download the rapport here
Global Practice Guide: Auditing Capital Adequancy and Stress Testing for Banks, 3rd Edition
Stability within the banking sector is crucial to preserving the trust that underpins a well-functioning economy, including during periods of global financial volatility.
This Global Guidance, aligned with the Global Internal Audit StandardsTM, explains capital adequacy and how to plan and perform internal audit engagements to provide assurance on the capital planning and management process as well as associated oversight activities.
This guidance supersedes the previous editions published in 2022 and 2018.
As a member you can download the rapport here
Global Technology Audit Guide: Auditing Cybersecurity Operations: Prevention and Detection, 2nd Edition
This GTAG, aligned with the Global Internal Audit StandardsTM, helps practitioners gain a better understanding of high-level cybersecurity control objectives, allowing them to maximize the value they provide to organizations and stakeholders during audit engagements.
The guide directs practitioners to widely used control frameworks to help identify components of cybersecurity operations, including contributions to system planning and development, as well as controls to prevent or detect cyber incidents.
As a member you can download the rapport here
Global Technology Audit Guide: Auditing Identity and Access Management, 2nd Edition
Identity and access management controls safeguard the confidentiality and integrity of systems and data by restricting users to only the rights needed to fulfill authorized actions.
This guide, now updated to align with the Global Internal Audit StandardsTM, helps internal auditors understand key terms and how to approach an audit engagement to ensure their organization’s IAM protocols mitigate potential security risks. Internal auditors will be able to provide assurance that controls for managing access to IT resources are well designed and effectively implemented.
As an IIA member, you can download the guide here.
GTAG: Auditing Cyber Incident Response and Recovery,
2nd Edition
Cyberattacks have grown dramatically over time with increasing severity, and cybersecurity risks consistently rank among organizations’ most significant concerns.
This GTAG, updated to align with the Global Internal Audit Standards, covers risks and controls that correspond to the NIST CSF “respond” and “recover” functions and gives an overview of the relevant risks and controls to help an internal audit function plan and scope audit engagements. The guide’s references to external control frameworks can help internal auditors develop insightful testing approaches.
This guidance supersedes the previous edition published in 2022.
As an IIA member, you can download the report here.
Global Practice Guide:
Auditing Culture, 2nd Edition
All organizations have a culture, whether intentionally created or not. Likely there are also subcultures within an organization, especially if multiple locations or campuses exist.
This global practice guide will help internal auditors understand risks associated with an organization’s culture, how effective management of those risks supports a successful control environment, and how to approach an assessment of culture, and it’s now aligned with The IIA’s Global Internal Audit StandardsTM.
As an IIA member, you can download the report here.
*This is an update about the new standards.
GTAG: Auditing Mobile Computing, 2nd Edition
Internal auditors must understand common technologies that enable remote work, which has dramatically increased since the COVID-19 pandemic, as well as the risks and consequences that can arise from remote access. Internal auditors should also be equipped to understand standard controls that prevent, detect, or remediate unauthorized access or sharing of information.
This guide, updated to align with The IIA’s Global Internal Audit StandardsTM, explores a range of risks and controls related to a mobile workforce, including specific controls that should be evaluated. This guidance supersedes the previous edition published in 2022.
As an IIA member, you can download the report here.
Global Practice Guide: Auditing Liquidity Risk Management for Banks, 3rd Edition
Liquidity risk management is key to a robust and solvent financial sector. To assure an institution's senior management and board that liquidity risk management is aligned to the business strategy and risk appetite, internal auditors need an approach that fulfills internationally supported standards and local regulations, as well as The IIA’s Global Internal Audit StandardsTM.
This guidance gives an overview of international standards and best practices of LRM, including the use of an LRM framework.
This guidance supersedes the previous editions published in 2022 and 2017.
As an IIA member, you can download the report here.
Global Practice Guide: Assessing the Risk Management Process, 2nd Edition
Risk management is driven by more than regulations and external forces. All organizations can benefit from implementing a risk management process or improving the effectiveness of their existing processes. The benefits of mature risk management include enhancing the ability to achieve strategic and performance objectives and increasing value to stakeholders.
This second edition guide, updated to align with The IIA’s Global Internal Audit StandardsTM, will help internal auditors develop approaches to review and assess the effectiveness of an organization’s risk management. The guide explores critical aspects of risk management maturity, including risk appetite, culture, governance, and enterprise risk management.
This guidance supersedes the previous edition published in 2019.
As an IIA member, you can download the report here.
Chief Audit Executive’s Domain III Toolkit
In the Global Internal Audit Standards, Domain III: Governing the Internal Audit Function requires a discussion between the chief audit executive, the board, and senior management about not only the CAE’s responsibilities but also conditions of support from the board and senior management. The “Chief Audit Executive’s Guide to Domain III” and accompanying presentations provide CAEs with insights into carrying out the critical dialogue, explaining Domain III’s “essential conditions” to the board and senior management, and achieving the principles and requirements of the Global Internal Audit Standards.
The executive summary below is available for public download. In addition, members can download the “Chief Audit Executives' Guide to Domain III: Governing the Internal Audit Function” and four presentations that facilitate the discussion with the board and senior management about Domain III’s “essential conditions” and the principles and requirements of the Global Internal Audit Standards.
As an IIA member, you can download the files here.
GTAG: Auditing Network and Communications Management
This guidance, updated to align with the Global Internal Audit StandardsTM, fills a gap in the GTAG series by covering objectives, risks, and controls related to an organization’s communications ecosystem. Referencing controls in widely used frameworks, this GTAG can improve an internal auditor’s familiarity with and use of such tools in their work.
“Auditing Network and Communications Management, 2nd Edition” offers a broad set of related processes that internal auditors should consider when auditing controls over an organization’s communications ecosystem.
This guidance supersedes the original edition published in January 2023.
As an IIA member, you can download the guidance here.
Global Practice Guide: Building an Effective Internal Audit Function in the Public Sector, 2nd Edition
Updated to align with the new Global Internal Audit StandardsTM, this guide is intended to serve as a practical, step-by-step approach for CAEs. It summarizes the standards, staffing, and resources needed to successfully plan and implement or improve an internal audit function in the public sector.
As an IIA member, you can download the report here.
Global Guidance, Supplemental Guidance of Aanvullende richtlijnen genoemd binnen de huidige Global Internal Audit StandardsTM, omvat Global Practice Guides en Global Technology Audit Guides® (GTAGs®). Deze zullen worden aangepast aan de nieuwe GIAS. De huidige guidance kunt u vinden via deze link.
De nieuwe Global Guidance over ''internal auditing en fraude'' is aangepast aan de nieuwe standaarden en heeft een update gekregen.
Het aanpakken van frauderisico's is een gedeelde verantwoordelijkheid voor iedereen, die begint bij de top en zich uitstrekt over de hele organisatie. Het beperken van het frauderisico kan gevolgen hebben voor het verlies van activa, verminderde efficiëntie, het niet naleven van wet- en regelgeving en een verminderde reputatie.
Het doel van deze Global Guidance, die is bijgewerkt om aan te sluiten bij de Global Internal Audit StandardsTM van het IIA, is om de interne auditor meer bewust te maken van frauderisico's, inclusief de rol die de interne auditfunctie kan spelen, en om richtlijnen te geven voor het uitvoeren van een frauderisicobeoordeling op organisatieniveau.
Als IIA lid kunt u het volledige rapport hier downloaden.
Als IIA lid kunt u het volledige rapport hier downloaden.
Het Standards Knowledge Center is ontwikkeld om interne auditors te helpen bij het begrijpen en implementeren van de Global Internal Audit Standards. U kunt kiezen uit tools, webinars, cursussen, video's, podcasts en meer. U vindt hier ook hulpmiddelen met betrekking tot thematische vereisten en wereldwijde richtlijnen. Bekijk de mogelijkheden via deze link. Graag lichten we hieronder een aantal dingen voor u uit: