The Global Internal Audit Standards, released by the IIA in 2024, reflect the ongoing development of internal auditing, shaped by changing business environments, emerging risks, and evolving stakeholder expectations. Over time, the role of internal audit has adapted to shifting circumstances, and the updated standards emphasize the need for IAFs to remain agile and responsive to new challenges. They integrate a performance-oriented framework that extends beyond traditional compliance and control assessments to encompass broader organizational objectives, strategic alignment, and value creation (IIA 2024). While the fundamental purpose of internal auditing remains unchanged, the evolving landscape requires auditors to expand their focus beyond conventional areas such as finance, compliance, and operations, addressing complex and emerging risks as part of their assurance and advisory responsibilities (Eulerich and Eulerich 2020; Peemöller and Kregel 2022; Welge and Eulerich 2021). Central to the revised standards is the recognition that internal audit performance is multifaceted, involving not only the execution of audit plans and adherence to schedules but also the delivery of insights that enhance organizational resilience and strategic agility (Johnson 2023).

One significant change introduced by the new standards is the explicit focus on efficiency, effectiveness, and value creation as essential performance metrics for IAFs, as highlighted in Standard 12.2 (IIA 2024).

• Efficiency refers to the optimal use of resources, minimizing waste, and improving audit processes to enhance productivity.
• Effectiveness in internal auditing is demonstrated through a deep understanding of governance, risk management, and control processes, thus ensuring the reliability of financial and operational information, safeguarding assets, and promoting regulatory compliance.
• Value creation extends beyond traditional audit assurance by emphasizing internal audit’s contribution to strategic objectives, including strengthening governance, identifying process improvements, and providing actionable recommendations for long-term success.

By integrating these three dimensions, the new standards reinforce the evolving role of internal audit as not merely a compliance function but also a proactive and strategic partner in organizational decision-making and performance enhancement.

The new standards not only emphasize performance metrics such as efficiency, effectiveness, and value creation but also recognize the critical role of technology in achieving these objectives. To support this, Standard 10.3 explicitly advocates for the adoption of technology within IAFs, stating that “The chief audit executive must strive to ensure that the IAF has technology to support the internal audit process. The chief audit executive must regularly evaluate the technology used by the IAF and pursue opportunities to improve effectiveness and efficiency” (IIA 2024). This standard reinforces the necessity for regular technological upgrades and strategic investments, ensuring that IAFs can swiftly respond to evolving risks and operational challenges. Technologies enable internal auditors to perform detailed data analysis, ongoing assessments of controls and risks, allowing for the timely identification and remediation of issues as they arise (Brown 2022; Eulerich et al. 2020). Ultimately, the emphasis on technology within the new standards reflects a fundamental shift toward a more proactive, data-driven, and strategic IAF.

While the new standards emphasize technological advancements as a means to enhance efficiency and effectiveness, they also recognize that technology alone is not sufficient. The impact of internal audit depends not only on the ability to leverage advanced tools but also on how well audit insights are communicated and integrated into organizational decision-making. To address this, Standard 11.1 underscores the importance of stakeholder engagement and communication as essential components of audit performance. Internal auditors are expected to cultivate strong relationships with key stakeholders, including the board, senior management, operational leaders, regulators, and external assurance providers. This engagement requires both formal and informal communication to foster mutual understanding of organizational priorities, risk management approaches, regulatory requirements, and opportunities for collaboration (Bhandari et al. 2024). Effective communication is essential to ensure that the insights generated through data analytics, AI, and continuous monitoring translate into actionable recommendations. The chief audit executive must establish a structured approach to stakeholder communication, ensuring alignment of audit objectives with business strategies and that significant issues are conveyed effectively. Consequently, internal audit performance is now assessed not only through traditional metrics but also by its ability to engage with stakeholders, provide valuable insights, and influence decision-making in a way that strengthens governance and risk management (Williams 2023).

The integration of performance-oriented standards with advanced technological tools creates a synergistic effect that enhances the overall capabilities of IAFs. As the new standards emphasize efficiency, effectiveness, and value creation, technology serves as a critical enabler in achieving these goals. Data analytics strengthens risk assessments and fraud detection by providing deeper insights into financial and operational data, while AI and RPA streamline repetitive tasks, freeing auditors to focus on more complex analysis and strategic advisory functions (Lee 2021). This alignment between standards-driven performance expectations and technology adoption ensures that IAFs go beyond mere compliance. Rather than merely verifying adherence to regulations, internal audit becomes a proactive and value-adding function that directly contributes to strategic decision-making and operational excellence (Johnson 2023). By leveraging technology in alignment with the new standards, IAFs can enhance governance, improve risk management, and drive organizational resilience in an increasingly complex business environment.

While the integration of performance-oriented standards and advanced technology enhances the capabilities of IAFs, it also introduces new challenges that must be carefully managed. Auditors must balance technological adoption with maintaining independence and objectivity, ensuring that automation and AI-driven processes do not undermine professional skepticism or introduce biases (Davis 2021; Stewart and Subramaniam 2010). Moreover, the transition toward continuous and real-time auditing requires significant investments in technology infrastructure and continuous development to equip auditors with the necessary expertise (Barua et al. 2010; Garven and Scarlata 2020; Smith and Jones 2020). The quality and integrity of data become critical factors, as poor-quality data can lead to flawed insights and ineffective risk assessments. Additionally, the increasing reliance on data analytics, cybersecurity measures, and automation tools creates a competence gap, requiring auditors to develop specialized technical skills. Beyond skill-related challenges, resource constraints may limit technology adoption, particularly for smaller organizations that lack the financial and technological capacity to implement sophisticated auditing tools. Furthermore, organizational resistance to change – both within audit teams and leadership – can slow the transformation process, preventing IAFs from fully capitalizing on new advancements (Abbott et al. 2012; Baiod and Hussain 2024; Garven and Scarlata 2020; Jackson and Allen 2024). The integration of new audit technologies with legacy IT systems poses operational and security risks, while data privacy concerns further complicate the implementation of digital solutions (Auditboard 2023; KPMG 2025). Thus, while the new standards present opportunities for performance enhancement, they also necessitate a strategic and measured approach to technology adoption and organizational change.

The concept of internal audit performance has traditionally been aligned with metrics such as adherence to audit schedules, completion rates of planned engagements, number of audits, and compliance with professional standards (Alzeban 2015; Calvin and Eulerich 2024; Smith and Jones 2020; IIA 2010). These traditional metrics, while essential, offer a limited view of performance that does not fully capture the evolving role of internal auditors in contemporary organizations. Prior literature advocates for a more holistic approach to evaluating internal audit performance, with factors such as value creation, stakeholder satisfaction, and strategic alignment (Brown 2019; Bota-Avram et al. 2011; IIA Netherlands 2016).

Performance, in this broader sense, encompasses the IAF’s ability to contribute to organizational learning, enhance risk management practices, and support strategic decision-making (Bonrath and Eulerich 2024a; Davis 2021; Roussy et al. 2020; Spira and Page 2003). This multifaceted view recognizes that internal auditors are not merely ‘box tickers’, but strategic partners who provide critical insights that drive organizational improvement (Williams 2023). Consequently, performance metrics have expanded to include both quantitative indicators – such as reduced operational costs and increased fraud detection rates – and qualitative measures, including the quality of audit reports and the effectiveness of communication with stakeholders (Deloitte 2024; Miller and Thompson 2022).

The rapid development and adoption of innovative technologies in the era of digital transformation have further expanded the scope of internal auditing (Sigov et al. 2022). These advancements create new application areas and offer solutions to increasingly complex data challenges (Rad et al. 2022; Quach et al. 2022). Innovative technologies include revolutionary IT solutions, disruptive innovations, and cutting-edge information systems that can emerge from new research breakthroughs or the combination of existing technologies (Kostoff et al. 2004). They are characterized by their ability to penetrate established markets and provide superior, more efficient solutions to traditional processes, services, and products (Kumaraswamy et al. 2018). In doing so, these technologies lower competitive barriers and enable wider accessibility, even for individuals without technical expertise. Current trends suggest a hybrid approach, where advanced technologies augment and enhance human decision-making capabilities (Vrontis et al. 2022). Data analytics, AI, and RPA serve as the principal drivers of these changes, each contributing uniquely to the efficiency, effectiveness, and value creation capabilities of IAFs (Islam and Stafford 2022; Joshi and Marthandan 2020; Emett et al. 2024a).

Empirical studies provide initial evidence of the positive impact of technology adoption on internal audit performance. Research shows that emerging technologies enhance audit quality by improving the ability to detect anomalies, control weaknesses, and fraudulent activities that might otherwise go unnoticed (Brown 2022; Miller and Thompson 2022).

As businesses increasingly rely on innovative technologies, internal auditors must continuously develop their expertise and audit capabilities in adjusting to these advancements (Brown-Liburd et al. 2015). Studies indicate that the digitalization of work environments expands the scope of internal audit to include technological aspects, requiring auditors to build specialized knowledge in IT risks and agile adaptation to emerging technologies (Betti and Sarens 2021). Empirical findings further suggest that integrating technology-driven audit techniques can enhance efficiency and effectiveness by reducing audit time, increasing the number of completed audits, and improving risk detection and audit recommendations (Eulerich et al. 2023).

The growing volume and complexity of corporate data necessitate more advanced analytical methods, as conventional data evaluation techniques often struggle to process large datasets effectively and in a timely manner (Cardinaels et al. 2021). Data analytics helps auditors to structure, process, and interpret extensive data, allowing them to allocate cognitive resources toward strategic decision-making and risk evaluation (Betti et al. 2024; Kend and Nguyen 2020). The growing reliance on data analytics tools within internal audit highlights the increasing demand for advisory services and changes in day-to-day audit practices (Betti and Sarens 2021; Kahyaoglu and Aksoy 2021). However, the successful implementation of data analytics depends on the IAF’s IT expertise (Islam and Stafford 2022) and cross-functional collaboration between internal auditing and other business units (Rakipi et al. 2021). For many IAFs, data analytics serves as the foundational step toward implementing continuous monitoring (Eulerich et al. 2020).

Robotic Process Automation (RPA) has been shown to streamline repetitive and rule-based tasks, such as data entry and reconciliation, thereby freeing auditors to focus on more strategic and analytical activities (Davis 2021). Empirical evidence suggests that RPA implementation can lead to substantial reductions in audit cycle times and operational costs, while also improving the consistency and reliability of audit processes (Brown 2022).

New developments in AI further expand the possibilities of RPA beyond rule-based automation, enabling more complex functionalities such as advanced decision-making processes (Eulerich et al. 2022). For example, AI enhances audit capabilities by automating tasks, improving efficiency, and enabling deeper insights into data, which ultimately leads to better decision-making in audit processes (Li and Goel 2025). Studies focusing on AI applications in auditing highlight significant improvements in fraud detection rates and the efficiency of audit processes (Lee 2021). For instance, machine learning algorithms, as a subset of AI, can identify patterns and correlations within vast amounts of unstructured data, such as emails or transaction logs, that may indicate fraudulent behavior or operational inefficiencies (Williams 2023). These capabilities not only expedite the audit process, but also enhance the accuracy and reliability of audit findings (Smith and Jones 2020). AI and data analytics further support continuous monitoring by enabling real-time anomaly detection and timely risk adjustments (Eulerich et al. 2020). In parallel, process mining – especially as ERP data volumes grow – helps auditors map business processes, uncover control gaps, and identify high-risk activities (Eulerich et al. 2025).

Overall, empirical evidence supports the notion that technology can substantially enhance performance (Bonrath and Eulerich 2024b; Eulerich et al. 2022), provided that organizations address the associated challenges through strategic planning, comprehensive training programs, and robust governance frameworks (Johnson 2023). As technological advancements continue to reshape the internal audit profession, auditors must not only adapt to new tools but also proactively engage in innovation initiatives. Research suggests that IAFs should take an active role in evaluating and integrating emerging technologies, both in their own audit processes and as part of their advisory responsibilities to the broader organization (Christ et al. 2019). By embedding internal audit into strategic planning efforts and collaborating with risk management teams, auditors can help organizations anticipate and manage the risks associated with disruptive innovations (Christ et al. 2019). Ultimately, this evolving role positions internal auditors as innovators who test and leverage new technologies within their audit and advisory activities, fostering a forward-thinking approach to corporate governance (Betti et al. 2021; Christ et al. 2019).

Real-time and predictive insights position internal auditors as strategic advisors who support decision-making and strengthen organizational resilience (Williams 2023). This role aligns with the new Global Internal Audit Standards, which emphasize the use of technology to enhance performance and create value (IIA 2024). To realize these benefits, organizations must ensure proper implementation, develop relevant skills, establish governance structures, and conduct ongoing performance evaluation (Smith and Jones 2020).

While the integration of technologies such as AI, RPA, and data analytics offers substantial benefits to internal audit performance, it also introduces significant challenges that must be addressed to ensure successful implementation and long-term value. AI, for example, enhances transparency, objectivity, and reduces human error, particularly through co-pilot systems (Gu et al. 2024; Libby and Witz 2024). However, its adoption raises concerns around regulatory barriers, ethical risks, and algorithmic bias, especially in complex audit scenarios (Torroba et al. 2025; Eisikovits et al. 2024). Trust in AI remains limited, with auditors often hesitant to rely on opaque systems. This is an issue compounded by algorithm aversion, which requires targeted strategies to build confidence and reduce bias (Commerford et al. 2024; Fedyk et al. 2022).

Human capital and skill gaps represent one of the most significant barriers to technology adoption in internal auditing. The effective use of advanced analytical tools and AI systems requires auditors to possess competencies in data science, statistical analysis, and programming languages such as Python or R (Brown 2022). However, many internal audit teams lack these specialized skills, leading to underuse of technological tools and diminished performance gains (Emett al. 2024b; Lee 2021). To address this gap, organizations must invest in comprehensive training and professional development programs that equip auditors with the necessary technical skills (Smith and Jones 2020). Additionally, fostering a culture of continuous learning and adaptability is essential to keep pace with rapidly evolving technological advancements (Davis 2021).

Cybersecurity and data privacy concerns also pose significant risks to technology-driven audit practices. The use of cloud-based analytics platforms and AI systems often involve handling sensitive and confidential data, making them attractive targets for cyberattacks (Williams 2023). A single data breach can compromise the integrity of audit processes, expose sensitive information, and erode stakeholder trust (Miller and Thompson 2022). Therefore, robust cybersecurity measures, including encryption, secure data storage, and strict access controls, are imperative to protect audit data and maintain the confidentiality and integrity of audit findings (Johnson 2023). Compliance with data protection regulations, such as the General Data Protection Regulation (GDPR), further necessitates meticulous data management practices and continuous monitoring of security protocols (IIA 2024).

Organizational resistance to change is another common challenge that can impede the adoption of advanced technologies in internal auditing. Resistance may stem from various sources, including fears of job displacement, scepticism about the return on investment (ROI) of new technologies, and discomfort with altering established workflows (Brown 2022). Middle managers may be reluctant to deviate from traditional audit methodologies that have been effective in the past, while frontline auditors might fear that automation could render their roles obsolete (Davis 2021). Overcoming this resistance requires effective change management strategies, including clear communication of the benefits of technology adoption, demonstration of early successes through pilot projects, and involvement of auditors in the selection and implementation of new tools (Miller and Thompson 2022). Building a shared vision that emphasizes how technology can augment rather than replace auditor capabilities is crucial for securing buy-in across the organization (Williams 2023).

Furthermore, balancing technology integration with audit independence and objectivity presents a complex challenge. Internal auditors must maintain their professional skepticism and independent judgment, even as they rely more heavily on automated tools and data-driven insights (Smith and Jones 2020). Over-reliance on technology can lead to complacency, where auditors may accept automated outputs without sufficient critical evaluation (Lee 2021). To preserve audit independence, it is essential to establish protocols that require auditors to validate and interpret the results generated by AI and RPA systems (Davis 2021). Regular audits of the AI models themselves – assessing their data sources, training processes, and decision-making algorithms – can help ensure transparency and accountability, mitigating the risk of algorithmic biases and inaccuracies (Brown 2022).

Lastly, ethical considerations surrounding the use of AI and automation in auditing should not be overlooked. Issues such as data bias, algorithmic transparency, and the ethical use of data necessitate the development of ethical frameworks and guidelines governing the deployment of these technologies (Williams 2023). Auditors must be vigilant in identifying and addressing potential ethical dilemmas, ensuring that technology enhances, rather than undermines, the integrity and fairness of the audit process (Johnson 2023).

While technology offers substantial benefits in terms of efficiency and effectiveness in internal auditing (e.g., Auditboard 2024; Bonrath and Eulerich 2024b; Crowe 2022; AICPA and CIMA 2022), it also raises concerns about maintaining the critical role of human judgment and professional skepticism in the audit process.

Independence and objectivity are the core values that ensure internal auditors can perform their duties without undue influence or bias (IIA 2024). Independence refers to the freedom of the IAF from external pressures or conflicts of interest that could compromise its ability to provide unbiased assurance. This includes organizational independence and individual auditor independence. As IAFs increasingly adopt AI and RPA, there is a risk that reliance on automated systems could compromise this independence. Objectivity, on the other hand, is the mental attitude of auditors that ensures impartial decision-making, free from personal biases, preconceived notions, or external influences. It requires auditors to evaluate evidence based purely on facts rather than subjective judgment. Automated tools may inadvertently introduce biases if the underlying algorithms are not properly designed or if the data inputs are skewed (Lee 2021). Moreover, the “black-box” nature of most AI models – where the decision-making processes are opaque – can make it challenging for auditors to understand and explain the rationale behind automated conclusions (Smith and Jones 2020).

To reconcile technology adoption with audit independence, it is essential to implement transparent and explainable AI systems. Auditors should prefer AI models that offer interpretability, allowing them to trace how inputs are processed and how outputs are generated (Davis 2021). For instance, in fraud detection audits, an AI-powered system used by a financial institution can flag suspicious transactions based on behavioral anomalies. The system employs explainable AI techniques – such as SHAP values or LIME – to highlight specific decision factors, including unusual transaction timing or deviations from typical spending patterns, rather than functioning as a black-box model. This level of transparency enables auditors to validate AI-generated findings, ensuring that decisions are aligned with audit objectives and not blindly accepted. Additionally, auditors should be trained to understand the basics of AI and machine learning, enabling them to critically evaluate the outputs of automated systems and ensure they align with audit objectives (Brown 2022). This is particularly relevant in continuous monitoring of financial processes, in which AI scans large volumes of financial records for anomalies. On top of merely flagging discrepancies, explainable AI models provide contextual explanations – for instance, comparing flagged transactions to historical patterns or industry benchmarks. This approach allows auditors to exercise professional judgment and retain control over the decision-making process, ensuring that AI enhances, rather than replaces, audit independence.

Professional skepticism, another cornerstone of internal auditing, requires auditors to critically assess evidence and remain alert to conditions that may indicate possible misstatement or fraud (IIA 2024). Technology can support this by providing comprehensive data analysis and highlighting potential anomalies; however, it should not replace the auditor’s judgment. For instance, an AI-powered anomaly detection system might flag a series of high-value transactions occurring outside of normal business hours as potentially fraudulent. While this automated insight is valuable, the auditor must exercise skepticism by further investigating the transactions – verifying the legitimacy of the counterparties, checking supporting documentation, and interviewing relevant personnel – before concluding that fraud has occurred. Similarly, if an RPA tool automates reconciliation between financial records and bank statements, its outputs should be periodically reviewed to ensure that errors are not systematically overlooked or misclassified due to incorrect rules in the automation logic. Auditors must actively engage with the insights generated by AI and RPA, verifying their accuracy and relevance through additional testing and inquiry (Williams 2023). This ensures that technology serves as an aid rather than a substitute for professional judgment.

Governance frameworks play a crucial role in maintaining the balance between technology and independence. IAFs should establish clear policies and procedures for the use of AI and RPA, including guidelines for data governance, model validation, and ethical considerations (Johnson 2023). Regular audits of AI systems, akin to traditional audit processes, can help ensure that these tools operate as intended and do not introduce new risks or biases (Brown 2022). Additionally, involving diverse stakeholders in the development and implementation of technological tools can enhance transparency and accountability, which fosters trust in the audit process (Miller and Thompson 2022). Overall, a structured governance approach ensures that technology-driven insights remain objective, explainable, and aligned with audit standards while mitigating risks of automation bias.

In conclusion, while technology offers transformative potential for IAFs, it is imperative to maintain the delicate balance between technological reliance and the core principles of audit objetivity and professional skepticism. By adopting transparent AI systems, fostering continuous professional development, establishing robust governance frameworks, and implementing ongoing oversight practices, IAFs can leverage technology to enhance performance without compromising their roles in organizational governance.

To maximize the benefits of technology while safeguarding audit independence and objectivity, IAFs should implement targeted best practices that align technology integration with organizational goals. A strategic, risk-aware approach ensures that technological advancements enhance audit performance without compromising professional judgment or oversight.

Internal audit leaders should begin by conducting a comprehensive needs assessment to identify areas where technology can deliver the most significant performance improvements (Brown 2022). This involves evaluating current audit processes, identifying inefficiencies, and prioritizing initiatives that align with the organization’s strategic objectives (Johnson 2023). Developing a technology roadmap with clear milestones, success metrics, and budgetary guidelines can support a structured, and phased implementation of advanced tools such as data analytics, AI, and RPA (Miller and Thompson 2022).

Training and continuous professional development are critical to bridging the skill gaps inherent in technology-driven auditing. Internal auditors must acquire competences in data science, statistical analysis, and programming languages to effectively utilize advanced analytical tools (Lee 2021). Structured training programs, including workshops, certifications, and online courses, can equip auditors with the necessary technical skills (Smith and Jones 2020). Additionally, fostering a culture of continuous learning and providing opportunities for auditors to engage with technology specialists can enhance their proficiency and confidence in using new tools (Davis 2021).

Robust governance and risk management frameworks are essential to oversee the deployment and use of advanced technologies in auditing. Establishing a dedicated technology governance committee can ensure that technology initiatives are aligned with organizational policies, compliance requirements, and ethical standards (Williams 2023). This committee should be responsible for evaluating vendor solutions, monitoring cybersecurity risks, and ensuring that data analytics, AI and RPA tools are deployed responsibly and transparently (Brown 2022). Additionally, integrating technology risk assessments into the annual audit planning cycle can help identify and mitigate potential threats associated with technological adoption (Johnson 2023).

Defining performance metrics and Key Performance Indicators (KPIs) is crucial for measuring the impact of technology on internal audit outcomes. Organizations should establish clear and quantifiable KPIs that reflect both traditional performance metrics and new dimensions introduced by technological tools, such as real-time risk detection, predictive insights, full-population testing, process automation efficiency, and algorithm transparency (Miller and Thompson 2022). Examples of relevant KPIs include fraud detection rates, audit cycle times, coverage of high-risk areas, and stakeholder satisfaction levels (Lee 2021). Regularly tracking and analyzing these metrics enables IAFs to assess the effectiveness of technology initiatives, identify areas for improvement, and demonstrate the value of technology investments to senior management and stakeholders (Smith and Jones 2020).

Ensuring ethical and responsible use of technology is imperative to maintain trust and integrity in the internal audit process. IAFs should develop ethical guidelines that govern the use of AI and RPA, addressing issues such as data privacy, algorithmic bias, and the transparency of automated decision-making processes (Williams 2023). Establishing protocols for the ethical use of data and conducting regular audits of AI systems can help mitigate the risks of bias and ensure that technological tools are used in a manner that upholds the principles of fairness and objectivity (Davis 2021).

Collaboration and stakeholder engagement enhance the effectiveness of technology adoption in internal auditing. Engaging with IT departments, data scientists, and external technology providers can facilitate the seamless integration of advanced tools into audit processes (Brown 2022). Additionally, fostering strong relationships with key stakeholders, including executive management and the board of directors, ensures that audit initiatives are aligned with organizational priorities and that the benefits of technology adoption are clearly communicated and understood (Johnson 2023). Collaborative efforts also enable IAFs to stay abreast of emerging technologies and best practices, ensuring continuous improvement and innovation (Miller and Thompson 2022).

Continuous monitoring and feedback mechanisms are essential for sustaining the benefits of technology-driven auditing. Implementing feedback loops that capture auditor experiences, challenges, and suggestions can inform ongoing optimization of technological tools and audit methodologies (Lee 2021). Regular reviews and updates of technology strategies based on performance data and stakeholder feedback ensure that IAFs remain agile and responsive to changing organizational needs and technological advancements (Smith and Jones 2020).

To ensure these strategic principles translate into effective implementation, the following table (Table 2) provides a structured overview of best practices, outlining key actions and critical questions that IAFs should consider when integrating technology into their audit processes.