Internal Audit Code of Practice

Guidance on effective internal audit in the private and third sectors

Our Internal Audit Code of Practice aims to enhance the overall effectiveness of internal audit, and its impact, within organisations operating in the UK and Ireland.

Its recommendations can be regarded as a benchmark of good practice against which organisations can assess their internal audit function.

The Code is principles-based. It is expected that the Code should be applied proportionately, and therefore smaller organisations should apply the principles on which the Code is based in light of their size, risk profile and internal organisation and the nature, scope and complexity of their operations.

Download the full Internal Audit Code of Practice


Who is it for?

The Code applies to organisations in the private and third sectors with an internal audit function and audit committee of independent non-executive directors.

It is based on Effective Internal Audit in the Financial Services Sector (‘Financial Services Code’), but internal audit functions in financial services should continue to follow the ‘Financial Services Code’ which contains provisions which are specific to financial services.

Whilst it may prove useful for internal audit in the public sector, it is not drafted with the public sector specifically in mind and public sector internal audit functions should continue to follow the Public Sector Internal Audit Standards.

BP Audit Committee Chair Brendan Nelson was part of the independent Steering Committee that led the Code’s development. Hear what he has to say about purpose of the Code and who it’s for.


What recommendations does the Code make?

The Code makes 38 recommendations, formulated following a thorough twelve-week public consultation process in which our independent Steering Committee engaged and gathered the views of a range of stakeholders including internal audit professionals, executive and non-executive directors, professional bodies, business groups and the professional services firms.

In this video, Brendan outlines just a few of those recommendations and why they’re important.


How should it be applied?

The Code of Practice should be applied in conjunction with the existing International Professional Practices Framework (IPPF) published by the Global Institute of Internal Auditors, which includes the International Standards for the Professional Practice of Internal Auditing (‘the IIA Standards’).

The Code builds on those Standards and seeks to increase the effectiveness and impact of internal audit within organisations by clarifying expectations and requirements.


Relevant guidance

Fully understanding how to practically implement each of the Code’s recommendations requires cross referencing with our existing technical guidance.

Click here to see what guidance supports the Code's implementation.