GIAS Assessment

QAIP, self-assessment and EQA preparation — faster, better substantiated, less hassle.

The GIAS Assessment app helps CAEs systematically assess their IA function against the IIA Global Internal Audit Standards, from the annual QAIP/self-assessment to the mandatory external EQA.

Five obstacles every CAE recognises

Many internal audit functions work hard but lack a structured insight into their own quality level. This makes it difficult to improve and provide accountability to the Audit Committee.

No objective view

Self-assessments are subjective. Without structured evaluation, blind spots remain unnoticed, and an external reviewer is often missing.

PDFs, Excel and SharePoint are not assessment tools

Working with isolated documents, hand-made lists and shared folders leads to an unmanageable whole. Versions get lost, substantiation is not traceable and collaboration with an external reviewer becomes a logistical issue.

IIA standards are complex

The Global Internal Audit Standards contain 52 standards with hundreds of requirements. Manually maintaining and browsing through PDFs and Excel sheets is extremely time-consuming and prone to errors.

Improvement actions get lost

Assessments yield findings, but without systematic follow-up, actions remain incomplete. The cycle from measurement to improvement is never closed.

EQA preparation is costly and time-consuming

Most audit functions spend months preparing for an EQA, with significant costs for external guidance. Without the right tools, it becomes a manual, document-intensive process filled with back-and-forth emails.

No trend data to demonstrate improvement

Each assessment starts from scratch every year. Without structured storage of previous scores, it is impossible to demonstrate improvement over time, while management wants to see exactly that the function is developing.

A complete QAIP solution

GIAS Assessment brings everything needed for a professional quality assurance and improvement programme together, from self-assessment through improvement management to external evaluation.

From QAIP to EQA — optionally

From annual QAIP and self-assessment to optional EQA preparation, all in one platform. An EQA is not mandatory to use the platform, but should you choose to pursue one, Audirium conducts it. The platform guides you through every part of the quality cycle.

Gap to action

Each finding links directly to an improvement action. Track progress, assign owners and monitor deadlines, all in context.

Fully built on IIA standards

All 52 Global Internal Audit Standards embedded, including principles, requirements and considerations. Automatic scoring based on an evidence-based methodology. Topical Requirements fully integrated.

Personal conduct checklists (RA/RE)

New: under each self-assessment you assess every person individually — the RA against the NBA code of conduct (VGBA) and the RE against the NOREA Code of Ethics, per fundamental principle. With optional cross-references to the IIA principles and tension signals, such as confidentiality versus the duty to report to the board. The personal checklists hang under the function assessment, so the function and the people are evaluated together.

Insight & Foresight + AI improvement plan

New: a Maturity quick-scan and an Insight & Foresight scan assess the function's forward-looking capability across methods, competences and enabling conditions, grounded in the GIAS. The AI improvement plan reads the outcome and proposes prioritised actions that land straight in the action tracker. Add your own indicators and let the AI suggest a level. Read the analysis (Dutch) →

Secure team collaboration

Data per organisation is strictly separated, with SSO, MFA, audit logging and HTTPS, hosted in Europe. Privacy and security by design. Multiple team members work simultaneously, with roles and permissions per assessment: from contributor to reviewer to external assessor.

AI assistance built in

AI supports the entire assessment process, from automated gap analyses and action suggestions to substantive explanations per standard. Smarter assessment, better substantiated.

From start to insight in eight steps

The GIAS Assessment app guides you step by step, from the first assessment through to reporting to management and stakeholders, including the personal conduct norms.

1

Choose your assessment type

Start a Self Assessment for internal or annual use, an EQA for independent review, or a Topical Requirement for a specific domain such as Cybersecurity. The dashboard provides an immediate overview of all ongoing and completed assessments.

GIAS dashboard with overview of SA, EQA and TR
2

Assess per requirement

For each standard, you record whether your audit function 'Generally Conforms' (GC), 'Partially Conforms' (PC) or 'Does Not Conform' (DNC). Add rationale and evidence, including considerations per requirement.

Scoring per requirement with GC/PC/DNC buttons
3

View your score overview

After each assessment round, the platform immediately displays your maturity scores per principle and domain. At a glance you see where your function is strong and where improvement potential lies.

Score overview with maturity levels per principle and domain
4

Assess forward-looking capability (Insight & Foresight)

Conformance is not enough: the GIAS also expects insight and foresight. The Insight & Foresight scan assesses your function's forward-looking capability across four aspects — insight methods, foresight methods, competences and enabling conditions — with a derived I&F level, grounded in the GIAS and the IIA NL Practice Guide. You add your own indicators and the AI improvement plan turns the outcome into prioritised actions. Read the in-depth analysis (Dutch) →

Insight & Foresight scan: derived level and gauges for insight methods, foresight methods, competences and enabling conditions
5

Link improvement actions

Findings translate directly into actions, with owner, deadline and priority. The action overview shows progress across the entire improvement programme at a glance.

Kanban overview of improvement actions per status
6

Report to management and stakeholders

Generate a professional report for the Audit Committee, management or other stakeholders, complete with scoring overview, maturity levels per principle and open actions. Available in Dutch or English.

PDF report with scoring overview and maturity levels
7

Assess domain-specific Topical Requirements

Alongside the 52 core standards you assess the IIA Topical Requirements — thematic assessments for risk domains the IIA designates as a priority, such as Cybersecurity. The dashboard brings self-assessments, EQA and Topical Requirements together, so you cover both the core and the current focus areas in one programme.

Topical Requirement result (Cybersecurity): conformance per category with gaps
8

Assess the personal norms (RA/RE)

Under each self-assessment you assess every person individually: the RA against the NBA code of conduct (VGBA) and the RE against the NOREA Code of Ethics, per fundamental principle. With cross-references to the IIA principles and tension signals, such as confidentiality versus the duty to report to the board. This evaluates the function and the people who work in it together.

Personal conduct checklist (RA against VGBA) with conformance per principle and IIA cross-references

The complete quality cycle

GIAS supports the full QAIP cycle — from internal assessment to external validation and back to improvement.

SA

Self Assessment

The CAE assesses conformity per standard and principle. Annually repeatable, comparable over time.

IP

Improvement Plan

Findings become actions. Owners, deadlines and progress tracked in the action register.

EQA

External Quality Assessment

Independent reviewers assess against the same IIA standards — including QAM 2024 support for the external assessor.

TR

Topical Requirements

Domain-specific assessments alongside core standards — for a complete picture of the audit function.

GIAS QAIP cyclus — van chaos naar gestructureerd kwaliteitsassuranceprogramma

Domain-specific assessments

In addition to the 52 core standards, GIAS supports IIA Topical Requirements — thematic assessments for specific risk domains that the IIA designates as priority areas.

TR

Cybersecurity

Assess audit coverage on cybersecurity risks against IIA Topical Requirements. Essential for organizations with significant digital exposure or an elevated risk profile.

TR

Third-Party Management

Suppliers and chain partners carry their own risks. TR Third-Party helps IA functions assess and strengthen their coverage on this growing risk domain.

TR

Organizational Behavior

Culture, integrity and ethics as an audit domain. GIAS supports the assessment of internal audit on behavioral and cultural risks in line with IIA standards.

EQA module: ready for the external assessor

Once every five years, the IIA requires an external quality assessment. For listed companies and semi-public institutions this is also embedded in the Corporate Governance Code. GIAS prepares your IA function — and supports the external assessor as well.

QAM 2024 integrated — the IIA Quality Assessment Manual 2024 is fully embedded as a reference framework for external assessors.

Dual perspective — SA and EQA are presented side by side for easy comparison of internal and external assessment per standard.

Export ready — generate a complete EQA report for the Audit Committee, including maturity scores per principle and domain.

Findings and narratives — external assessors add findings that are immediately visible to the CAE and management.

SAIV or Full EQA — your team conducts the assessment itself (SAIV) while the assessor validates and signs off, or the assessor takes on the full assessment (Full EQA). No documents back and forth by email — everything in one shared environment.

EQA at a glance

Required frequency Once every 5 years
Outcomes GC / PC / DNC
Reference framework GIAS + QAM 2024
Scoring levels Standard → Principle → Overall
Assessment form SAIV / Full EQA
Languages NL / EN
Interested in an EQA engagement with Audirium? Learn about our EQA services →

Ready to professionalize your QAIP?

Request a demo or contact us for more information about GIAS Assessment for your organization.