The economic landscape has evolved tremendously over the past several years, with a significant focus on M&A, innovation, technology, AI, and new and complex accounting standards for revenue, leasing, and credit losses. Topics such as automation, data and cybersecurity, and environmental, social, and governance (ESG) reporting remain at the forefront. As a result, business activities, transactions, and companies’ operations are becoming increasingly complex. While these changes are positive for an organization’s growth in the long run, they come with growing pains and new risks for management teams and boards of directors to manage.

What Do These Recent Changes Mean for Internal Audit?

Organizations must stay ahead of these evolving risks. The recent economic changes redefine the purpose of an internal audit function: to become a better business advisor. Alongside the changes are ensuing legislation and rules, advancements in information technology, M&A, organizational changes, and global marketplace concerns, all introducing risks to be managed and placing further strain on limited accounting and enterprise risk management resources.

The internal audit function offers assurance to management and the board regarding the organization’s understanding and proper management of risks. Additionally, it functions as an internal consultant in various areas of interest, making it a valuable tool in this era of constant change and innovation.

What Has Changed?

Regulatory bodies and monitoring boards are addressing the risks of this changing economic landscape through various initiatives. The Institute of Internal Auditors (IIA) recently issued the new Global Internal Audit Standards effective in January 2025 to help internal auditors and organizations respond to these progressing risks. These revised standards aim to make the internal audit function a more critical partner to the senior management and oversight board. It applies to all entities, and organizations are encouraged to adopt these standards early on. The following are some of the changes to note and questions that your organization may consider:

Governance models to respond to evolving risks.

  • Does your chief audit executive encourage your board and senior management to perform necessary oversight responsibilities for an effective internal audit function, including considerations and inputs to the internal audit charter?
  • Does your internal audit have direct access to your board and senior management?
  • Does your board and senior management understand the governance and oversight responsibilities related to your internal audit activities?

Agile framework for internal auditors to be able to adapt to unique challenges

  • Does your internal audit strategy ensure alignment with your organizational goals and risk management?
  • Does your internal audit strategy ensure alignment with the expectations of your board, senior management, and other stakeholders?
  • Is your internal audit plan based on a documented assessment of the organization’s strategies, objectives, and risks?

Improved IIA measures of performance 

  • Do your stakeholders find the contents of your reports valuable in decision-making?
  • Are the results of your internal audit activities aligning with your organizational goals?
  • Are your engagement findings prioritized based on significance?
  • Is your reporting mechanism providing the right balance between providing relevant details and maintaining concise reporting? Does your report allow users or stakeholders to understand and interpret the results of your assessments easily?

Specific guidance on focus areas such as cybersecurity, IT governance, ESG, third-party management, and more

  • How are new business activities integrated into your risk management activities?
  • Are your internal audit activities considering new focus areas?
  • Are your organization’s internal audit activities equipped to address new strategic risks, emerging risks, and operational risks?

Independent external quality assessment 

  • Does your organization have at least one CIA to perform an independent assessment?

About Calvetti Ferguson Internal Audit Services

Effectively managing risks is essential for senior management, the board, and every member of an organization, enabling them to pursue growth strategies efficiently. Calvetti Ferguson can significantly enhance value for your stakeholders by collaboratively navigating the complex and evolving risk landscape alongside your organization’s leadership and internal audit team. We can also help manage the cost of implementing new processes and controls to manage growth, innovation, complexity, and surge talent growth by providing experience and expertise where and when you need it instead of hiring it full-time. Specifically, but not limited to, our team:

  • Assesses the gap between your current internal audit practices and policies against the new IIA standards and requirements, including governance models, agility of internal audit strategic plan, risk management frameworks, and more
  • Facilitates workshops to help you understand and assist in bridging the concept to the changes to the standards as applicable to your organization
  • Creates a maturity model action plan and provides recommendations to address new IIA standards and requirements with an achievable roadmap and tangible results
  • Assists in the execution of an action plan through a co-source or outsource model

Contact Us

Calvetti Ferguson works with middle-market companies, private equity firms, and high-net-worth individuals across the country. Regardless of the complexity of the compliance, assurance, advisory, or accounting need, our team is ready to help you. Please complete the form below, and we will follow up with you shortly.