QAIP, self-assessment and EQA preparation — faster, better substantiated, less hassle.
The GIAS Assessment app helps CAEs systematically assess their IA function against the IIA Global Internal Audit Standards, from the annual QAIP/self-assessment to the mandatory external EQA.
The Challenge
Five obstacles every CAE recognises
Many internal audit functions work hard but lack a structured insight into their own quality level. This makes it difficult to improve and provide accountability to the Audit Committee.
No objective view
Self-assessments are subjective. Without structured evaluation, blind spots remain unnoticed, and an external reviewer is often missing.
PDFs, Excel and SharePoint are not assessment tools
Working with isolated documents, hand-made lists and shared folders leads to an unmanageable whole. Versions get lost, substantiation is not traceable and collaboration with an external reviewer becomes a logistical issue.
IIA standards are complex
The Global Internal Audit Standards contain 52 standards with hundreds of requirements. Manually maintaining and browsing through PDFs and Excel sheets is extremely time-consuming and prone to errors.
Improvement actions get lost
Assessments yield findings, but without systematic follow-up, actions remain incomplete. The cycle from measurement to improvement is never closed.
EQA preparation is costly and time-consuming
Most audit functions spend months preparing for an EQA, with significant costs for external guidance. Without the right tools, it becomes a manual, document-intensive process filled with back-and-forth emails.
No trend data to demonstrate improvement
Each assessment starts from scratch every year. Without structured storage of previous scores, it is impossible to demonstrate improvement over time, while management wants to see exactly that the function is developing.
What the GIAS Assessment app offers
A complete QAIP solution
GIAS Assessment brings everything needed for a professional quality assurance and improvement programme together, from self-assessment through improvement management to external evaluation.
From QAIP to EQA — optionally
From annual QAIP and self-assessment to optional EQA preparation, all in one platform. An EQA is not mandatory to use the platform, but should you choose to pursue one, Audirium conducts it. The platform guides you through every part of the quality cycle.
Gap to action
Each finding links directly to an improvement action. Track progress, assign owners and monitor deadlines, all in context.
Fully built on IIA standards
All 52 Global Internal Audit Standards embedded, including principles, requirements and considerations. Automatic scoring based on an evidence-based methodology. Topical Requirements fully integrated.
Personal conduct checklists (RA/RE)
New: under each self-assessment you assess every person individually — the RA against the NBA code of conduct (VGBA) and the RE against the NOREA Code of Ethics, per fundamental principle. With optional cross-references to the IIA principles and tension signals, such as confidentiality versus the duty to report to the board. The personal checklists hang under the function assessment, so the function and the people are evaluated together.
Insight & Foresight + AI improvement plan
New: a Maturity quick-scan and an Insight & Foresight scan assess the function's forward-looking capability across methods, competences and enabling conditions, grounded in the GIAS. The AI improvement plan reads the outcome and proposes prioritised actions that land straight in the action tracker. Add your own indicators and let the AI suggest a level. Read the analysis (Dutch) →
Secure team collaboration
Data per organisation is strictly separated, with SSO, MFA, audit logging and HTTPS, hosted in Europe. Privacy and security by design. Multiple team members work simultaneously, with roles and permissions per assessment: from contributor to reviewer to external assessor.
AI assistance built in
AI supports the entire assessment process, from automated gap analyses and action suggestions to substantive explanations per standard. Smarter assessment, better substantiated.
How it works
From start to insight in eight steps
The GIAS Assessment app guides you step by step, from the first assessment through to reporting to management and stakeholders, including the personal conduct norms.
Choose your assessment type
Start a Self Assessment for internal or annual use, an EQA for independent review, or a Topical Requirement for a specific domain such as Cybersecurity. The dashboard provides an immediate overview of all ongoing and completed assessments.
Assess per requirement
For each standard, you record whether your audit function 'Generally Conforms' (GC), 'Partially Conforms' (PC) or 'Does Not Conform' (DNC). Add rationale and evidence, including considerations per requirement.
View your score overview
After each assessment round, the platform immediately displays your maturity scores per principle and domain. At a glance you see where your function is strong and where improvement potential lies.
Assess forward-looking capability (Insight & Foresight)
Conformance is not enough: the GIAS also expects insight and foresight. The Insight & Foresight scan assesses your function's forward-looking capability across four aspects — insight methods, foresight methods, competences and enabling conditions — with a derived I&F level, grounded in the GIAS and the IIA NL Practice Guide. You add your own indicators and the AI improvement plan turns the outcome into prioritised actions. Read the in-depth analysis (Dutch) →
Link improvement actions
Findings translate directly into actions, with owner, deadline and priority. The action overview shows progress across the entire improvement programme at a glance.
Report to management and stakeholders
Generate a professional report for the Audit Committee, management or other stakeholders, complete with scoring overview, maturity levels per principle and open actions. Available in Dutch or English.
Assess domain-specific Topical Requirements
Alongside the 52 core standards you assess the IIA Topical Requirements — thematic assessments for risk domains the IIA designates as a priority, such as Cybersecurity. The dashboard brings self-assessments, EQA and Topical Requirements together, so you cover both the core and the current focus areas in one programme.
Assess the personal norms (RA/RE)
Under each self-assessment you assess every person individually: the RA against the NBA code of conduct (VGBA) and the RE against the NOREA Code of Ethics, per fundamental principle. With cross-references to the IIA principles and tension signals, such as confidentiality versus the duty to report to the board. This evaluates the function and the people who work in it together.
QAIP
The complete quality cycle
GIAS supports the full QAIP cycle — from internal assessment to external validation and back to improvement.
Self Assessment
The CAE assesses conformity per standard and principle. Annually repeatable, comparable over time.
Improvement Plan
Findings become actions. Owners, deadlines and progress tracked in the action register.
External Quality Assessment
Independent reviewers assess against the same IIA standards — including QAM 2024 support for the external assessor.
Topical Requirements
Domain-specific assessments alongside core standards — for a complete picture of the audit function.
Topical Requirements
Domain-specific assessments
In addition to the 52 core standards, GIAS supports IIA Topical Requirements — thematic assessments for specific risk domains that the IIA designates as priority areas.
Cybersecurity
Assess audit coverage on cybersecurity risks against IIA Topical Requirements. Essential for organizations with significant digital exposure or an elevated risk profile.
Third-Party Management
Suppliers and chain partners carry their own risks. TR Third-Party helps IA functions assess and strengthen their coverage on this growing risk domain.
Organizational Behavior
Culture, integrity and ethics as an audit domain. GIAS supports the assessment of internal audit on behavioral and cultural risks in line with IIA standards.
External Quality Assessment
EQA module: ready for the external assessor
Once every five years, the IIA requires an external quality assessment. For listed companies and semi-public institutions this is also embedded in the Corporate Governance Code. GIAS prepares your IA function — and supports the external assessor as well.
QAM 2024 integrated — the IIA Quality Assessment Manual 2024 is fully embedded as a reference framework for external assessors.
Dual perspective — SA and EQA are presented side by side for easy comparison of internal and external assessment per standard.
Export ready — generate a complete EQA report for the Audit Committee, including maturity scores per principle and domain.
Findings and narratives — external assessors add findings that are immediately visible to the CAE and management.
SAIV or Full EQA — your team conducts the assessment itself (SAIV) while the assessor validates and signs off, or the assessor takes on the full assessment (Full EQA). No documents back and forth by email — everything in one shared environment.
EQA at a glance
Ready to professionalize your QAIP?
Request a demo or contact us for more information about GIAS Assessment for your organization.