New guidance on how risk should be managed in UK banks and other financial institutions is being published by the Chartered Institute of Internal Auditors (The Institute) on 31 August.
The new edition of the Institute’s ‘Guidance on Effective Internal Audit in Financial Services’ - widely known as the Financial Services Code – was produced following wide consultation with the industry and with the support of the Bank of England, PRA, FCA, and Financial Reporting Council. It strengthens the role of internal audit in ensuring that financial institutions properly manage all their risks; and it should lead to internal audit playing an even more active part in preventing failures, scandals or mismanagement in UK financial services firms.
Internal auditors are responsible for ensuring that the organisation that they work for is properly managing all significant risks - both financial and non-financial. The Code provides a best-practice benchmark against which boards and regulators can assess the effectiveness of their internal audit functions.
The key changes to the Code include:
Institute Chief Executive, Dr. Ian Peters, says:
“The new Code should make internal audit an even stronger watchdog in managing risk effectively in UK financial services.”
“The Code has already made a real difference to the profile and authority of internal audit since it was published in 2013. It has driven real improvements in performance across the sector, especially in the area of culture. But the time has come to go further. “
“It is not just about changing the ‘tone at the top’ but about helping to achieve a sea change in culture in banks and financial services firms – a shift in attitudes and behaviours. To achieve this, there need to be systematic and objective assessment of behaviour at the frontline, not just in the boardroom.”
“Overall, the enhanced Code should help ensure that internal auditors can play their full part in effectively protecting the assets, reputation and sustainability of their organisations.”
“Internal auditors across the sector now need to drive these changes forward. They should demand, and get, stronger backing from audit committees and board. Boards, in turn, should expect and demand more from internal audit departments. And the new Code needs the continued support of the regulators to give it even more clout.”
The original Code was published by the Institute in July 2013, in the aftermath of the 2008 global financial crisis, and was prompted by an analysis of its causes and by governance, risk management and control failures including LIBOR and rogue trader scandals. It was welcomed by UK regulators, who have made clear that they regard compliance with the Code as necessary.
The review of the Code, instigated by the Institute, was conducted by an independent committee of senior industry figures, chaired by Mike Ashley, chair of the audit committee of Barclays, with the support of regulators; and involved two rounds of consultation with the sector.