The study presents an analysis of the evolution and new approaches to the implementation of internal audit in business structures, in particular, an assessment of the integration of assurance, compliance and forensic functions, as well as the identification of challenges and prospects for their development. It is substantiated that modern internal audit in business structures has evolved from a purely control function to a comprehensive corporate governance tool that combines assurance engagements and consulting services. It is determined that the integration approach is a key one, in which internal audit interacts with the first and second lines of defense within the framework of the “Three Lines Model” developed by the Institute of Internal Auditors, but does not replace them and provides independent assurance and recommendations for improving the effectiveness of business processes, the effectiveness of risk management, internal control systems and compliance processes. The main trends in the transformation of approaches to the use of internal audit in modern business structures are highlighted. First, internal audit increasingly plays an integrated role, offering assurance, compliance and forensics, as the integration of these three areas creates a multifunctional internal audit system that can simultaneously ensure compliance with norms and standards, provide assurance to management and detect fraudulent actions at an early stage. Second, the role of internal audit in the field of compliance is two-fold: it acts as a tool for providing assurance regarding the compliance of activities with regulatory, industry and internal requirements, and also performs engagements to assess the effectiveness of the compliance management system in the context of the application of the ISO 37301 standard, which establishes the mandatory nature of regular internal audits. Third, forensics in internal audit should be considered primarily as a consulting service aimed at detecting, investigating and preventing fraud, but under certain conditions it can be transformed into an assurance engagement, for example, when assessing anti-fraud systems. It has been proven that the determining prerequisite for the effective performance of both compliance and forensic assurance engagements is the adequate, relevant and formalized assessment criteria that meet the requirements of the Global Internal Audit Standards. Clear criteria allow for objectively identifying deviations, determining their significance and formulating substantiated conclusions, which directly affects the confidence in the results of internal audit. Further research should be aimed at developing internal regulations and standards that can act as objective assessment criteria, because in their absence the significance of the functioning of internal audit as an assurance activity is lost.
Shalimova et al. (Mon,) studied this question.