Most directors will never read the Global Internal Audit Standards. That is understandable — the document runs to five domains, 15 guiding principles, 52 individual standards, and a growing set of Topical Requirements — and it is also a mistake. Because unlike the framework it replaced, the new Standards are not written only for auditors. A substantial part of them is written about the board: what the board must approve, what the board must oversee, what the board must receive, and what the board is now accountable for when the quality of internal audit is assessed.

The Standards took effect on 9 January 2025, replacing the International Standards for the Professional Practice of Internal Auditing (the 2017 IPPF). Conformance is no longer aspirational: external quality assessments now test organizations against the new framework, and chief audit executives are explicitly accountable for demonstrating it. This second article in The Internal Audit Imperative™ walks Caribbean directors through the architecture in plain language — and then identifies the ten requirements most likely to catch regional organizations off guard.

The Architecture: Five Domains, 15 Principles

The Standards are organized into five domains. Think of them as answering five questions a director would naturally ask: why does internal audit exist, how must auditors behave, how is the function governed, how is it run, and how is the work actually done?

Domain I — Purpose of Internal Auditing

The shortest domain, and the most quietly radical. It defines internal audit’s purpose as strengthening the organization’s ability to create, protect, and sustain value — language deliberately chosen to lift the function above ticking boxes. If your internal audit reports read like compliance inventories with no connection to what actually threatens or drives enterprise value, the function is not yet operating to its stated purpose.

Domain II — Ethics and Professionalism (Principles 1–5)

Five principles cover integrity, objectivity, competency, due professional care, and confidentiality. For boards, the operative issue is objectivity in practice: in smaller Caribbean organizations, the head of internal audit often carries other hats — compliance officer, risk manager, sometimes special projects for the CEO. The Standards do not forbid this outright, but they require safeguards to be identified, documented, and disclosed to the board. If your audit head wears multiple hats and no safeguards paper exists, that is a finding waiting to be written.

Domain III — Governing the Internal Audit Function (Principles 6–8)

This is the domain written directly to directors, and it rests on three principles: the function must be authorized by the board (a board-approved mandate and charter), positioned independently (a functional reporting line to the board, with the board deciding on the appointment, remuneration, and removal of the chief audit executive), and overseen by the board (the board receives results, approves the plan and budget, and ensures quality is externally assessed). In plain terms: internal audit now belongs to the board, and the Standards expect the paperwork to prove it.

Domain IV — Managing the Internal Audit Function (Principles 9–12)

Four principles require the function to plan strategically — including, for the first time as a binding requirement, a documented internal audit strategy — to manage resources (people, budget, and technology, with an honest assessment of sufficiency reported to the board), to communicate effectively, and to enhance quality through an internal and external quality programme. Notably, the Standards push the function toward technology: data analytics and, increasingly, AI-enabled techniques are framed as expected tools of a competent function, not luxuries.

Domain V — Performing Internal Audit Services (Principles 13–15)

The engagement-level domain: plan engagements effectively, conduct the work so conclusions are supported by sufficient, reliable evidence, and communicate results — including a new emphasis on monitoring management’s action plans until findings are actually resolved. The days of findings dying quietly in a follow-up log are, on paper at least, over.

The Topical Requirements

Layered on top of the Standards are Topical Requirements — mandatory subject-matter expectations that apply whenever the topic falls within an organization’s risk profile. The first wave covers cybersecurity, with sustainability/ESG, IT governance, and third-party/service provider management following. The practical effect: a Caribbean financial institution or listed company can no longer scope cybersecurity out of its audit universe on the grounds of limited capacity. If the risk is material, assurance over it is required — which is precisely why co-sourcing specialist skills has become a governance strategy rather than an outsourcing convenience. Articles 8 and 13 of this series examine the cyber and ESG requirements in depth.

Ten Requirements Most Likely to Catch Caribbean Organizations Off Guard

Having reviewed internal audit arrangements across the region for many years, we would highlight ten specific requirements where Caribbean organizations most often fall short of the new framework — usually not through negligence, but because the old framework never demanded them so explicitly:

  1. A board-approved internal audit charter aligned to the new Standards. Many charters still cite the 2017 IPPF — an immediate, visible non-conformity.
  2. A functional reporting line to the board, with the board — not the CEO or CFO — deciding the chief audit executive’s appointment, evaluation, and removal.
  3. A documented internal audit strategy. Entirely new as a binding requirement; most regional functions have annual plans but no strategy.
  4. A resource sufficiency assessment reported to the board. The CAE must tell the board, in writing, whether the function has the people, skills, budget, and technology to deliver its plan — and what is at risk if not.
  5. An external quality assessment at least once every five years, with results reported to the board. Many Caribbean functions have never had one.
  6. Documented safeguards where the audit head holds other roles — common in smaller entities, rarely papered.
  7. Formal coordination with the second line and external auditors, so assurance is mapped, gaps are visible, and effort is not duplicated.
  8. Demonstrable use of technology in audit work. Sampling by spreadsheet alone is increasingly difficult to defend where full-population analytics are feasible.
  9. Documented methodologies. The Standards expect written, consistently applied engagement methodologies — not practices carried in one long-serving auditor’s head.
  10. Performance measures for the function itself, agreed with the board — internal audit must now be able to answer the question it asks everyone else: how do you know you are effective?

Most of these gaps are inexpensive to close — and expensive to have discovered by a regulator, an external quality assessor, or the aftermath of a control failure.

What the Board Should Ask For at Its Next Meeting

A board does not need a transformation programme to start; it needs one agenda item and four requests. Ask the chief audit executive — or, where the function is outsourced, the service provider — to table within 90 days: (1) a gap assessment of the current charter, reporting lines, and methodology against the new Standards; (2) a draft internal audit strategy for board discussion; (3) a resource and technology sufficiency statement; and (4) a plan and date for an external quality assessment. Those four documents, honestly prepared, will tell the board more about its governance health than most annual reports.

The Dawgen Perspective

The new Standards reward exactly the organizations the Caribbean needs more of: those that treat assurance as a strategic capability rather than a regulatory tax. The framework is demanding, but it is also clarifying — it tells boards precisely what good looks like, and it gives chief audit executives the mandate many have quietly wanted for years: a seat at the governance table, a strategy of their own, and the board’s ear.

Dawgen Global supports organizations at every point on this journey — gap assessments against the Standards, charter and methodology redesign under our D·ASSURE™ quality framework, continuous assurance enablement through TRUST360™, and independent external quality assessments. As an integrated multidisciplinary firm, we bring the cyber, IT, data analytics, and actuarial depth that the Topical Requirements now demand — under one engagement, across 15+ Caribbean territories.

Next in the series: “The Conformance Deadline Has Passed: Is Your Internal Audit Function Compliant?” — a closer look at what external quality assessments are finding, and why 2026 is the year to close the gap before someone else measures it for you.

 

Request a Standards Gap Assessment

Dawgen Global’s Internal Audit Standards Gap Assessment benchmarks your charter, reporting lines, strategy, methodology, resources, and quality programme against the Global Internal Audit Standards — and delivers a prioritized, board-ready conformance roadmap.

Ideal preparation for an external quality assessment, a regulatory examination, or a board that simply wants to know where it stands.

Dawgen Global  |  47 Trinidad Terrace, New Kingston, Jamaica

[email protected]  |  dawgen.global  |  876-929-3670 / 876-665-5926  |  US: 855-354-2447

Big Firm Capabilities. Caribbean Understanding.

About Dawgen Global

Dawgen Global is an independent, integrated multidisciplinary professional services firm headquartered at 47 Trinidad Terrace, New Kingston, Jamaica, serving more than 15 territories across the Caribbean. Founded and led by Dr. Dawkins Brown, Executive Chairman, the firm is independent and not affiliated with any international network. It delivers a full suite of professional services under one roof: audit and assurance; tax advisory; IT and digital transformation; risk management; cybersecurity; actuarial and insurance regulatory advisory; HR advisory; mergers and acquisitions; corporate recovery; business advisory and strategy; accounting BPO and virtual CFO services; and legal process outsourcing.

The proposition is simple: big-firm capability without the big-firm price. Dawgen Global’s integrated approach is built for the specific complexities and opportunities of the Caribbean market, helping organizations make sharper, better-informed decisions that drive measurable progress.

To explore a partnership, reach out:

by Dr Dawkins Brown

Dr. Dawkins Brown is the Executive Chairman of Dawgen Global , an integrated multidisciplinary professional service firm . Dr. Brown earned his Doctor of Philosophy (Ph.D.) in the field of Accounting, Finance and Management from Rushmore University. He has over Twenty three (23) years experience in the field of Audit, Accounting, Taxation, Finance and management . Starting his public accounting career in the audit department of a “big four” firm (Ernst & Young), and gaining experience in local and international audits, Dr. Brown rose quickly through the senior ranks and held the position of Senior consultant prior to establishing Dawgen.

https://www.dawgen.global/wp-content/uploads/2023/07/Foo-WLogo.png

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region. We are integrated as one Regional firm and provide several professional services including: audit,accounting ,tax,IT,Risk, HR,Performance, M&A,corporate recovery and other advisory services

Where to find us?
https://www.dawgen.global/wp-content/uploads/2019/04/img-footer-map.png
Dawgen Social links
Taking seamless key performance indicators offline to maximise the long tail.
https://www.dawgen.global/wp-content/uploads/2023/07/Foo-WLogo.png

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region. We are integrated as one Regional firm and provide several professional services including: audit,accounting ,tax,IT,Risk, HR,Performance, M&A,corporate recovery and other advisory services

Where to find us?
https://www.dawgen.global/wp-content/uploads/2019/04/img-footer-map.png
Dawgen Social links
Taking seamless key performance indicators offline to maximise the long tail.

© 2023 Copyright Dawgen Global. All rights reserved.

© 2024 Copyright Dawgen Global. All rights reserved.