IIA-MCP Server

--- title: "Standard 2010 - Planning" url: "https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/" category: "standards" standard_number: "2010" last_updated: "2024-07-15T12:00:00Z" scraped_at: "2024-07-15T12:00:00Z" --- # Standard 2010 - Planning ## Description The chief audit executive must establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organization's goals. ## Implementation Notes The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organization's risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses their own judgment of risks after consultation with senior management and the board. The chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. The risk-based plan should be informed by: - The organization's strategies, objectives, and risks - Risk appetite and tolerance levels established by management - Regulatory and legal requirements - Available audit resources - Previous audit coverage and results ## Related Standards - Standard 2020 - Communication and Approval - Standard 2030 - Resource Management - Standard 2040 - Policies and Procedures - Standard 2060 - Reporting to Senior Management and the Board ## Official Reference For the complete text and detailed implementation guidance, refer to the [IIA Global Internal Audit Standards](https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/).