The Chartered Institute of Internal Auditors has issued its long-awaited new Internal Audit Code of Practice. The new Code is designed to “equip organizations with the tools to navigate today’s increasingly complex risk environment,” the organization said in a statement. The document sets a higher standard for internal audit practices for the Chartered IIA’s members, which include internal auditors across the United Kingdom and Ireland. The group says it hopes the code will bolster corporate governance and contributing to economic stability.
“In a time of rapid and unprecedented change, the Code offers Audit Committees and internal audit professionals a comprehensive roadmap and set of principles to ensure the effectiveness of internal audit functions,” the Chartered IIA said. The Code offers a unified approach encompassing the financial services, private and third sectors, elevating the standards of internal audit practices across the board.
“As organizations confront an increasingly uncertain and dynamic risk landscape, the new Internal Audit Code of Practice offers a crucial framework that will enhance the role of internal audit in advising and providing assurance to boards and senior management over their organization’s risks, controls and corporate governance processes,” said Anne Kiem, chief executive of Chartered IIA. “A robust internal audit profession is essential to restoring trust in the broader audit and corporate governance ecosystem and supporting economic stability.”
Spearheaded by an independent committee established by the Chartered IIA and chaired by Sally Clark, audit committee chair at Citigroup Global Markets, the Code was updated with input from several key UK and Irish regulators, including the Bank of England, Central Bank of Ireland, Financial Conduct Authority, and Financial Reporting Council. The Code’s development was also shaped by extensive public consultation, involving hundreds of internal audit professionals and other stakeholders including business leaders, regulators, standard setters and other professional bodies.
“This Code is a pivotal advancement for the internal audit profession and corporate governance in the UK and Ireland,” said Clark. “Now more than ever, internal auditors must be bold and proactive if they are to add value to the organizations that they work within. The new Code ensures that internal audit continues to play a critical role in safeguarding the assets, reputation, and sustainability of our organizations.”
What’s in the New Internal Audit Code?
Building on the new Global Internal Audit Standards and the revised UK Corporate Governance Code, the updated Internal Audit Code of Practice aligns with these frameworks while introducing several enhancements, including:
- Enhanced Reporting: Chief Internal Auditors should collaborate with their Audit Committee to ensure the Annual Report and Accounts include a summary of the internal audit function’s activities and conclude on its impact and effectiveness.
- Culture Audits: Internal audit functions should conduct risk-based reviews of organisational culture, extending beyond risk and control culture to encompass broader cultural risks.
- Wider Scope: Internal audit functions across all sectors should assess capital and liquidity risks and risks stemming from poor customer treatment, not limited to financial services.
- Inclusion of Emerging Risks: The new Code states that internal audit functions should address emerging risks, including environmental sustainability, climate change, social issues, financial and economic crime, and technology risks such as AI and cybersecurity.
- Alignment with Governance Disclosures: Internal audit’s assessments of risk management and internal controls should now support board disclosures on material controls, aligning with the revised UK Corporate Governance Code.
- Coordination with Assurance Providers: Internal audit functions should coordinate with other assurance providers on key risks and assurance timing, ensuring comprehensive risk coverage.
- Diversity and Technology: The Code requires internal audit teams to comprise individuals with diverse backgrounds, skills, and experiences, and for Chief Internal Auditors to ensure access to the necessary tools and technology, such as data analytics and AI, to enhance audit effectiveness.
The new Code applies to all internal audit functions in the financial services, private, and third sectors across the UK and Ireland.