e-ISSN 2518-1181
DOI 10.33146/2518-1181
Online Media ID R40-06293
← Back Published: 30.03.2026

Implementation of Global Internal Audit Standards in the Bank

Authors

Yaroslav Dmyshko 'Lviv Polytechnic' National University, Lviv, Ukraine ORCID 0009-0004-5415-2410

DOI:

https://doi.org/10.33146/2518-1181-2026-1(111)-153-160

Abstract

In the context of increased prudential supervision, the digitalization of banking processes, and the growth of operational and cyber risks, internal audit ceases to perform a control function solely. It becomes an independent mechanism providing reasonable assurance and advisory support to the bank’s management bodies. The article aims to form a methodology for the coordinated implementation of the Global Internal Audit Standards (GIAS) in a banking institution, taking into account the supervisory expectations of the Basel Committee on Banking Supervision, the European Banking Authority’s guidelines on internal corporate governance and the updated requirements of the National Bank of Ukraine, as well as to develop a practical toolkit for demonstrating conformity. The research methodology is based on content analysis of standards and regulatory documents, comparative analysis of requirements, and gap analysis, with the results subsequently generalized into a conformity map and an implementation roadmap. The author applied process modeling to the audit engagement cycle (planning – risk assessment – control testing – evidence generation – reporting – monitoring of the implementation of recommendations) and synthesized requirements for documentation and evidence for each stage. The results obtained consist of a proposed five-stage implementation model (diagnosis of gaps; corporate management of the function; management of the function; task execution and monitoring of implementation of recommendations; quality assurance and improvement program), as well as a structured set of documentation and evidence of conformity: a conformity map, unified templates of working documents, a hierarchy of evidence, a system of key performance indicators (KPI) and an approach to aggregated measurement of progress through the conformity index (CI). The scientific novelty lies in the integration of the requirements of the GIAS with banking prudential requirements through the matrix “requirement – document or process – owner – evidence – status”, which ensures traceability of the implementation of requirements in the bank's processes and the reproducibility of audit conclusions during internal and external quality assessments. The practical value lies in the possibility of using the proposed tools for transition planning and preparation for the adaptation of internal documents within the deadlines established by the National Bank of Ukraine (until 01.07.2026), as well as for increasing the maturity of internal control and risk management, in particular by including AML/CTF risks and IT and cyber risks in risk-based internal audit planning.

Keywords

internal audit, bank, Global Internal Audit Standards, evidentiary conformity, conformity map, quality assurance and improvement program, risk-based planning, performance indicators
References
  1. Institute of Internal Auditors. (2024). Global Internal Audit Standards™ (2024 Edition). Retrieved from: https://www.theiia.org/globalassets/site/standards/globalinternalauditstandards_2024january9.pdf
  2. National Bank of Ukraine. (2025). On Amendments to Certain Regulatory Acts of the National Bank of Ukraine on the Organization of Internal Audit in Ukrainian Banks and Banking Groups: Resolution dated 19.12.2025 No. 151. Retrieved from: https://zakon.rada.gov.ua/go/v0151500-25 [in Ukrainian]
  3. Basel Committee on Banking Supervision. (2012). The internal audit function in banks (BCBS 223). Retrieved from: https://www.bis.org/publ/bcbs223.pdf
  4. European Banking Authority. (2021). Final report on Guidelines on internal governance under CRD (EBA/GL/2021/05). Retrieved from: https://www.eba.europa.eu/sites/default/files/document_library/Publications/Guidelines/2021/1016721/Final%20report%20on%20Guidelines%20on%20internal%20governance%20under%20CRD.pdf
  5. Committee of Sponsoring Organizations of the Treadway Commission. (2013). Internal Control–Integrated Framework: Executive Summary. Retrieved from: https://www.sechistorical.org/collection/papers/2010/2013_0501_COSOInternal.pdf
  6. Institute of Internal Auditors. (2020). The IIA’s Three Lines Model: An update of the Three Lines of Defense. Retrieved from: https://www.theiia.org/globalassets/documents/resources/the-iias-three-lines-model-an-update-of-the-three-lines-of-defense-july-2020/three-lines-model-updated-english.pdf
  7. de Zwaan, L., Stewart, J., & Subramaniam, N. (2011). Internal audit involvement in enterprise risk management. Managerial Auditing Journal, 26(7), 586–604. https://doi.org/10.1108/02686901111151323
  8. Arena, M., & Azzone, G. (2009). Identifying organizational drivers of internal audit effectiveness. International Journal of Auditing, 13(1), 43–60. https://doi.org/10.1111/j.1099-1123.2008.00392.x
  9. Cohen, A., & Sayag, G. (2010). The effectiveness of internal auditing: an empirical examination of its determinants in Israeli organisations. Australian Accounting Review, 20(3), 296–307. https://doi.org/10.1111/j.1835-2561.2010.00092.x
  10. Alzeban, A. (2015). Influence of audit committees on internal audit conformance with internal audit standards. Managerial Auditing Journal, 30(6/7), 539–559. https://doi.org/10.1108/MAJ-12-2014-1132
  11. Goodwin, J. (2003). The relationship between the audit committee and the internal audit function: evidence from Australia and New Zealand. International Journal of Auditing, 7(1), 17–32. https://doi.org/10.1046/j.1099-1123.2003.00074.x
  12. Bou-Raad, G. (2000). Internal auditors and a value-added approach: the new business regime. Managerial Auditing Journal, 15(4), 182–187. https://doi.org/10.1108/02686900010322461
  13. Soh, D. S. B., & Martinov-Bennie, N. (2011). The internal audit function: perceptions of internal audit roles, effectiveness and evaluation. Managerial Auditing Journal, 26, 605–622. https://doi.org/10.1108/02686901111151332
  14. Abdullatif, M., & Kawuq, S. (2015). The role of internal auditing in risk management: evidence from banks in Jordan. Journal of Economic and Administrative Sciences, 31(1), 30–50. https://doi.org/10.1108/JEAS-08-2013-0025
  15. Prawitt, D. F., Smith, J. L., & Wood, D. A. (2009). Internal audit quality and earnings management. The Accounting Review, 84(4), 1255–1280. https://doi.org/10.2308/accr.2009.84.4.1255
  16. Ege, M. S. (2015). Does internal audit function quality deter management misconduct?. The Accounting Review, 90(2), 495–527. https://doi.org/10.2308/accr-50871
  17. Chambers, A. D., & Odar, M. (2015). A new vision for internal audit. Managerial Auditing Journal, 30(1), 34–55. https://doi.org/10.1108/MAJ-08-2014-1073
  18. Eulerich, A., & Eulerich, M. (2020). What is the value of internal auditing? a literature review on qualitative and quantitative perspectives. Maandblad Voor Accountancy en Bedrijfseconomie, 94(3-4), 83–92. https://doi.org/10.5117/mab.94.50375
  19. Lenz, R., & Sarens, G. (2012). Reflections on the internal auditing profession: what might have gone wrong?. Managerial Auditing Journal, 27(6), 532–549. https://doi.org/10.1108/02686901211236382
  20. Oussii, A. A., & Taktak, N. B. (2018). The impact of internal audit function characteristics on internal control quality. Managerial Auditing Journal, 33(5), 450–469. https://doi.org/10.1108/MAJ-06-2017-1579
  21. Sarens, G., & Abdolmohammadi, M. J. (2011). Monitoring effects of the internal audit function: Agency theory perspective. International Journal of Auditing, 15(1), 1–20. https://doi.org/10.1111/j.1099-1123.2010.00419.x
  22. National Bank of Ukraine. (2025). Updated requirements for the organization of internal audit in banks and banking groups. Retrieved from: https://bank.gov.ua/ua/news/all/onovleno-vimogi-schodo-organizatsiyi-vnutrishnogo-auditu-v-bankah-ta-bankivskih-grupah [in Ukrainian]
  23. Verkhovna Rada of Ukraine. (2000). On banks and banking activities: Law of Ukraine. Retrieved from: https://zakon.rada.gov.ua/laws/show/2121-14 [in Ukrainian]
  24. National Bank of Ukraine. (2016). On approval of the Regulation on the organization of internal audit in Ukrainian banks and banking groups: Resolution dated 10.05.2016 No. 311. Retrieved from: https://zakon.rada.gov.ua/go/v0311500-16 [in Ukrainian]