Financial services internal audit in the spotlight as code of practice is reviewed

22 September 2016

The way risks in banks and other financial institutions are overseen is set to be re-examined as the Code for effective internal audit in the financial services sector, published by the Chartered Institute of Internal Auditors (the Institute), is reviewed by an independent committee of senior industry figures, with the support of regulators.

The committee, which meets for the first time today [Thursday 22 September], is chaired by Mike Ashley, chair of the audit committee of Barclays. It includes senior executives and non-executives from banking, insurance and asset management. The Bank of England/Prudential Regulation Authority, the Financial Conduct Authority and the Financial Reporting Council will all participate as observers.

Committee members are:

  • Tom Deane, audit director, TescoBank
  • Pam Kaur, group managing director and group head of audit, HSBC Holdings
  • Brendan Nelson, chair of the audit committee, RBS 
  • James Turner, director of group finance, Prudential
  • Julia Wilson, chair of the audit committee, Legal and General and group finance director, 3i

The committee will shortly launch a wide-ranging consultation exercise to gather views and evidence on the impact of the Code; the state of internal audit practice across the sector; and what more needs to be done to improve standards of practice.

Preliminary research by the Institute in 2015 suggested that the Code has led to significant improvements in the position of internal audit in financial services institutions. This review will gather and analyse up-to-date evidence to take stock of progress more broadly. 
Mike Ashley said:

“The Code has undoubtedly had a positive effect on the profile, standing and resources of internal audit across the sector, and has improved dialogue between internal audit and audit committee chairs. But we want to gather firmer and wider evidence of its impact, and also views on any areas where the Code might usefully be amended or expanded. 
“I’m particularly pleased that the regulators are supporting our review. They need to be confident that organisations are delivering the kind of internal audit functions they expect to see, so their input will be very important.”

The Code was published in July 2013 in the aftermath of the 2008 global financial crisis, and was prompted by an analysis of its causes and by governance, risk management and control failures including LIBOR and rogue trader scandals. The Institute created the Code, with the strong support of the Bank of England, to provide a sector-specific benchmark against which boards and regulators can assess the effectiveness of their internal audit functions.

Key recommendations of the Code included that internal audit should have unrestricted scope and be independent of other functions; should report to the audit committee chair, rather than to the executive team; should have access to all boards and board committees; should be adequately resourced, skilled and quality-assured; and should be subject to periodic external assessment.

The Institute’s 2015 research showed that the Code had a positive initial impact. 96% had unrestricted scope; 72% reported to the audit committee chair; 84% attended executive committee meetings; and 92% had a policy to commission an external quality assessment at least every 5 years.

Dr Ian Peters, Chief Executive of the Chartered Institute of Internal Auditors, said:

“We are delighted to have such a senior group to review our Code. We want to understand how the Code is being used, the difference it has made, and any ways it can be improved. But we also want to address the bigger question - how best to support further improvement in the standards of internal audit across the financial services industry.

“Increasing standards is particularly important at a time when boards need to harness internal auditors as their eyes and ears to ensure their organisations’ ethics and culture are sound.”

The consultation will begin shortly, and the committee will review responses with a view to reporting recommendations by March 2017.

The Institute’s current Financial Services code may be accessed here.

The research into the impact of the code conducted in 2015, named Surfing the Wave, may be found here.

The Institute’s report on organisational culture may be found here.

ENDS

About the Institute

The IIA has been leading the profession of internal auditing since 1948 and became the Chartered Institute of Internal Auditors on 1st October, 2010. It is the only body focused exclusively on internal auditing. Its International Standards and Code of Ethics bind a global community of over 180,000 internal auditors in 170 countries and over 8,700 members in the UK and Ireland.

Internal Auditors help protect the organisations they work for by assessing whether all significant risks are properly identified, controlled and reported to the board, usually via the audit committee; and by challenging executive management to improve the effectiveness of governance, risk management and internal controls.

Press enquiries:

Phil Gray
Communications Director
The Chartered Institute of Internal Auditors (IIA)
Email: phil.gray@iia.org.uk
Tel: 020 8319 1948