Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

IIA's Proposed Standards

A summary on the major themes and key changes announced.

In March 2023, the Institute of Internal Auditors (IIA) released the Proposed Standards for public comment until May 30, 2023. The IIA has long communicated its overall goal to refresh the Global Internal Audit Standards (Standards) to provide enhanced guidance to ensure value, quality, and effectiveness of the profession’s services. The Standards apply to internal audit departments globally, regardless of purpose, size, complexity or structure, and are designed to provide guidance to internal audit functions operating at all levels of maturity.

While there are many structural improvements in the Proposed Standards, including the provision of implementation guidance for each Standard and the consolidation of the various Standard supporting documents into a single document, they also represent a shift for the internal audit (IA) profession. They are organized into five domains: Purpose of Internal Auditing; Ethics and Professionalism; Governing the Internal Audit Function; Managing the Internal Audit Function; and Performing Internal Audit Services. We have summarized the three foundational themes and key changes that would impact various IA functions should the Proposed Standards be implemented.

Foundational themes

Integrated assurance:

According to the Proposed Standards, the IA function should only rely on management's knowledge of the risks and controls, including the risk universe, if it has determined that the organization's risk management process is effective. Before executing projects on the annual plan, IA may need to assess and/or audit the organization's integrated assurance function. 

Active Board involvement:

The Proposed Standards mandate the following strategies for the Board to demonstrate its backing and involvement: sessions held in public and private to talk about the overall IA plan, personnel and information access, and talent and technological resources; ensuring that the CAE reports administratively to the proper level within the organization, specifically one that permits the IA to carry out its duties free from management interference; and ensuring there is an escalation process to communicate unmitigated risks to the Board.

Technology:

Within each domain, the Proposed Standards continually highlight the use of technology to better position IA as drivers of value. To help build technology into all areas of the IA function, the Proposed Standards require a regular assessment of technology during resource and budget discussions.

Important Changes

Although many of the changes within the Proposed Standards focus on foundational elements of the profession, IA departments may find themselves equally impacted by other key changes if the Proposed Standards are implemented:

Focus on formal development of methodologies to guide the IA function:

Although many IA departments have charters and high-level methodologies for their function, the Proposed Standards are more prescriptive and outline specific methodologies and policies to be documented. In addition, the Proposed Standards require appropriate training on all policies and evidence of compliance with the policies.

Engagement findings and conclusions:

The Proposed Standards require IA departments to issue a rating or ranking, or other indication of priority/significance, for individual findings as well as the overall audit. Current Standards require IA to communicate the findings and results of the audit, but do not require a rating, ranking, or other indication of priority/significance.

Recommended CEO reporting alignment:

Although not mandated, the Proposed Standards recommend IA departments report administratively to the CEO to reach a level of authority appropriate to challenge management on assumptions and operations. The Proposed Standards further state IA functions can achieve the same objective by implementing appropriate safeguards.

Enhanced requirements for external quality assessments:

The Proposed Standards allow a self-assessment with independent validation once every ten years, alternating with a full external assessment. A full external assessment is always permitted to satisfy this requirement. Further, the Proposed Standards require that at least one member of the assessment team be an active Certified Internal Auditor and all team members be trained through the IIA’s external quality assessment training.

Conformance with information protection procedures:

Evidence of conformance with the organization’s information protection policies is required by the Proposed Standards, including acknowledgment from internal auditors of their understanding. Depending on the maturity of a CAE’s organization’s information protection policies, the CAE may need to create supplemental material to educate and inform the IA department of all appropriate requirements.

Requirement for 20 hours of professional development:

While current Standards require internal auditors to have the requisite knowledge needed to conduct an audit, the Proposed Standards require 20 hours of continuing professional development training. CAEs would need to consider this new requirement when planning departmental training budgets for the year.

Read our paper for more information about the foundational themes and important changes outlined in the Proposed Standards:

Dive into our thinking:

IIA's Proposed Standards

Download PDF

Explore more

Meet our team

Image of Patty Basti
Patty Basti
Office Managing Partner, Risk Services Partner, KPMG US
Image of Michael A. Smith
Michael A. Smith
Partner, Advisory, and U.S. Internal Audit Solution Leader, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline