Internal Audit Code of Practice | Guidance

Guidance on effective internal audit in the private and third sectors

The Internal Audit Code of Practice aims to enhance the overall effectiveness of internal audit, and its impact, within organisations operating in the UK and Ireland.

Its recommendations can be regarded as a benchmark of good practice against which organisations can assess their internal audit function.

The Code is principles-based. It is expected that the Code should be applied proportionately, and therefore smaller organisations should apply the principles on which the Code is based in light of their size, risk profile and internal organisation and the nature, scope and complexity of their operations.


Relevant guidance

Fully understanding how to practically implement each of the Code’s recommendations requires cross referencing with our existing technical guidance. In particular, the following pieces of technical guidance help to support the Code’s implementation:

Role and mandate of internal audit

Internal audit charter

Supplemental guidance: Model Internal Audit Charter

IIA Global - Model audit committee charter


Scope and priorities of internal audit

Internal audit charter 

Supplemental guidance: Model Internal Audit Charter

Audit universe

How to derive an IT audit universe

Sector specific – FS - Risk assessments and prioritisation of internal audit work

Annual internal audit coverage plans

Concept and theory

The board's role

The role of internal audit

Risk maturity

Risk based internal audit planning in financial services

Emerging risk assessment in internal audit

Coordination of assurance services

Auditing corporate governance

Sector specific – FS - Annual governance, risk and control assessments

Board evaluation

 Organisational culture

Top tips: Making culture part of your DNA

Reward and recognition

Performance management

Organisational change

Projects

Auditing projects in the early stages

Research and development

Supply chains

Shared services

Outsourced services

Sector specific – FS - Outcomes of processes


Reporting results

Delivering internal audit findings

Following up recommendations/management actions

Things to consider when preparing your internal audit opinion


Interaction with risk management, compliance and finance

Employee engagement

Performance management

Recruitment and selection

Sickness absence

Talent management

Training and development

Accounts payable

Accounts receivable

Accruals and prepayments

Bank reconciliation

Travel and expenses

Health and safety

Managers acknowledging risk

Standards for managing risks

Coordination of assurance services

Operational responsibilities

Internal audit charter

Supplemental guidance: Model Internal Audit Charter

Position paper – Risk management and internal audit

 


Independence and authority of internal audit

Internal audit charter

Supplemental guidance: Model Internal Audit Charter

How internal audit works with the audit committee

Position paper – Independence and objectivity

Position paper – Independence and objectivity

Position paper - The rotation of heads of internal audit


Resources

Annual internal audit coverage plans

How to set up a new internal audit activity

Secondments

Future-proofing internal audit

Future-proofing internal audit

Coaching

Communication skills

Difficult clients

Mentoring

Presentation skills – top tips


Quality assurance and improvement programme (QA&IP)

Quality and the International Standards

Quality assurance and improvement programmes

Ensuring quality in the smallest internal audit activities

Internal audit performance management

Internal audit performance management

Financial Services - Internal audit effectiveness

Internal audit file reviews

Improving audit efficiency

Measuring internal audit effectiveness and efficiency

Internal audit manual


Relationships with external audit

Position paper - Internal audit's relationship with external audit

 

Content reviewed: 10 June 2020