TeamMate ESG advertising banner 2023

Revised Internal Audit Code of Practice Consultation

Have your say on the draft combined Internal Audit Code of Practice before the eight-week public consultation period ends on Wednesday 8 May 2024.

About the revised Internal Audit Code of Practice

We are consulting on a revised Internal Audit Code of Practice that once implemented will cover financial services, private and third sector organisations. The reason for the revision process is to ensure our Code aligns with the new Global Internal Audit Standards and reflects other changes including the revised UK Corporate Governance Code, along with evolving industry practices. This work is being overseen by an independent committee that is being chaired by Sally Clark the Audit Committee Chair of Citigroup Markets and a non-executive director at Bupa and A.I.B (UK). Secretariat support to the independent committee is also kindly being provided by EY.

Currently, there are two Codes of Practice – one for financial services and the other covering the private sector (non-financial services) and the third sector. The Financial Services Code is more stringent and reflects the regulatory environment for internal audit operating in that sector. As part of this consultation, we are proposing one combined Code, whilst still preserving the specific requirements that apply to internal audit operating in financial services, but allowing flexibility for those operating in non-financial services.

The new Code we are proposing will mean that for the first time, all internal audit functions will be put on an equal footing, with the aim being to raise the bar across the profession. While the Code will remain principles-based guidance that should be applied proportionately, we want to use this revision as an opportunity to stretch the profession. We want to encourage internal audit functions to be bold and courageous in their pursuit of championing good corporate governance, strong risk management, and a rigorous control environment leading to the long-term success of organisations.

Once agreed the revised Code will be a new industry benchmark for best practice internal audit. It will also provide a gauge for boards, audit committees and regulators to assess the role, function, and effectiveness of internal audit functions.

The draft revised Code includes 36 principles to strengthen and stretch internal audit. Key highlights include:

  • One combined Code across the financial services, private and third sectors. This seeks to harmonise practices across the profession, whilst recognising that differences may exist depending on the nature, size, and scale of an organisation, as well as the industry and environment they operate within.
  • All internal audit functions are recommended to include within the scope of their work the capital and liquidity risks and the reputational risks arising from poor customer treatment. These are not only important risks for financial services, but increasingly for non-financial services too.
  • New areas we are proposing internal audit should include within their scope include environmental sustainability, climate change risks and social issues; technology and data risks; along with financial crime, economic crime, and fraud – reflecting the increased focus on these risk topics.
  • Making clear that where appropriate internal audit should support any Board disclosure on the company’s risk management and material controls and highlight any significant weaknesses identified. Aligning with the new requirements of the UK Corporate Governance Code and associated guidance.
  • The new Code also recommends that the internal audit team should be made up of internal auditors from a diverse range of backgrounds – underlining and codifying our commitment to championing an inclusive and diverse profession for the future.

Have your say on the revised Internal Audit Code of Practice

To have your say on the revised Code we would prefer it if stakeholders completed the online consultation survey/form available on the link below. However, if for any reason you prefer to send in a written consultation response by email, please send your responses to iiapolicy@iia.org.uk. Full instructions are also included in the consultation document.

Download the draft combined Internal Audit Code of Practice Consultation Document

Click here to complete the online consultation form/survey (please note this will take you to an external page hosted by EY)