The Institute of Internal Auditors’ (IIA) new requirements and updated standards will make 2024 a demanding year for internal auditors, former IIA President and CEO Richard Chambers told Accounting Today.
The new standards are “going to influence the key priorities for internal audit next year,” he said. “Around the first of January, you're going to have a year to get compliant, so whatever the new requirements are in those standards, that's going to be on the internal auditor's shoulders, along with all of these other compliance requirements coming out of regulatory and legislative this year. I think 2024 is setting up to be the year of compliance risk."
Chambers and former IIA chair Patricia Miller detailed the "6 Things Every Internal Auditor Should Know about the Proposed Standards" in an April blog post.
He told Accounting Today that he expected to see the new standards come out in the next few weeks, and so far, the feedback on the proposed standards has been positive. "The IIA has said that the vast majority of comments they got from people who have completed the survey were satisfied," he said. "But there were some areas where people were a little concerned. I think they've made their final decisions, and we're going to be in a good place. There are going to be some people who are not happy about it. My biggest concern when I saw the first exposure draft is there's already a real challenge worldwide in getting internal auditors to comply with the standards. My personal feeling is probably only about 25 percent of internal audit departments in the whole world comply with all the standards. My worry is if you make the standards more rigorous, what is that going to do? It's just going to drive compliance down."
In addition, internal auditors will be busy making sure companies are complying with new requirements from the Securities and Exchange Commission (SEC) regarding cybersecurity and upcoming requirements on climate-related disclosures, he said.
"Just as it was with Sarbanes-Oxley, just as it is with the SEC's cyber disclosures, just as it is with any new legislation or regulations, it creates compliance risk, and that's where internal audit should always have its finger," he said. "Today's legislative headlines and regulatory proposals are tomorrow's compliance risks, because invariably, what's going to end up happening is you're going to end up with some form of rules that come out of it. And then there's going to be a period of time that you have to become compliant and who better to provide assurance to management and the board about readiness to comply and then, once the requirement is in place, ongoing assurance about compliance."
To keep informed about recently issued and proposed auditing and attestation guidance, attend the Foundation for Accounting Education's Auditing Standards Update with Renee Rampulla Webcast on Dec. 18.