The Preface to the Standards on Internal Audit (SIAs), issued by the ICAI’s Internal Audit Standards Board (IASB), establishes the authority, scope, and foundational principles for internal audit activities performed by its members. The IASB, which evolved from a committee formed in 2004, is responsible for formulating, reviewing, and continuously updating these SIAs, along with relevant Guidance Notes and technical papers. The core objective of internal audit, as defined by the IASB, is to provide independent, reasonable assurance on the effectiveness of internal controls and risk management processes to enhance organizational governance and achieve corporate objectives. This definition requires internal auditors to maintain independence and evaluate the controls and risk processes implemented by management.
The document mandates a structured Framework Governing Internal Audits designed to ensure standardization and quality. This Framework consists of Basic Principles of Internal Audit (including independence, integrity, objectivity, and due professional care), Core Concepts (such as internal controls, risk management, and value addition), the SIAs themselves, and supporting Guidance. The Council of the ICAI has determined that the SIAs will be made mandatory in a phased manner. Compliance is a duty for all members conducting internal audits, and any material departure from an applicable SIA must be documented and explained in the audit report. The framework’s Code of Ethics also reinforces the need for integrity, objectivity, and professional behavior.
To ensure robustness, the IASB adheres to a standardized Standard Setting Process. This involves forming study groups to draft the Standards, followed by a review and approval phase by the Board. Importantly, the draft SIAs are then released as Exposure Drafts for public comment, typically for at least 30 days, to gather feedback from a wide range of stakeholders, including key regulators like the Ministry of Corporate Affairs, RBI, SEBI, and various industry bodies. Only after deliberating on all received comments and securing final approval from the ICAI Council are the SIAs formally issued. The SIAs are principle-based, classified into series (100: Concepts, 200: Execution, 300: Reporting), and supersede any existing Guidance Notes upon their effective date.
The Institute of Chartered Accountants of India
Preface to the
Standards on Internal Audit
1. Introduction
1.1 This Preface to the Standards on Internal Audit facilitates understanding of the scope and authority of the pronouncements of the Internal Audit Standards Board, issued under the authority of the Council of the Institute of Chartered Accountants of India.
1.2 This Preface also lays down the underlying principles and boundaries for the internal audit function and activity. It provides clarity on key components governing Internal Audit to ensure standardisation and quality in discharge of internal auditor’s responsibilities.
2. Internal Audit Standards Board
2.1 The Institute of Chartered Accountants of India (hereinafter referred as “ICAI” or “the Institute”) constituted the “Committee for Internal Audit (CIA)” in February 2004, which in November 2005 was renamed as the “Committee on Internal Audit”. In November 2008, the Council renamed this Committee as the “Internal Audit Standards Board (hereinafter referred as the Board)”. Committee on Management Accounting was merged in the Board in March 2023, and the Board was renamed as Board of Internal Audit and Management Accounting. The Board was renamed as “Internal Audit Standards Board” (hereinafter referred as “IASB” or “the Board”) in March 2025.
2.2 The functions of the Board are as follows:
(i) To review existing and emerging internal auditing practices worldwide and identify areas in which Standards on Internal Audit (SIAs) need to be developed.
-
- To formulate Standards on Internal Audit, which may be issued under the authority of the Council of the Institute.
- To formulate Guidance Notes on issues relating to internal audit, including those arising from the SIAs, or pertaining to any specific industry, which may be issued under the authority of the Council of the Institute.
- To continuously review the existing Standards and Guidance on Internal Audit and to undertake their revision, if necessary.
- To formulate and review Implementation Guides, Technical Guides, Practice Manuals, Studies and other papers which may be issued under its own authority for guidance of the members, as felt appropriate by the Board.
(ii) To undertake research and promote knowledge dissemination in the field of internal audit and management accounting.
-
- To organize conferences. Seminars, training programs, workshops, webinars, e-learning programs, surveys, etc. on the topics related to internal audit, including risk management and governance and management accounting independently/ jointly with governments/ trade associations.
- To conduct Certificate Courses/ Diploma Courses, etc. on topics related to internal audit and management accounting.
- To conduct outreach programmes for officials of the Central Government/ State Governments/ Union Territories & other authorities and / or its committees/ groups on areas relating to internal audit and management accounting.
- To assist, advise and interact with Government of India, State Government, Union Territories, & other authorities and/ or its committees/ group formed in policy matters and matters relating to internal audit and management accounting.
(iii) To develop best practice guidance and benchmarking tools in areas of internal audit and management accounting.
3. Definition of Internal Audit
3.1 Internal Audit is defined as follows:
Internal audit provides independent reasonable assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organisational objectives.
3.2 Brief explanation of the key terms used above is as follows:
i. Independence: Internal audit shall be an independent function, achieved through the position, organization structure and reporting of the internal auditor.
ii. Internal controls and risk management are integral parts of management function and business operations. An internal auditor is expected to evaluate the design and operating effectiveness of internal controls and risk management processes (including reporting processes) as designed and implemented by the management.
iii. Governance is a set of relationships between the company and its various stakeholders and provides the structure through which the company’s objectives are achieved. It includes compliance with internal policies and procedures and laws and regulation.
iv. Organizational objectives incorporate the interests of all stakeholders and include the short- and medium-term goals that an organisation seeks to accomplish.
3.3 This definition forms the underlying foundation of all the Standards on Internal Audit (SIAs) issued by the Board. Internal audit activities shall be conducted in line with the Definition of Internal Audit.
4. Framework Governing Internal Audits
4.1 A standard setting process operates within a pre-defined framework which outlines certain fundamental components inherent to the function or activity of internal audit. This is essential to ensure a consistent application of Basic Principles, Best Practices and Standards to achieve a high level of quality consistent with the objective of internal audit.
4.2 The Framework Governing Internal Audit consists of the following components:
a. Basic Principles of Internal Audit
b. Core Concepts
c. Standards on Internal Audit, and
(d) Guidance
Like any other profession, Code of Ethics provides credence to the internal audit function.
4.3 The Framework also provides a common vocabulary and structural coherence across all pronouncements to ensure consistency in interpretation and implementation.
4.4 Components of the Framework
Basic Principles of Internal Audit1
The Basic Principles of Internal Audit are a set of core principles fundamental to the function and activity of internal audit. The Basic Principles form the foundation on which the various components of the Framework stand and key to achieve the desired objectives as set out in the definition of the internal audit.
The principles can be summarised as follows:
1. Independence
2. Integrity and Objectivity
3. Due Professional Care
4. Confidentiality
5. Skills and Competence
6. Risk Based Audit
7. Systems and Process Focus
8. Participation in Decision Making
9. Sensitive to Multiple Stakeholder Interests
10. Quality and Continuous Improvement
Each principle underpins both the planning and execution stages of internal audit assignments and shall be demonstrably adhered to in audit documentation.
Core Concepts21
There are certain concepts which form integral part of the internal audit activity and, therefore, apply to most internal audits. In fact, some of the concepts are ingrained in the Definition of Internal Audit. The core concepts are in the nature of:
- Terms of Internal Audit Engagements
- Managing Internal Audit Function
- Internal Controls
- Risk Management
- Compliance with Laws and Regulations
- Value Addition
These concepts also serve as anchor points for developing the internal audit strategy and allocating resources appropriately.
Standards on Internal Audit (SIAs)
The Standards on Internal Audit (SIAs) establish uniform evaluation criteria, methods, processes and practices for internal audit function. The SIAs are pronouncements which form the basis for conducting all internal audit activity. These pronouncements are designed to help the internal auditor to discharge his responsibilities. Internal auditors are expected to document any deviation from the applicable Standard along with justification and approval, if any, for the same. Understanding and observing SIAs by Internal Auditor is necessary in due discharge of responsibilities assumed by them and in realizing predefined objectives.
Guidance
These are a set of guidelines, which include Guidance Notes, Implementation Guides and Technical Guides. These guidelines are important for implementation of the SIAs and provide clarification for their applicability under particular circumstance. Certain industry specific guides focus on peculiar features of the industry required specific attention. In the absence of specific guidance, internal auditors should refer to the intent and substance of the related SIA and apply professional judgement.
5. Code of Ethics
The Code of Ethics issued by ICAI serves as a cornerstone for upholding the highest standards of integrity, objectivity, professional competence, confidentiality, and professional behavior among Chartered Accountants. It provides a comprehensive framework to guide members in discharging their responsibilities with independence and fairness while addressing ethical dilemmas in an increasingly complex business environment. By fostering trust, transparency, and accountability, the Code reinforces the profession’s commitment to public interest and strengthens its role as a guardian of good governance.
6. Mandatory Nature of Framework and Standards
6.1 The Council of the ICAI has decided that the Standards will be made mandatory in a phased manner.
6.2 The mandatory status of a SIA implies that while carrying out an internal audit, it shall be the duty of the members of the Institute to ensure that they comply with the SIAs applicable to the assignment read with the Preface, Framework Governing Internal Audits and Basic Principles of Internal Audit. Compliance with SIAs shall be considered a mark of professional excellence and ethical responsibility by the internal auditor.
6.3 If, for any reason, an internal auditor is unable to comply with any of the SIAs requirements, or if there is a conflict between the SIA and other mandates, such as a regulatory requirement, the internal audit report (or such similar communication) should draw attention to the material departures therefrom along with appropriate explanation.
7. Standard Setting Process
7.1 The Board has standardised the process of issuing Standards on Internal Audit (SIAs) and any modifications therein or addition thereto.
7.2 The detailed process is explained under Annexure 1.
8. Contents of the Standards
8.1 SIAs shall be principle based and will clearly outline the objective of issuing the particular Standard along with the essential requirements for its compliance.
8.2 Internal Auditors shall apply their best professional judgement in the implementation of SIAs on a “substance over form” basis. Implementation and Technical guides issued by the Board would help to provide the necessary guidance and clarification in this regard.
8.3 The essence of each Standard is captured under the following key sections:
i. Introduction: To provide a brief background and scope of the Standard and its applicability.
ii. Effective Date: Date from which the Standard is to be applied and made recommendatory or mandatory as the case may be.
iii. Objective: Reasons for issuing the Standard and why it is required.
iv. Requirements: The desired outcome and what is essential to ensure compliance with the Standard.
v. Application and Other Explanatory Material: Key aspects of the Standard which needs to be elaborated, including defining key words and terms.
In cases of ambiguity or potential conflict, the principles underlying the Objective and Requirements sections prevail over illustrative examples or supplementary material.
8.4 The Standards on Internal Audit, as and when issued, will be classified and numbered in a series format, as follows:
i. Series 100: Core Concepts and Principles
ii. Series 200: Audit Execution
iii. Series 300: Internal Audit Reporting
9. Guidance
9.1 Guidance Notes on Internal Audit are primarily designed to provide non-mandatory guidance on matters of implementation or clarification on their applicability in certain circumstances.
9.2 The Board may issue the following guides (as appropriate):
i. Implementation Guide: Best practices, methodologies or approach on how best to apply internal audit procedures in order to achieve the objectives of the SIA.
ii. Technical Guide: Clarifications as to what extent the SIA applies in a certain industry or a particular situation, considering the technical or operational uniqueness of the same, and how best to achieve the objectives of the SIA.
9.3 The Implementation and Technical Guides are recommendatory in nature. The Internal Auditor should ordinarily follow these recommendations except where, under particular circumstances, it may not be necessary or appropriate to do so.
10. Effective Date
10.1 The Preface to the Standards on Internal Audit is applicable for all internal audits beginning on or after a date to be notified by the Council of the Institute.
10.2 In case of SIAs issued by the ICAI for which a Guidance Note is already in existence, the Guidance Note shall stand withdrawn from the date on which the Standard comes into effect.
ANNEXURE 1
DETAILS OF THE STANDARDS SETTING PROCESS
1. Selection of Topics and Timelines: The Internal Audit Standards Board, on a continuous basis, and in consultation with its key stakeholders, keeps identifying the broad areas in which the SIAs need to be formulated (including the review and revision of prevailing SIAs) and prepares a priority list with timelines for the issuance of the SIAs.
2. Formation of Study Group to Draft Standards: In the preparation and drafting of the SIAs, the Board is assisted by one or more Study Groups (SGs) of professionals constituted by the Board. In the formation of the SG, provision is made for the participation of a cross section of members of the Institute. In certain situations, the Board may also consider having expert professionals on the SG, who need not necessarily be members of the ICAI. The SG is generally chaired by a member of the Board and convened by the Board. The SG is responsible for preparing and finalising the Exposure Draft of the Standard and make it ready for review and approval of the Board.
3. Review of Exposure Draft of SIA by the Board: The Exposure Draft (ED) of the Standard is put up to the Board for their review, deliberation and approval. Stakeholder feedback received during the standard-setting process shall be analyzed and summarized for internal deliberation to enhance the robustness of final standards. On the basis of the deliberations of the Board, changes are made to the draft, and the final ED is made ready for exposure with a wide set of stakeholders.
While formulating the SIAs, the Board takes into consideration the applicable laws, customs, business environment in India. The Board also, where appropriate, takes into consideration the international practices in the area of internal audit, to the extent they are relevant and applicable to the conditions existing in India.
4. Exposure Draft Open for Comments for 30 days: The Exposure Draft of the proposed Standard is issued for comments by the members of the Institute. The ED is also open for comments by nonmembers, including the regulators and other such bodies as well as general public. The ED is hosted on the website of the Institute wherefrom it is downloadable free of charge for comments by the professional accountants and the public. The ED may also be published in the monthly journal of the Institute. The ED is also circulated to all the members of Council of the ICAI, the Institute’s past Presidents, Regional Councils and the branches of the Institute for their comments. The Exposure Draft is also circulated to other external stakeholders as listed in Annexure 2.
The Exposure Draft is normally open for comments for a period of at least 30 (thirty) days from the date of issuance, but this time may be extended if considered necessary.
5. Finalisation and Submission to ICAI Council: After taking into consideration the comments received on the Exposure Draft, the Board will update the draft of the proposed Standard that it finds appropriate, take inputs of the SG or experts (if appropriate), finalise the Standard for consideration by the Council of the Institute.
6. ICAI Council Deliberates and Approves SIA: The Council of the Institute will consider the final draft of the proposed Standard on Internal Audit and if necessary, modify the same in consultation with the Internal Audit Standards Board.
7. SIA Issued with Final Changes: The SIA will then be issued under the authority of the Council of the Institute.
Note: If any SIA is proposed to be revised a similar procedure is followed.
ANNEXURE 2
LIST OF STAKEHOLDERS FOR INPUTS ON EXPOSURE DRAFTS
1. The Ministry of Corporate Affairs
2. The Reserve Bank of India
3. The Securities and Exchange Board of India
4. The Insurance Regulatory and Development Authority
5. The Comptroller and Auditor General of India
6. The Controller General of Accounts
7. The Central Board of Direct Taxes
8. The Central Board of Indirect Tax and Custom
9. The Institute of Cost Accountants of India
10. The Institute of Company Secretaries of India
11. Recognised Stock Exchanges in India
12. The Indian Banks’ Association
13. The Standing Conference of Public Enterprises
14. The National Bank for Agricultural and Rural Development
15. The Indian Institute(s) of Management
16. The Telecom Regulatory Authority of India
17. The Central Registrar of Co-operative Societies
18. Various Industry bodies/associations, such as, The Confederation of Indian Industry, The Associated Chambers of Commerce and Industry, The Federation of Indian Chambers of Commerce and Industry, etc.
19. Any other body considered relevant by the Board, keeping in view the nature and requirements of SIAs.
Notes:
1 Refer Paragraph 3 of Basic Principles of Internal Audit issued by the board.
2 The details of Key Concepts are published in separate documents.
