Institute of Internal Auditors


The Institute of Internal Auditors is an organization which advocates, provides educational conferences, and develops standards, guidance, and certifications for the internal audit profession.

IIA mission

The stated mission of The Institute of Internal Auditors is to provide "dynamic leadership" for the global profession of internal auditing. This includes:
The critical role of the IIA in establishing a corporate conscience for internal auditors has been explored by Kapoor and Brozzetti in the CPA Journal.
The IIA’s annual report, Pulse of Internal Audit is based on a survey of over 500 internal audit executives and identifies key risk areas. In 2019, those risk areas were:
Established in 1941, the IIA today serves more than 200,000 members from more than 170 countries and territories. IIA's global headquarters are in Lake Mary, FL, United States. Richard Chambers is the President and CEO. Chambers succeeded David A. Richards, CIA, in 2009. Previously, Chambers was IIA vice president of the Learning Center from 2001 to mid-2004 and national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers until 2009.

Certified Internal Auditor (CIA)

The CIA is the primary professional designation offered by The IIA. The CIA designation is a globally recognized certification for internal auditors and is a standard by which individuals may demonstrate their competency and professionalism in the internal audit field. In order to become a certified internal auditor, candidates must possess a four-year degree from an accredited institution as well as pass all three parts of the CIA exam.
Earning the CIA certification is intended to demonstrate a professional knowledge of the internal audit profession. CIAs are required to take continuing education courses.
Many CIAs today are senior internal audit managers, Vice Presidents, Directors and Chief Audit Executives in top global MNC companies driving internal audit functions in their respective companies. The first CIA exam was given in 1974. Through December 31, 2019, over 165,000 CIAs have been awarded.
Internal Auditors who take and pass the CIA Part One exam can earn the designation of Internal Audit Practitioner. In 2019, the IIA announced it would be changing the Internal Audit Practitioner program. The program changes include a new exam and waiving of the educational requirement for active Internal Audit Practitioner designation holders applying for the CIA program. The changes go into effect in 2020.

Other certificates offered by the IIA

In 2019, the IIA announced plans to change its Certification in Risk Management Assurance program. The CRMA changes go into effect in October 2020, and will include a new exam and updated prerequisites and experience requirements.
As of December 31, 2018, the CCSA, CFSA, and CGAP are no longer accepting new applications, and the 3 designations will be re-positioned into assessment-based certifications in the future.

Professional standards: the International Professional Practices Framework

The IIA has two levels of professional guidances: Mandatory Guidance and Strongly Recommended Guidance. The two levels of guidance constitute the IIA's International Professional Practices Framework .

Mandatory guidance: the definition of internal auditing, the code of ethics and the Standards

These guidelines are mandatory for IIA members and internal audit organizations claiming to complete audits to IIA technical standards around the world. The guidelines and recommendations are recorded in what is referred to as the "Red Book."
Attribute standardsPerformance standards
1000 – Purpose, Authority, and Responsibility2000 – Managing the Internal Audit Activity
1010 – Recognition of the Definition of Internal Auditing, the Code of Ethics, and the Standards in the Internal Audit Charter2010 – Planning
1100 – Independence and Objectivity2020 – Communication and Approval
1110 – Organizational Independence2030 – Resource Management
1111 – Direct Interaction with the Board2040 – Policies and Procedures
1120 – Individual Objectivity2050 – Coordination
1130 – Impairments to Independence or Objectivity2060 – Reporting to Senior Management and the Board
1200 – Proficiency and Due Professional Care2070 - External Service Provider and Organizational Responsibility for Internal Auditing
1210 – Proficiency2100 – Nature of Work
1220 – Due Professional Care2110 – Governance
1230 – Continuing Professional Development2120 – Risk Management
1300 – Quality Assurance and Improvement Program2130 – Control
1310 – Requirements of the Quality Assurance and Improvement Program2200 – Engagement Planning
1311 – Internal Assessments2201 – Planning Considerations
1312 – External Assessments2210 – Engagement Objectives
1320 – Reporting on the Quality Assurance and Improvement Program2220 – Engagement Scope
1321 – Use of "Conforms with the International Standards for the Professional Practice of Internal Auditing"2230 – Engagement Resource Allocation
1322 – Disclosure of Nonconformance2240 – Engagement Work Program
1112 – Chief Audit Executive Roles Beyond Internal Auditing2300 – Performing the Engagement
IIA Glossary2310 – Identifying Information
2320 – Analysis and Evaluation
2330 – Documenting Information
2340 – Engagement Supervision
2400 – Communicating Results
2410 – Criteria for Communicating
2420 – Quality of Communications
2421 – Errors and Omissions
2430 – Use of "Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing"
2431 - Engagement Disclosure of Nonconformance
2440 – Disseminating Results
2450 – Overall Opinions
2500 – Monitoring Progress
2600 – Resolution of Senior Management's Acceptance of Risks

Strongly Recommended Guidance: position papers, practice advisories, and practice guides

These Strongly Recommended Guidance help define and explain the IIA standards.

Practice guides

As practice guides, 8 PGs, 15 GTAG, and 3 GAITs have been issued in 2009 and 2010.
GTAGs are written in straightforward business language to address a timely issue related to information technology management, control, and security. To date, the IIA has released GTAGs on the following topics:
The IIA offers 31 General practice guides, 4 Financial Services guides, 4 Public Sector guides, 18 Global Technology Audit Guides, 3 Guides to the Assessment of IT Risk, and 2 guides for supplemental guidance.

Additional sources of guidance: Development and practice aids

This includes a variety of materials that are developed and/or endorsed by the IIA, including research studies, books, seminars, conferences, and other products and services related to the professional practice of internal auditing.

Internal Audit Foundation

The is a not-for profit organization that promotes and advances the value of the internal audit profession globally. It supports research, grants and awards, and promotes internal auditing study at post-secondary institutions world wide.

American corporate governance index

In December 2019, the IIA announced the results from its inaugural American Corporate Governance Index. The ACGI is a joint project of the IIA and the Neel Corporate Governance Center at the University of Tennessee, and grades companies on eight Guiding Principles of Corporate Governance. The principles were compiled from guidance and principles from organizations like the Business Roundtable, National Association of Corporate Directors, and New York Stock Exchange. Scores were based on the survey responses of 128 chief audit executives. The criteria included: board performance, external disclosures, company wide communication, corporate culture, and long-term strategies. The first report graded U.S. publicly listed companies overall with a C+.