The Standards apply to any individual or function that provides internal audit services, whether an organization employs internal auditors directly, contracts them through an external service provider, or both. Organizations receiving internal audit services vary in sector and industry affiliation, purpose, size, complexity, and structure.
The Standards apply to the internal audit function and individual internal auditors including the chief audit executive. While the chief audit executive is accountable for the internal audit function’s implementation of and conformance with all principles and standards, all internal auditors are responsible for conforming with the principles and standards relevant to performing their job responsibilities, which are presented primarily in Domain II: Ethics and Professionalism and Domain V: Performing Internal Audit Services.
The Standards are organized into five domains
- Domain I: Purpose of Internal Auditing.
- Domain II: Ethics and Professionalism.
- Domain III: Governing the Internal Audit Function.
- Domain IV: Managing the Internal Audit Function.
- Domain V: Performing Internal Audit Services.
Domains II through V contain the following elements
- Principles: broad descriptions of a related group of requirements and considerations.
- Standards, which include:
o Requirements: mandatory practices for internal auditing.
o Considerations for Implementation: common and preferred practices to consider when implementing the requirements.
o Examples of Evidence of Conformance: ways to demonstrate that the requirements of the Standards have been implemented.
The Standards use the word “must” in the Requirements sections and the words “should” and “may” to specify common and preferred practices in the Considerations for Implementation sections. Each standard ends with a list of examples of evidence. The examples are neither requirements nor the only ways to demonstrate conformance; rather, they are provided to help internal audit functions prepare for quality assessments, which rely on demonstrative evidence. The Standards use certain terms as defined in the accompanying glossary. To understand and implement the Standards correctly, it is necessary to understand and adopt the specific meanings and usage of the terms as described in the glossary.
