New Internal Audit Code will help businesses better manage risk

8 January 2020

The management of risk by businesses will get a boost today as the Chartered Institute of Internal Auditors publishes a new code to increase the effectiveness of internal audit functions. The Internal Audit Code of Practice will strengthen corporate governance following a series of high-profile collapses linked to governance deficiencies, including Carillion.

The new code aims to increase the status, scope and skills of internal audit and makes 38 recommendations for businesses including:

  • Unrestricted access for internal audit so it is not stopped from looking at any part of the organisation it serves and key management information.
  • The right to attend and observe executive committee meetings.
  • A direct line to the CEO and a direct report to the Audit Committee Chair to increase the authority and status of internal audit.
  • The direct employment of Chief Internal Auditors in every business even when the internal audit function is outsourced. This is to ensure Chief Internal Auditors have sufficient and timely access to key management information and decisions.
  • Regular communication and sharing of information by the Chief Internal Auditor and the partner responsible for external audit to ensure both assurance functions carry out their duties effectively.

The Internal Audit Code of Practice was developed by an independent Steering Committee set up by the Chartered Institute of Internal Auditors and chaired by Brendan Nelson – Audit Committee Chair of BP. The final version of the code follows a 12-week public consultation exercise in which over one hundred stakeholders participated.

The new Internal Audit Code of Practice was welcomed in Sir Donald Brydon’s independent review into the quality and effectiveness of audit published last month. The Internal Audit Code of Practice compliments the Brydon review recommendations.

Brendan Nelson, Chair of the Internal Audit Code of Practice Steering Committee said:

“High-profile corporate collapses linked to governance deficiencies have led to a wide-ranging review of the audit and corporate governance framework. Strong, effective and well-resourced internal audit functions have a central role to play in supporting boards to better manage and mitigate the risks they face.

“The Code makes 38 important recommendations, including the right for internal audit to attend executive committee meetings, unrestricted access for internal audit to all parts of the business and a direct line for internal audit to the Chief Executive.

“I urge boards, and in particular Audit Committees, to apply the Internal Audit Code of Practice to increase the effectiveness of their internal audit functions, in the pursuit of stronger corporate governance and risk management.”

Sir Jon Thompson, CEO of the Financial Reporting Council said:

“Internal audit is a vital part of the overall assurance that companies provide their investors and stakeholders, which helps to build trust in business.  This is a significant time in the evolution of audit in the UK in light of the Kingman, Brydon and CMA reviews.  I commend the IIA for developing and introducing this new Code of Practice which sets a high standard of best practice and should be considered an important part of the overall risk management and assurance framework.”

Sir Donald Brydon CBE, Chair of the Independent Review into the Quality and Effectiveness of Audit said:

“The new code is an important step to improving the quality and delivery of internal audit services.”

Jonathan Geldart, Director General of the Institute of Directors said:

“In the context of an increasingly complex and even faster moving world, Directors must be confident in the solid foundations upon which their businesses are built. Strong internal controls are an essential element of these foundations. The Institute of Directors very much welcomes the introduction of the Internal Audit Code of Practice by the Chartered Institute of Internal Auditors which serves to codify the essential elements of internal controls required as the basis of any good business.”

Michael Izza, Chief Executive of the ICAEW (Institute of Chartered Accountants in England and Wales), said:

“This new code is an important step forward for corporate governance. It provides a benchmark for best practice and a measure for boards and audit committees to assess the effectiveness of their internal audit functions. I encourage organisations to examine the code and consider signing up to it.”

Helen Brand, Chief Executive of the ACCA (Association of Chartered Certified Accountants) said:

“ACCA is pleased to see the launch of the Internal Audit Code of Practice which is an essential resource for internal audit practitioners. We believe the code will further strengthen the quality and application of internal audit practices in the UK and Ireland through its principles-based recommendations.”

Andrew Harding, Chief Executive of the Chartered Institute of Management Accountants (CIMA) said:

“Good governance and confidence in business has never been more important, I welcome this publication.”

Bruce Cartwright, CEO of the Institute of Chartered Accountants Scotland (ICAS) said: “ICAS welcomes the publication of the Internal Audit Code of Practice by the Chartered Institute of Internal Auditors. We trust that this will build on the success of the existing Code of Practice for financial services firms and prove to be effective in encouraging best practice in internal audit and in improving its scope and status in a wider range of organisations.”

Jock Lennox, Chair of the Audit Committee Chairs’ Independent Forum (ACCIF) said:

“ACCIF very much welcomes this Internal Audit Code of Practice. The principles-based approach will help Audit Committee Chairs set the bar for internal audit, which will have an increasingly important role to play supporting Audit Committees as we digest the recommendations from the various recent reviews of reporting and auditing.”

Philippa Foster Back CBE, Director of the Institute of Business Ethics said:

“The new Internal Audit Code of Practice issued by the Chartered Institute of Internal Auditors is a timely document. The CIIA is a step ahead in professionalism than its counterparts in external audit and this Code of Practice is an example of this, as it clearly states best practice for internal audit in private and third sector organisations.”

Tim Ward, CEO of the Quoted Companies Alliance said:

“The Internal Audit Code of Practice is a welcome, principles-based guide for companies that are of a size to benefit from this form of internal control and risk management. It is easy to understand and will assist management and Audit Committees alike.”