Communication from the Ministry of Finance No 419 / 2025 Coll.
Communication from the Ministry of Finance on the declaration of international internal audit standards
Valid
Communication
Text versions:
15.10.2025
Zobrazeno prvních 200 z celkem 371 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
419
COMMUNICATION
Ministry of Finance
of 9 October 2025
on the declaration of international internal audit standards
Ministry of Finance pursuant to § 20 paragraph 1 of Act No. 231 / 2025 Coll., on the Management and Control of Public Finance, announces international standards of internal audit issued by the Institute of Internal Auditors:
Global internal audit standards
Principle 1 Integrity reporting
Internal auditors report integrity in their work and behaviour.
Standard 1.1 Honesty and Professional Courage
Internal auditors must carry out their work honestly and with professional courage.
Internal auditors must be truthful, accurate, clear, open and respectful in all professional relations and communications, even if they express skepticism or give a contradictory opinion. Internal auditors shall not make false, misleading or misleading statements, nor shall they hide or omit findings or other relevant information in their communication. Internal auditors must cover all the essential facts known to them which, if not known, could affect the company's ability to take informed decisions.
Internal auditors must show professional courage by communicating truthfully and responding appropriately, even if they are exposed to dilemmas and difficult situations.
The head of the internal audit must maintain a working environment in which internal auditors feel supportive in presenting legitimate, proven performance of the contract, whether favourable or unfavourable.
Standard 1.2 Company Ethics Expected
Internal auditors must understand and respect and respect and respect the legitimate and ethical expectations of society and contribute to them. They must be able to recognise the action that is contrary to these expectations.
Internal auditors must encourage and promote ethical culture in society. If internal auditors detect behaviour in a company that does not comply with its ethical expectations, they shall report this in accordance with the relevant principles and procedures.
Standard 1.3 Ethical and legal conduct
Internal auditors shall not participate in any activity which is illegal or discrediting a company or an internal audit profession or which could harm the company or its employees.
Internal auditors must understand and comply with the laws and / or regulations relevant to the sector and jurisdiction in which the company operates, including the disclosure of the required information.
Where internal auditors detect infringements of laws or regulations, they shall report such cases to persons or entities authorised to take appropriate measures as specified in the laws, regulations and relevant principles and procedures.
Principle 2 Maintaining objectivity
In providing internal audit services and decision-making, internal auditors shall maintain an impartial and unbiased approach.
Standard 2.1 Individual objectivity
Internal auditors shall maintain professional objectivity in all aspects of the provision of audit services. Professional objectivity requires internal auditors to apply impartial and unbiased reasoning and base their assessments on a balanced assessment of all relevant circumstances.
Internal auditors must be aware of and know how to handle possible bias.
Standard 2.2 Protection of objectivity
Internal auditors shall recognise and avoid actual, potential and presumed distortions of objectivity or mitigation.
Internal auditors shall not accept any material or intangible items such as gifts, rewards or favors which might impair objectivity or which could be expected to interfere.
Internal auditors shall avoid conflicts of interest and shall not be unduly affected by their own interests or those of others, including senior management or other persons in a superior role, or by the political environment or other aspects of their environment.
When providing internal audit services:
The internal auditors shall not assess the processes for which they were previously responsible for their implementation. Where the internal auditor provides assurance of the activity for which he was responsible during the previous 12 months, objectivity shall be presumed to be impaired.
If an internal audit service is to provide assurance services where it has previously provided advisory services, the head of the internal audit must confirm that the nature of the advisory services provided does not impair objectivity and must allocate resources to ensure the objectivity of individuals. The assurance contracts relating to the activities for which the Head of Internal Audit is responsible shall be supervised by an independent body outside the Internal Audit Service.
If internal auditors are to provide advisory services related to activities for which they were previously responsible, they must inform the applicant of the potential distortion of objectivity before accepting the contract.
The head of the internal audit shall establish methodologies for the settlement of objective breaches. Internal auditors shall discuss the disruption and take appropriate action according to relevant methodologies.
Standard 2.3 Notification of objective distortion
If there is a factual or apparent distortion of objectivity, detailed information on this must be transmitted to the relevant interested parties without delay.
If internal auditors learn of a breach which may affect their objectivity, they shall inform the head of the internal audit or the designated supervisor. If the head of the internal audit finds that the breach affects the ability of the internal auditor to carry out his duties objectively, he shall discuss the breach with the management of the activity under assessment, the company's authorities and / or senior management and shall lay down appropriate measures to resolve the situation.
If, after completion of the contract, a breach is identified that affects the reliability or perceived reliability of the findings, recommendations and / or conclusions of the contract, the head of the internal audit shall discuss the matter with the management of the activity under assessment, the corporate authorities and / or senior management and / or other interested parties concerned and lay down appropriate measures to resolve the situation (see also Standard 11.4 Errors and omissions).
If the objectivity of the head of the internal audit is affected in fact or seemingly, the head of the internal audit must inform the company's authorities of the breach (see also Standard 7.1 Organisational Independence).
Principle 3 Reporting of competence
Internal auditors shall apply knowledge, skills and skills to successfully fulfil their roles and responsibilities.
Standard 3.1 Competitiveness
Internal auditors must have or have competence to carry out their responsibilities successfully. The required competences shall include knowledge, skills and competences appropriate to the job position and responsibilities appropriate to the level of their experience. Internal auditors shall have or obtain knowledge of Global Internal Audit Standards issued by the Institute of Internal Auditors (IIA).
Internal auditors shall provide only those services for which they have the necessary competence or are able to obtain them.
Each internal auditor shall be responsible for the continuous development and application of the competence required to fulfil his or her professional responsibilities. In addition, the Head of Internal Audit must ensure that the Internal Audit Service as a whole has the competence to carry out the internal audit services described in the Internal Audit Statute or has the necessary competence (see also Standards 7.2. Qualification of the Internal Audit Head and 10.2. Human Resources Management).
Standard 3.2 Continuous professional development
Internal auditors must maintain and continuously develop their competences to improve the efficiency and quality of internal audit services. Internal auditors must pursue ongoing professional development, including education and training. Practicing internal auditors who have received professional certification in the field of internal audit shall respect the principles of continuous professional training and comply with the requirements relating to their certification.
Principle 4 Application of appropriate professional care
Internal auditors shall apply appropriate professional care when planning and providing internal audit services.
Standard 4.1 Compliance with Global Internal Audit Standards
Internal auditors shall plan and perform internal audit services in accordance with the Global Internal Audit Standards.
The methodologies of the Internal Audit Service shall be established, documented and maintained in accordance with the Standards. Internal auditors shall follow the standards and methodologies of the Internal Audit Service when planning and carrying out internal audits and communicating their results.
Where standards are used in combination with requirements issued by other recognised bodies, internal audit communication shall refer adequately to the use of such other requirements. Where laws or regulatory provisions do not allow internal auditors or internal audit services to comply with a specific part of the Standards, it is nevertheless required that all other parts of the Standards are respected and this situation should be reported accordingly.
Where internal auditors are unable to comply with a requirement, the internal auditor shall document and communicate a description of the circumstances, alternative measures taken, the impact of those measures and the logical justification. The requirements related to the notification of non-compliance with the Standards are described in the Standards 8.3 Quality, 12.1 Internal Quality Assessment and 15.1 Final Communication of the Contract.
Standard 4.2 Appropriate professional care
Internal auditors shall apply appropriate professional care by assessing the nature and circumstances of and requirements for the services provided, including:
The strategy of the company and its objectives,
the interests of those to whom internal audit services are provided and those of other stakeholders;
the proportionality and effectiveness of corporate governance, risk management and management and control processes,
the cost relative to the potential benefits of the internal audit services to be carried out,
· the scope and timeliness of the work needed to achieve the objectives of the contract;
the relative complexity, significance or severity of the risk of the activity under assessment,
· the likelihood of significant errors, fraud, non-compliance and other risks likely to affect objectives, operation or sources;
The use of appropriate techniques, tools and technologies.
Standard 4.3 Professional scepticism
Internal auditors must maintain professional scepticism when planning and providing internal audit services.
In applying professional scepticism, internal auditors shall:
To preserve curiosity,
Critically assess the reliability of information,
To be direct and honest in raising concerns and asking questions about contradictory information,
To seek further evidence so that they can judge on information and statements which may be incomplete, contradictory, false or misleading.
Principle 5 Maintaining confidentiality
Internal auditors shall use and protect information appropriately.
Standard 5.1 Use of information
When using information, internal auditors shall comply with the relevant principles, procedures, laws and regulations. The information shall not be used for personal gain or in a way contrary to or prejudicial to the legitimate and ethical objectives of the company.
Standard 5.2 Information protection
Internal auditors shall be aware of their responsibility for the protection of information and shall respect the confidentiality, privacy and ownership of information obtained for the provision of internal audit services or as a result of professional relations.
Internal auditors must know and comply with the laws, regulations, principles and procedures relating to confidentiality, privacy and information security that apply to society and the internal audit function.
The specificities relevant to the internal audit function are:
management, storage and disposal of contract records,
· making records of the contract available to internal and external parties;
the handling, access to, or copying of confidential information, if no longer required.
Internal auditors shall not disclose confidential information to unauthorised parties unless they are bound by legal or professional responsibility.
Internal auditors shall manage the risk of unintentional disclosure or disclosure.
The head of the internal audit shall ensure that the internal audit function and the persons working with that unit comply with the same information protection requirements.
Principle 6 Authorised bodies of the company
The authorities of the company shall establish, approve and support the mandate of the Internal Audit Service.
Standard 6.1 Internal Audit Mandate
The head of the internal audit shall provide the bodies of the company and its senior management with the information necessary to establish the internal audit mandate. In those jurisdictions and sectors where the mandate of the Internal Audit Service is fully or partly prescribed by laws or regulations, the Internal Audit Statute must contain legal requirements for the mandate (see also Standard 6.2 Internal Audit Statute and "Application of Global Internal Audit Standards in the Public Sector").
In order to help the company's authorities and its senior management determine the scope and types of internal audit services, the head of internal audit must coordinate his or her activities with other internal and external assurance providers so that they can all understand each other's roles and responsibilities (see also Standard 9.5 Coordination and the ability to rely).
The head of the internal audit must document or refer to the mandate in the internal audit status approved by the company's authorities (see also Standard 6.2 Internal Audit Statute).
The head of the internal audit must regularly assess whether changes in circumstances justify the discussion of the internal audit mandate with the company's authorities and senior management. If this is the case, the head of the internal audit must discuss the internal audit mandate with the corporate authorities and senior management in order to assess whether the powers, roles and responsibilities continue to allow the internal audit function to achieve its strategy and meet its objectives.
Standard 6.2 Internal Audit Statute
The head of the internal audit shall draw up and maintain an internal audit status which shall specify at least:
The purpose of the internal audit,
the commitment to comply with the Global Standards of Internal Audit;
The mandate, including the scope and types of services to be provided, as well as the responsibilities and expectations of the company's authorities regarding management support for internal audit (see also Standard 6.1 Internal Audit Mandate),
Organisational status and relationships of subordination and authority (see also Standard 7.1 Organizational Independence).
The Head of Internal Audit must discuss the proposed Statute with the company's authorities and senior management in order to confirm that the Statute accurately reflects how the internal audit function and its senior management understand and expect from the internal audit.
Standard 6.3 Support for senior management and corporate bodies
The head of the internal audit shall provide the authorities of the company and its senior management with such information as to support and promote the authority of the internal audit function throughout the company.
Communication of the internal audit function with the company's authorities must be coordinated by the head of the internal audit with the senior management of the company so that the company's authorities are able to meet the requirements concerning the internal audit function.
Principle 7 Independent status
The authorities of the company shall determine and protect the independence and competence of the internal audit function.
Standard 7.1 Organizational independence
The head of the internal audit shall confirm at least once a year the organisational independence of the internal audit function to the bodies of the company. This includes providing information on cases where independence may have been compromised and on the safeguards and measures used to address such breach.
The head of the internal audit must document in the internal audit status the subordination and supervisory relationships and the organisational classification of the internal audit function as determined by the company's authorities (see also Standard 6.2 Internal Audit Statute).
The head of the internal audit shall discuss with the company's authorities and senior management all existing or proposed roles and responsibilities that could effectively or seemingly undermine the independence of the internal audit function. The head of the internal audit shall inform the company's authorities and senior management of the types of policies and arrangements for managing actual, potential or perceived disturbances.
Where the head of the internal audit has one or more permanent functions in excess of the internal audit, those responsibilities, the nature of the work and the policies and measures to ensure independence shall be documented in the internal audit status. Where these areas are the responsibility of the head of internal audit, alternative procedures should be established to obtain assurance, such as the conclusion of a contract with an objective and competent external assurance provider that reports to the company's authorities in an independent manner.
Where such non-audit responsibilities are of a temporary nature, assurance shall be provided in these areas by an independent third party for the duration of their temporary assignment to the head of the internal audit and for the following 12 months thereafter. The Head of Internal Audit shall also draw up a plan for the transfer of these responsibilities to the management. If the management structure does not promote organisational independence, the head of the internal audit shall document the characteristics of the management structure that limit the independence of the internal audit and any safeguards and measures that may be used to achieve the principle of independence.
Standard 7.2 Qualification of the Head of Internal Audit
The head of the internal audit shall assist the company authorities to understand the qualifications and competencies of the head of the internal audit necessary for the management of the internal audit function. The Head of Internal Audit shall facilitate this understanding by providing information and examples on the usual and best qualifications and competences.
The head of the internal audit must maintain and increase the qualifications and competences needed to fulfil the roles and responsibilities expected from the company's authorities (see also Principle 3 Reporting the competence and standards of this principle).
Principle 8 Supervision of company bodies
The company's authorities oversee the internal audit function to ensure its effectiveness.
Standard 8.1 Interaction with Company Authorities
The head of the internal audit shall provide the company's authorities with the information necessary to exercise their supervisory responsibilities. This information may be explicitly requested by the company's authorities or provided by the head of internal audit, which, in his opinion, may be valuable to the exercise of supervisory responsibility by the company's authorities.
The head of the internal audit shall report to the corporate bodies and senior management on:
The internal audit plan and the budget and their subsequent significant changes (see also Standards 6.3 Support to senior management and corporate bodies and 9.4 Internal audit plan),
Changes potentially affecting the mandate or internal audit status (see also Standards 6.1 Internal audit mandate and 6.2 Internal audit status),
Involving the potential for a breach of independence (see also Standard 7.1 Organizational Independence),
the results of internal audit services, including conclusions, topics, assurances, advice, understanding the substance of the matter and the results of monitoring (see also Standards 11.3 Communication of Results, 14.5 Contract conclusions and 15.2 Confirmation of implementation of recommendations or action plans),
The results of the quality assurance and improvement programme (see also Standards 8.3 Quality, 8.4 External Quality Assessment, 12.1 Internal Quality Assessment and 12.2 Performance Measurement).
There may be cases where the head of the internal audit does not agree with the senior management or other stakeholders on the scope, findings or other aspects of the contract and may then influence the ability of the internal audit function to exercise its responsibilities. In such cases, the head of internal audit must provide the company's authorities with facts and circumstances so that the company's authorities can consider whether they should intervene in their supervisory role with senior management or with other stakeholders.
Standard 8.2 Resources
The head of the internal audit shall assess whether the internal audit resources are sufficient to fulfil the internal audit mandate and to comply with the internal audit plan. If this is not the case, the head of the internal audit must draw up a strategy to obtain sufficient resources and inform the company's authorities of the impact of insufficient resources and how the potential lack of resources will be addressed.
Standard 8.3 Quality
The head of the internal audit shall draw up and regularly update a quality assurance and improvement programme covering all aspects of the functioning of the internal audit. The programme shall include two types of evaluation:
External evaluation (see also Standard 8.4 External quality assessment),
Internal evaluation (see also Standard 12.1 Internal quality assessment).
The head of the internal audit shall at least annually inform senior management and the company authorities of the results of the internal quality assessment. The results of external quality assessments shall be communicated upon completion. In both cases, such communication shall include:
the consistency of the Internal Audit Service with the Standards and the achievement of the internal audit objectives;
Compliance with internal audit laws and / or regulations, where relevant,
Plans relating to addressing deficiencies and opportunities to improve the functioning of the internal audit, where relevant.
Standard 8.4 External quality assessment
The head of the internal audit shall draw up an external quality assessment plan and discuss it with the company's authorities. The external evaluation shall be carried out at least every five years by a competent and independent external assessor or external evaluation team. The requirement for external quality assessment can also be met through self-evaluation with independent validation.
When selecting an independent evaluator or evaluation team, the head of the internal audit shall ensure that at least one person holds the active certification of the Certified Internal Auditor ®.
Principle 9 Plan strategically
The Head of Internal Audit is strategically planning to enable the internal audit function to fulfil its internal audit mandate and to achieve long-term success.
Standard 9.1 Understanding of corporate governance, risk management and management and control processes
In order for the head of internal audit to develop an effective strategy and an internal audit plan, he must understand corporate governance, risk management and management and control processes.
In order to understand management processes, the head of internal audit shall take into account how the company:
It sets strategic objectives and adopts strategic and operational decisions,
It shall supervise risk management and management and control mechanisms,
· promotes an ethical culture;
has effective performance management and responsibility;
• structure its management and operational functions;
It communicates information on risks and controls throughout the company,
It shall coordinate activities and communication between the company's bodies, internal and external providers of assurance services and management.
In order to understand risk management processes and management and control processes, the head of the internal audit shall consider how the company identifies and evaluates significant risks and selects appropriate control processes. This includes an understanding of how the company identifies and manages the following key areas of risk:
the reliability and integrity of financial and operational information;
the effectiveness and effectiveness of processes and programmes;
the protection of assets,
Compliance with laws and / or regulations.
Standard 9.2 Internal audit strategy
The head of the internal audit must draw up and implement an internal audit function strategy which supports the strategic objectives and success of the company and is in line with the expectations of the company's bodies, senior management and other key stakeholders.
The internal audit strategy is a plan of activities designed to achieve a long-term or overall objective. The internal audit strategy shall include a vision, strategic objectives and support initiatives for the internal audit service. The internal audit strategy helps lead the internal audit service to fulfil the internal audit mandate.
The head of the internal audit shall regularly evaluate the internal audit strategy with the corporate bodies and senior management.
Standard 9.3 Methods
The head of the internal audit shall determine the methodologies to be used by the internal audit function in a systematic and methodological manner to implement the internal audit strategy, to draw up an internal audit plan and to comply with the standards. The head of the internal audit shall evaluate the effectiveness of the methodologies and update them where necessary in order to improve the performance of the internal audit function and respond to significant changes affecting the unit. The head of the internal audit must provide internal auditors with training on methodologies (see also Principle 13 Plan orders effectively, Principle 14 Execute the contract properly and Principle 15 Communicate the conclusion of the contract and monitor the action plans and standards of these principles).
Standar Budd 9.4 Internal Audit Plan
The head of the internal audit must establish an internal audit plan which supports the achievement of the company's objectives.
The head of the internal audit shall base the internal audit plan on a documented evaluation of the company's strategies, objectives and risks. This assessment must be based on initiatives from the authorities and senior management of the company, as well as on the knowledge of the head of internal audit on corporate governance, risk management and control processes. Evaluation shall be carried out at least once a year.
The internal audit plan shall:
Take into account the internal audit mandate and the full range of agreed internal audit services,
To specify internal audit services that support the evaluation and improvement of corporate governance, risk management and management and control processes,
· consider the coverage of information technology management and management, the risk of fraud, the effectiveness of company compliance and ethics programmes and other high-risk areas;
To identify the necessary human, financial and technological resources needed to complete the plan,
To be dynamic and timely in response to changes affecting the company's business, risks, operations, programmes, systems, management and control mechanisms and society's culture.
The head of the internal audit shall evaluate and revise the internal audit plan as necessary and communicate in a timely manner with the authorities and senior management of the company:
· the impact of potential resource constraints on internal audit coverage;
the justification for not including a high-risk assurance contract or activity in the internal audit plan;
This appropriation is intended to cover commitments remaining to be settled from previous years.
--limitation of the scope or restriction of access to information.
The head of the internal audit shall discuss the internal audit plan, including significant interim changes, with the authorities of the company and its senior management. The plan and its significant changes must be approved by the company's authorities.
Standard 9.5 Coordination and the ability to rely
The Head of Internal Audit shall coordinate its activities with the internal and external providers of assurance services and consider the possibility of relying on their work. The coordination of services minimises duplication of efforts, highlights gaps in covering key risks and increases the overall added value of providers.
If the head of the internal audit fails to achieve an adequate level of coordination, the senior management and, if necessary, the company authorities shall draw attention to this matter.
Where an internal audit relies on the work of other assurance service providers, the internal audit leader shall document the justification for such reliability; the head of the internal audit remains responsible for the conclusions reached by the internal audit.
Principle 10 Manage resources
The Head of Internal Audit shall manage the resources in order to implement the Internal Audit Service strategy and to implement its plan and mandate.
Standard 10.1 Financial resources management
The Head of Internal Audit shall manage the financial resources of the Internal Audit Service.
The Head of Internal Audit must draw up a budget that will enable the internal audit strategy to be successfully implemented and the plan achieved. The budget shall include the resources necessary for the functioning of the internal audit, including training and acquisition of technologies and tools. The head of the internal audit shall manage the day-to-day activities of the internal audit in accordance with the budget effectively and effectively.
The head of the internal audit shall request the company's authorities to approve the budget and shall inform the company's authorities and senior management immediately of the impact in case of insufficient financial resources.
Standard 10.2 Human Resources Management
The Head of Internal Audit shall provide for access to the acquisition, development and maintenance of internal auditors qualified for the successful implementation of the Internal Audit Strategy and the implementation of the Internal Audit Plan.
The head of the internal audit shall endeavour to ensure that the human resources are appropriate, sufficient and efficient to achieve an approved internal audit plan. Adequacy concerns a combination of knowledge, skills and competences, adequacy concerns a number of resources and effective allocation concerns the allocation of resources in a manner that optimises the achievement of the internal audit plan.
The head of the internal audit shall communicate with the bodies of the company and senior management on the suitability and adequacy of human resources for the internal audit function. If the internal audit does not have the appropriate and sufficient human resources to meet the internal audit plan, the internal audit leader shall determine how to obtain such resources or inform the company authorities and senior management in due time of the impact of the capacity limitation (see also Standard 8.2 Resources).
The head of the internal audit shall evaluate the competencies of individual internal auditors in the internal audit function and promote their professional development. The Head of Internal Audit must cooperate with internal auditors and help them develop their individual competences through training, supervision and / or mentoring (see also Standard 3.1 Competitiveness).
Standard 10.3 Technological resources
The head of the internal audit shall endeavour to ensure that the internal audit service has the technologies supporting the internal audit process. The Head of Internal Audit shall regularly evaluate the technologies used by the Internal Audit Service and seek opportunities to improve efficiency and efficiency.
When implementing new technologies, the head of the internal audit for internal auditors must introduce appropriate training to effectively use technological means. The head of the internal audit shall cooperate with the information technology and information security services in the society in order to properly implement the technological resources.
The head of the internal audit shall communicate to the bodies of the company and to senior management the impact of technological constraints on the effectiveness or effectiveness of the internal audit function.
Principle 11 Communicate effectively
The Head of Internal Audit shall lead the Internal Audit Service to communicate effectively with stakeholders.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Communication from the Ministry of Finance No. 419 / 2025 Coll., on the declaration of international standards for internal audit |
|---|---|
| Regulation Type | Communication |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 15.10.2025 |
|---|---|
| Effective from | - |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0