AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

FS Code: Building on success


Good practice in internal audit looks similar across different sectors and organisations – there are common principles that underpin effective risk management, mitigation and assurance. However, there are also specific sectoral requirements, and we know that internal audit functions value support geared towards their work in various sectors.

The Internal Audit Financial Services Code of Practice: Guidance on effective internal audit in the financial services sector(FS Code) has played a pivotal role in raising the bar for professional best practice across internal audit generally, but it contains provisions that are specific to financial services organisations, all of which should have an internal audit function and audit committee of non-executive directors.

Why revisit the FS Code now?

We know from our Stepping Up: Reassessing the impact and implementation of the Financial Services Code research that, since its initial publication in 2013, the FS Code has successfully increased the scope, skills and status of internal audit across the financial services sector and that it remains fundamentally sound. We’ve also seen significant improvements in the rank and corporate position of internal audit executives. For example, half of all chief audit executives (CAEs) now have a rank equivalent to chief financial officer, which represents a 163 per cent increase on where we were in 2013. And 81 per cent are now line-managed by their audit committee chair – a rise from 56 per cent in 2013. This is real and steady progress.

Inspired by the success of the FS Code, and in response to the needs of non-FS sectors, in January 2020 we published the “Internal Audit Code of Practice: Guidance on effective internal audit in the private and third sectors”. Our aim is that this new code will deliver similar success for the profession working in sectors other than financial services. However, following publication of the new code, we needed to revise the FS Code to ensure that the wording of the two codes aligned and was consistent. It was clear that we didn’t need to re-write the FS Code substantially, so the update has been straightforward and light-touch, aimed purely at harmonising the two codes for consistency.

Although we did not plan radical changes, it was still important to engage with our stakeholders to discuss any key changes. Mike Ashley, audit committee chair at Barclays, chaired the independent committee that oversaw a previous review of the code, so we welcomed his expertise. We also spoke to CAEs across the sub-sectors of financial services – from pensions and investments to insurance and banking. The members of the Chartered IIA’s Banking and Financial Services Sector Advisory Panel contributed their insights, as did the Prudential Regulation Authority and the Financial Conduct Authority.

What are the revisions?

It is important to note that the changes are minor and aimed at harmonisation and consistency. One positive improvement to highlight is a new recommendation that reinforces the importance of two-way dialogue and communication between internal audit and external audit. Sir Donald Brydon’s Independent Review into the Quality and Effectiveness of Audit has emphasised the value of regular communication and sharing of information between both assurance functions (and Sir Donald welcomed our Internal Audit Code of Practice for non-financial services organisationsin his final report).

Another change is to Section B of the code, which offers guidance on the scope of internal audit, including in relation to capital and liquidity risks. This now talks about internal audit including within its scope the process around stress testing and recovery plans for economic shocks. This is particularly relevant given the economic turbulence and tests of business resilience and long-term sustainability caused by the COVID-19 pandemic.

Next steps

The publication of the revised FS Code offers an opportunity for CAEs and their teams to review the FS Code’s recommendations, reassess how it is applied within their organisations, and engage with their audit committee chair. It is intended to be a living document and benchmark of good practice that organisations can refer to as guidance to increase the effectiveness of their function.

In the current operating environment, it is crucial that organisations don’t become complacent. Effective internal audit has a vital role in ensuring that organisations are resilient and future-proof. So read the information on our website and share the new FS Code with your audit committee chair and your risk and assurance colleagues.

This article was first published in March 2021.