The professional association for internal auditors in the United Kingdom and Ireland has issued a draft version today of a new “Code of Practice” that is says will promote more extensive access for internal auditors.
The draft, issued by the Chartered Institute of Internal Auditors, is intended to strengthen corporate governance among member’s organizations and to “help reduce the risk of major corporate collapses by boosting the status, standards, scope, and skills of internal audit,” the group said in a press statement on the proposed code.
The draft practice code comes in the wake of some high-profile corporate collapses in Britain, such a construction giant Carillion, café chain Patisserie Valerie, and wine and spirits retailer Conviviality. Last year, the Financial Reporting Council, a U.K. regulator, found that there had been a decline in quality across the “big four” auditors, and internal audit as a profession has also come under fire for not doing enough to shed light on problems at companies before it’s too late.
No Restrictions
Many of the proposals included in the draft would elevate the reporting lines and authority of the function and improve access to information and documentation for internal auditors within organizations. “There should be no aspect of the organization which internal audit should be restricted from looking at as it delivers on its mandate. Whilst it is not the role of internal audit to second guess the decisions made by the board and its committees, its scope should include information presented to the board and its committees,” one of the proposed recommendations states.
The draft Internal Audit Code of Practice makes 30 recommendations in all to strengthen corporate governance, including:
- Unrestricted access for internal audit: Internal audit should not be stopped from looking at any part of the organization it serves.
- Full access for internal audit to senior meetings: Internal audit must have the right to attend board and executive committee meetings.
- Full access for internal audit to key management information: Internal audit must have timely access to key management information.
- Quality Assurance: Internal audit functions of sufficient size should develop a quality assurance and improvement program, with the work performed by individuals who are independent of the delivery of the audit.
The Chartered IIA’s proposed practice code would build on its current financial services code, which was published in 2013 in response to the banking collapse. According to the group, it would be will be the first time that businesses and organizations in the United Kingdom and Ireland, outside of the financial services sector, will be given “comprehensive benchmarks to meet and detailed guidance about running an effective internal audit function.”
“There should be no aspect of the organization which internal audit should be restricted from looking at as it delivers on its mandate.”
—Chartered Institute of Internal Auditors, Draft Practice Code
“The collapse of Carillion has led to a wide-ranging review of the U.K.’s corporate governance framework, including the audit regime. This creates challenges for internal audit, but equally it provides an opportunity to enhance the role of the internal audit profession as a cornerstone of good corporate governance,” wrote Brendan Nelson, audit committee chair of BP, in the forward to the draft. Nelson will head the steering committee set up to develop the Internal Audit Code of Practice. “The draft Code offers invaluable guidance about raising internal audit performance to help businesses and other organizations protect their assets, reputation, and sustainability,” he said in a separate statement.
Building on Success
The Chartered IIA noted that within two years the financial services version of the code had raised the scope and standing of internal audit in the banking sector, with the number of chief audit executives attending executive committees rising from 48 percent to 84 percent, and the number of organizations carrying out audit work on risk culture rising from 54 percent to 93 percent.
“The draft Internal Audit Code of Practice will build on the success of the Financial Services Code we launched in 2013, which raised the profile and effectiveness of internal audit,” said Ian Peters, chief executive of the Chartered IIA.
The committee will also consider whether the new code should include guidance on how and if internal audit should provide assurance where it had previously performed consulting services, as well as best practices in the outsourcing of internal audit work.
The Chartered IIA will be accepting written responses to the draft code between now and October 11. 
Joseph McCafferty is Editor & Publisher of Internal Audit 360°