
For decades, internal audit occupied a peculiar position in Caribbean organizations: everyone agreed it was important, and almost no one treated it that way. It sat somewhere down the corridor from finance, reporting to the CFO whose numbers it was supposed to test, staffed thinly, consulted late, and remembered mainly when something had already gone wrong. It was, in the truest sense, a back-office function — present in the organization chart, absent from the governance conversation.
That era is over. It ended formally on 9 January 2025, when the Institute of Internal Auditors’ new Global Internal Audit Standards took effect worldwide, replacing the framework that had governed the profession since 2017. And it is ending practically, right now, in boardrooms across the Caribbean — as directors watch a procession of restatements, write-offs, auditor changes, and late filings move across the region’s capital markets and ask the question this series exists to answer: where was the assurance?
Internal audit has been formally repositioned — by standard, by regulator expectation, and by hard market experience — from a back-office activity into a pillar of governance architecture.
This first article of The Internal Audit Imperative™ sets out the thesis for the fourteen that follow: internal audit is now a governance function. Boards that grasp this early will convert assurance into strategic advantage. Boards that do not will discover the gap the way boards always do — publicly, expensively, and late.
The Old Model: Assurance at Arm’s Length
Under the traditional model, internal audit’s job was narrow and retrospective. It checked compliance with policies, tested samples of transactions, confirmed that reconciliations were done, and issued reports that management could accept, defer, or quietly shelve. Its independence was often more theoretical than real: budget, staffing, and career prospects typically ran through the very executives whose domains it audited. In many Caribbean entities — particularly family-controlled groups, credit unions, and public bodies — the function was one or two people deep, if it existed at all.
The consequences of that model are not hypothetical. When internal audit is structurally weak, three things reliably happen. First, control failures incubate: inventory that does not exist, revenue that should not have been recognized, related-party exposures nobody mapped. Second, the board flies blind: directors certify governance statements on the strength of assurance that was never truly independent. Third, the external audit becomes the last line of defence — a role it was never designed to play, since external auditors arrive annually, sample selectively, and test what the control environment produces rather than how it behaves day to day.
The Caribbean market has recently seen what happens when that last line is reached. Listed companies on the Jamaica Stock Exchange have, in the past two years alone, produced a significant inventory write-off, a material equity restatement accompanied by a change of auditor, and a persistent pattern of late-filed audited financial statements across a meaningful share of the market. These are public facts, and this series will treat them as governance case material — not to assign blame, but because each one is, at root, a story about assurance that arrived too late.
What Changed: The Global Internal Audit Standards
The new Standards are not a cosmetic renumbering of the old rules. They restructure the entire profession around five domains and 15 guiding principles — covering the purpose of internal auditing, ethics and professionalism, governing the internal audit function, managing the function, and performing engagements — supported by 52 individual standards and a growing set of Topical Requirements addressing cybersecurity, sustainability, and IT governance. Three shifts matter most for boards:
1. Governance of internal audit is now the board’s explicit job
An entire domain of the Standards is devoted to how the board — not management — governs the internal audit function: approving its mandate, safeguarding its independence, ensuring it is resourced, and receiving its results directly. The Standards recommend a functional reporting line to the highest governance body, with administrative reporting positioned so that it cannot compromise objectivity. For Caribbean boards accustomed to internal audit reporting into the CFO or an operations executive, this is a structural change, not a stylistic one.
2. Internal audit must now have a strategy — for the first time, as a binding requirement
The Standards require the chief audit executive to develop a formal internal audit strategy and mission statement aligned to the organization’s objectives and risk profile. Internal audit is no longer permitted to be a rolling checklist of last year’s plan plus whatever management requests. It must articulate where assurance effort will be concentrated, why, and how the function will build the capabilities — including data analytics and AI-enabled techniques — that the modern risk landscape demands. A function without a strategy is, by definition, non-conformant.
3. Internal audit must connect the governance ecosystem
The Standards require structured cooperation with second-line functions — risk management, compliance, information security — and with external assurance providers, so that the board receives one coherent picture of the organization’s risk and control health rather than fragments. This is precisely the integrated, continuous view that Dawgen Global’s TRUST360™ continuous governance framework was built to deliver, and it is where the profession is unmistakably heading: away from the annual, episodic audit and toward continuous assurance over the risks that can actually sink an enterprise.
Why This Is a Caribbean Issue, Not Just a Global One
It would be a mistake to file the new Standards under “international technical developments.” Four regional forces make internal audit a first-order Caribbean governance issue in 2026:
- Regulatory transformation. Jamaica’s move toward a Twin Peaks model of financial regulation is raising the supervisory bar for governance and risk management across banks, insurers, securities dealers, and credit unions. Supervisors increasingly expect to see an internal audit function that meets international standards — and they know what the new Standards say.
- Capital market credibility. The Jamaica Stock Exchange’s growth story depends on investor confidence in the quality of listed-company reporting. Every restatement and every late filing taxes that confidence. Strong internal audit is the least expensive insurance a listed company can buy against becoming the next headline.
- Public accountability. Public bodies and statutory agencies manage a substantial share of the region’s economic activity under legislated accountability frameworks that presuppose functioning internal audit. The gap between that presumption and the resourcing reality is one of the quiet governance risks in Caribbean public finance.
- Ownership structure. Family-controlled and closely-held groups dominate the regional private sector. In such structures, the board’s independent visibility into operations is often limited — which makes an independent, board-facing internal audit function more valuable, not less, than in widely-held companies.
The Board’s Test: Five Questions
Directors do not need to master 52 standards to know whether their organization has crossed from the old model to the new. Five questions suffice. If the honest answer to any of them is “no” or “we are not sure,” the organization has an internal audit gap — and therefore a governance gap:
- Does internal audit report functionally to the board or audit committee, with its mandate, budget, and leadership appointment approved at that level?
- Does the function have a written internal audit strategy aligned to the organization’s objectives and current risk profile — including cyber and technology risk?
- Has the function’s charter, methodology, and quality programme been refreshed against the Global Internal Audit Standards that took effect in January 2025?
- Is the organization prepared for an external quality assessment — the mechanism through which conformance is now demonstrated?
- Does the board receive integrated assurance — a coherent view combining internal audit, risk, compliance, and external audit — rather than disconnected reports?
In our experience across the region, most organizations can answer perhaps two of the five affirmatively. That is not a criticism of the auditors involved — many Caribbean internal audit teams do committed work with thin resources. It is a statement about positioning: the function has not yet been placed where the new Standards, and the new risk environment, require it to sit.
From Cost Centre to Early Warning System
The deeper opportunity in the new Standards is not compliance — it is capability. An internal audit function that is properly positioned, strategically directed, and technologically enabled becomes the board’s early warning system: the mechanism that detects the inventory anomaly before it becomes a write-off, the revenue-recognition drift before it becomes a restatement, the cyber control decay before it becomes an incident, and the culture problem before it becomes a scandal.
That capability does not require every organization to build a large in-house department. For SMEs, credit unions, and mid-market entities, the economics increasingly favour co-sourced or fully outsourced internal audit — access to multidisciplinary skills (financial, IT, cyber, actuarial, data analytics) at a fraction of the cost of employing them, delivered under the board’s mandate and to international standards. Later articles in this series will examine that model in detail, alongside the technical requirements of the Standards, the Topical Requirements on cybersecurity and sustainability, the rise of AI in and around the audit function, and the external quality assessment process.
The Dawgen Perspective
Dawgen Global’s view is straightforward: internal audit is where Caribbean governance will be won or lost over the next five years. The Standards have redrawn the map; regulators are following it; and the region’s recent market events have demonstrated — publicly and expensively — what happens on the old map. Boards now face a genuine choice between treating the new Standards as a compliance chore or as the blueprint for an assurance capability that protects value and enables confident growth.
As an independent, integrated multidisciplinary firm operating across 15+ Caribbean territories — combining audit and assurance, risk management, cybersecurity, IT and digital transformation, tax, and advisory under one roof — Dawgen Global built its TRUST360™, D·ASSURE™, and CARISK™ frameworks for precisely this moment: to help Caribbean organizations move from episodic, back-office assurance to continuous, board-level governance.
The next article in this series — “The New Global Internal Audit Standards: What Every Caribbean Board Must Know” — walks directors through the five domains and 15 principles in plain language, and identifies the ten requirements most likely to catch Caribbean organizations off guard.
| Is Your Internal Audit Function Ready for the New Standards?
Dawgen Global helps boards and audit committees across the Caribbean assess, transform, and — where appropriate — co-source or fully outsource their internal audit function in line with the Global Internal Audit Standards. Request a confidential Internal Audit Readiness Review: a structured assessment of your function’s charter, reporting lines, strategy, methodology, and quality programme against the new Standards, with a prioritized conformance roadmap for your board. Dawgen Global | 47 Trinidad Terrace, New Kingston, Jamaica [email protected] | dawgen.global | 876-929-3670 / 876-665-5926 | US: 855-354-2447 Big Firm Capabilities. Caribbean Understanding. |
About Dawgen Global
Dawgen Global is an independent, integrated multidisciplinary professional services firm headquartered at 47 Trinidad Terrace, New Kingston, Jamaica, serving more than 15 territories across the Caribbean. Founded and led by Dr. Dawkins Brown, Executive Chairman, the firm is independent and not affiliated with any international network. It delivers a full suite of professional services under one roof: audit and assurance; tax advisory; IT and digital transformation; risk management; cybersecurity; actuarial and insurance regulatory advisory; HR advisory; mergers and acquisitions; corporate recovery; business advisory and strategy; accounting BPO and virtual CFO services; and legal process outsourcing.
The proposition is simple: big-firm capability without the big-firm price. Dawgen Global’s integrated approach is built for the specific complexities and opportunities of the Caribbean market, helping organizations make sharper, better-informed decisions that drive measurable progress.
To explore a partnership, reach out:
- Website: dawgen.global
- Email: [email protected]
- WhatsApp (Global): +1 555-795-9071
- Caribbean offices: +1 876-665-5926 | +1 876-929-3670 | +1 876-926-5210

