Boards strengthen position of internal audit to improve risk defences

30 October 2014

The results of a survey published by the Chartered Institute of Internal Auditors (IIA) today suggest that boards are strengthening their internal audit functions in a bid to protect their organisations and themselves against current and emerging risks.

Boards need to be able to rely on independent and objective analysis from their internal auditors. But to enable this it is essential that internal auditors have the authority that comes from a direct line into the board audit committee.

The Institute’s annual survey of its heads of internal audit shows that 82% of private sector internal audit chiefs now report functionally to the chair of their audit committee, compared to 68% in the same survey last year. In the financial services sector, the figure is 84%, up 4% on last year.

Internal Audit departments in the financial services sector also scored higher than other sectors on measures to ensure independence from their organisation’s executive management.  For example, the Institute’s survey shows that non-executive audit committee chairs are more likely to appoint, appraise and set pay for their heads of internal audit, as well as to have responsibility for their internal audit team’s budget and audit plan. Half of heads of internal audit surveyed also reported that the audit committee rather than the executive is responsible for evaluating their performance, an improvement of 21% from last year.

The IIA notes that since the introduction of its Code, Effective Internal Audit in the Financial Services Sector in July last year, there have been significant improvements in financial services internal audit teams’ strength and ability to provide the board with independent assurance on the effectiveness of the organisation’s risk management. 

The Code was introduced to help financial services firms improve their management of risks as they respond to intense public, investor and regulatory pressure to improve corporate governance.  The Code is backed by the Financial Conduct Authority (FCA) and Prudential Regulatory Authority (PRA), which use it as part of their assessment of the effectiveness of a firm’s internal audit function.

The drive to improve the management of risk across the whole organisation is also reflected in the rising status of internal audit in financial services firms. For example, the Institute’s survey shows that 56% of Heads of Internal Audit in the sector now sit at executive committee level compared to 45% last year, giving them greater insight into key decision making processes and the ability to give boards a more holistic assessment of risks and the controls in place to manage them. 

Internal auditors provide boards with assurance on an organisation’s risk management, internal controls and corporate governance.  They help organisations to manage the wide range of risks facing them before they become a problem, including for example: financial and fraud risks; data security risks; health and safety risks; and risks related to non-compliance with regulation.

Commenting on the survey results, the Institute’s Chief Executive, Dr Ian Peters, said:  “The level of regulatory and public scrutiny of the financial services sector, including moves to increase the personal accountability of directors means that boards will need to rely on their internal audit team even more to ensure they have a tight grip on risks.

“But it is important that organisations in other industries learn from the experiences of financial services and the increase in the numbers of internal audit chiefs reporting to non-executives suggests this is happening.  The last couple of years have seen significant scandals in sectors as diverse as pharmaceuticals and supermarkets – boards in all sectors therefore need to ensure they are confident that the systems and processes they have in place to anticipate and mitigate problems are fit for purpose, based on an independent and objective assessment.”