TeamMate ESG advertising banner 2023

Launch of new Internal Audit Code to strengthen corporate governance

Embargoed Until 00:01 Wednesday 11 September 2024

Launch of new Internal Audit Code to strengthen corporate governance

Enhanced Chartered IIA Code of Practice to tackle emerging risks, bolster business resilience and support economic stability

The Chartered Institute of Internal Auditors (Chartered IIA) has today unveiled its long-awaited new Internal Audit Code of Practice. Designed to equip organisations with the tools to navigate today’s increasingly complex risk environment, the new Code sets a higher standard for internal audit practices across the UK and Ireland, bolstering corporate governance and contributing to economic stability.

In a time of rapid and unprecedented change, the Code offers Audit Committees and internal audit professionals a comprehensive roadmap and set of principles to ensure the effectiveness of internal audit functions. For the first time, the Code offers a unified approach encompassing the financial services, private and third sectors, elevating the standards of internal audit practices across the board.

Spearheaded by an independent committee established by the Chartered IIA and chaired by Sally Clark, Audit Committee Chair at Citigroup Global Markets, the Code has received input from several key UK and Irish regulators, including the Bank of England, Central Bank of Ireland, Financial Conduct Authority, and Financial Reporting Council. The Code’s development was also shaped by extensive public consultation, involving hundreds of internal audit professionals and other stakeholders including business leaders, regulators, standard setters and other professional bodies.

The new Code applies to all internal audit functions in the financial services, private, and third sectors across the UK and Ireland.

Anne Kiem OBE, Chief Executive of the Chartered IIA, underscored the Code’s significance: “As organisations confront an increasingly uncertain and dynamic risk landscape, the new Internal Audit Code of Practice offers a crucial framework that will enhance the role of internal audit in advising and providing assurance to boards and senior management over their organisation’s risks, controls and corporate governance processes. A robust internal audit profession is essential to restoring trust in the broader audit and corporate governance ecosystem and supporting economic stability.”

Sally Clark, Chair of the Independent Internal Audit Code of Practice Review Committee and Audit Committee Chair at Citigroup Global Markets ltd, remarked: “This Code is a pivotal advancement for the internal audit profession and corporate governance in the UK and Ireland. Now more than ever, internal auditors must be bold and proactive if they are to add value to the organisations that they work within. The new Code ensures that internal audit continues to play a critical role in safeguarding the assets, reputation, and sustainability of our organisations”.

Mark Babington, Executive Director, Regulatory Standards of the Financial Reporting Council, also endorsed the Code: “The Financial Reporting Council is pleased to have contributed to the development of this new Internal Audit Code of Practice. This Code is a significant step forward in improving independent assurance over the way businesses manage risk and assess the effectiveness of their internal controls to support reporting against the Corporate Governance Code. We believe the new Code will reinforce internal audit’s role and bolster efforts to strengthen assurance to Boards.”

Andy Kemp, Chair of the Audit Committee Chairs’ Independent Forum and Audit Committee Chair at The Berkeley Group Holdings plc, highlighted the importance of the Code: “The new Internal Audit Code of Practice empowers Audit Committee Chairs to elevate internal audit functions, which are increasingly vital in navigating today’s complex controls and risk landscape.”

Jonathan Geldart, Director General at the Institute of Directors, supported the Code saying: “In a more risky and uncertain world company directors need to ensure their internal controls and risk management frameworks are robust. The Internal Audit Code of Practice provides company directors with the tools to embed the strong internal company controls that are vital for business success.”

Myles McGuiness, Chief Executive Officer of the Financial Markets Standards Board, said: “Strong and effective internal audit functions play a crucial role in promoting transparency, accountability, and integrity across financial markets. We welcome the new Internal Audit Code of Practice, which raises the bar and establishes a new standard of excellence for the internal audit profession. We are particularly pleased to see the increased focus on assessing corporate culture and behaviours, an area that remains a vulnerability in some organisations.”

Jean-Philippe Perraud, General Director of NEDonBoard (Institute of Board Members), commended the Code: “We welcome the new Internal Audit Code of Practice and believe it will help to ensure the best business governance practices at the highest levels. Robust internal audit functions play an important role in providing Boards with critical insights into key risks. We encourage non-executive directors to work closely with their internal audit teams to ensure the new Code is implemented effectively."

Alan Vallance, Chief Executive of the ICAEW (Institute of Chartered Accountants England and Wales), fully endorsed the Code: “Internal Auditors are a key part of the organisation's audit and assurance capability and provide confidence to the board and the executive that risk management process and internal controls are in good order. Many of our members work as internal auditors or work closely with them as CFOs or Audit Committee Chairs. We therefore welcome the revised Internal Audit Code of Practice as it further strengthens the role of internal audit.”

Helen Brand OBE, Chief Executive of ACCA (Association of Chartered Certified Accountants), said: “This is an important step forward in ensuring the continued effectiveness of internal audit. I’m particularly pleased to see the widening focus in areas such as organisational culture, sustainability risk, climate change, financial crime and AI, all of which are core to corporate governance and future success in today’s fast-changing business environment.”

Bruce Cartwright, CEO of ICAS (Institute of Chartered Accountants Scotland), commented: ”ICAS supports the introduction of one Internal Audit Code of Practice by the Chartered Institute of Internal Auditors as this will assist the harmonisation of practice whilst recognising the need for differences where appropriate. This revised Code will impact our members who work in internal audit roles or who have a close relationship with the internal audit function within their organisation. We therefore very much welcome that the Code is principles-based and it is intended that the principles are to be applied proportionately, in line with the nature, scope and complexity of the organisation concerned.”

Andrew Harding, Chief Executive of CIMA (Chartered Institute of Management Accountants), also offered his support for the Code: “Internal audit plays an increasingly important role within the corporate ecosystem, not just in the UK but around the world. Management accountants working within the internal audit function, or alongside it, rely on their business acumen and critical thinking skills to help power value creation and trust. Internal audit is a vital safeguard for boards, helping to improve the effectiveness of the company's risk management, controls and governance. The new Internal Audit Code of Practice is a must-read for company directors who want to get the most out of their internal audit functions in a constantly changing world. We all need a critical friend sometimes.”

Rohan Churm, Director for Financial Resilience and Controls at Ofgem, highlighted the important role internal audit can play in supporting the financial resilience of energy licensees: “Strong internal controls and risk management - supported by appropriate internal audit - play an important role in reducing the risk of unexpected losses for energy firms. Where suppliers have the tools to monitor, measure and manage risk effectively, consumers benefit from the security of a more financially resilient supplier that can better withstand market shocks.”

Building on the new Global Internal Audit Standards and the revised UK Corporate Governance Code, the updated Internal Audit Code of Practice aligns with these frameworks while introducing several key enhancements, including:

  • Enhanced Reporting: Chief Internal Auditors should collaborate with their Audit Committee to ensure the Annual Report and Accounts include a summary of the internal audit function’s activities and conclude on its impact and effectiveness.
  • Culture Audits: Internal audit functions should conduct risk-based reviews of organisational culture, extending beyond risk and control culture to encompass broader cultural risks.
  • Wider Scope: Internal audit functions across all sectors should assess capital and liquidity risks and risks stemming from poor customer treatment, not limited to financial services.
  • Inclusion of Emerging Risks: The new Code states that internal audit functions should address emerging risks, including environmental sustainability, climate change, social issues, financial and economic crime, and technology risks such as AI and cybersecurity.
  • Alignment with Governance Disclosures: Internal audit's assessments of risk management and internal controls should now support board disclosures on material controls, aligning with the revised UK Corporate Governance Code.
  • Coordination with Assurance Providers: Internal audit functions should coordinate with other assurance providers on key risks and assurance timing, ensuring comprehensive risk coverage.
  • Diversity and Technology: The Code requires internal audit teams to comprise individuals with diverse backgrounds, skills, and experiences, and for Chief Internal Auditors to ensure access to the necessary tools and technology, such as data analytics and AI, to enhance audit effectiveness.

--ENDS--

FOR MORE INFORMATION / FURTHER COMMENT CALL GAVIN HAYES ON +447900 195591

Notes to editors

The “Internal Audit Code of Practice – principles on effective internal audit in the financial, private and third sectors” is available to download here.

Full list of the Independent Internal Audit Code of Practice Review Committee members

  • Sally Clark, Audit Committee Chair, Citigroup Global Markets & Non-Executive Director, AIB (UK) and Bupa (Committee Chair)
  • Jonathan Calvert-Davies, Group Head of Internal Audit, HSBC
  • Carolyn Clarke, Deputy President, Chartered IIA (and Audit Risk and Sustainability Committee Chair, Elcogen)
  • Gordon Craig, Director of Internal Audit, 3i
  • Jeremy Eagles, Chief Audit Officer, Bupa
  • Bernice Gaffney, Head of Internal Audit, Bord na Mona (and Member, Audit, Risk and Governance Committee, Health Information and Quality Authority)
  • Byron Grote, Audit Committee Chair, Tesco & Intercontinental Hotels
  • Paul Kaczmar, Head of Audit and Risk, Page Group
  • Veesh Sharma, Chief Assurance Officer and Chief Risk Officer, Save the Children
  • Paul Skinnider, Head of Internal Audit, Taylor Wimpey
  • Janette Taylor, Head of Professional Practices – Internal Audit, Santander
  • Sara Yorke, Head of Internal Audit - Legal, Regulatory, Internal/External Affairs, Vodafone

Committee observers

  • Mark Babington, Executive Director Regulatory Standards, Financial Reporting Council
  • Peter Elam, Group Head of Risk Management and Business Assurance (Member, International Internal Audit Standards Board and former President, Chartered IIA)
  • Robin Jones, Director of Internal Audit, Financial Conduct Authority
  • Anne Kiem OBE, Chief Executive, Chartered IIA
  • Sarah Sodeau, Acting Co-Director – Internal Audit, Bank of England
  • Paul Wrafter, Head of Internal Audit, Central Bank of Ireland

About the Chartered Institute of Internal Auditors

The Chartered IIA represents over 10,000 internal audit professionals in organisations spanning all sectors of the economy, across the UK and Ireland. It champions the contribution internal audit makes to good corporate governance, strong risk management and a rigorous control environment leading to the long-term success of organisations, including those in the public sector.