Workiva advert TeamMate Ideagen advert

Sector-specific standards & guidance

Financial services and the public sector have both recently seen changes to the way internal audit needs to operate. 

Public sector 


To provide an effective service in banks and other financial organisations, internal audit requires specific guidance on the tasks it should carry out and how the function should be positioned within organisations.

IIA's financial services code

Our financial services code aims to raise the bar for internal audit by setting a benchmark throughout the entire internal audit cycle. Read our guidance on some of the key recommendations 

Basel Committee on Banking Supervision

The Basel Committee on Banking Supervision has issued revised guidance for supervisors assessing the effectiveness of the internal audit function in banks, which forms part of the Committee's ongoing efforts to address bank supervisory issues and enhance supervision through guidance that encourages sound practices within banks.

The document builds on the Committee's Principles for Enhancing Corporate Governance which requires banks to have an internal audit function with sufficient authority, stature, independence, resources and access to the board of directors. Independent, competent and qualified internal auditors are central to sound corporate governance.

The document is based on 20 principles, organised in three sections, which are consistent with the IIA's financial services code:

  1. Supervisory expectations relevant to the internal audit function,
  2. The relationship of the supervisory authority with the internal audit function, and
  3. Supervisory assessment of the internal audit function.

These principles seek to promote a strong internal audit function within banking organisations. It also encourages bank internal auditors to comply with and to contribute to the development of national and international professional standards and it promotes due consideration of prudential issues in the development of internal audit standards and practices. An annex to the consultative document details responsiblities of a bank's audit committee. 

FRC's latest guidance published September 2014

The Financial Reporting Council (FRC) published new guidance for directors of banks on solvency and liquidity risk management and the going concern basis for accounting. It provides supplementary considerations for the banking sector and should be read in conjunction with the newly published risk guidance.

Read the FRC's guidance


Like banks, mutuals are also being expected to assess the effectiveness of their internal audit functions in light of the FS code

Mutuals typically have smaller internal audit teams than their publicly-traded counterparts, and parts of the service are commonly outsourced. This makes implementing the FS code uniquely challenging.  

Member resources

Computer assisted audit techniques (CAATs)
Tips for mutuals on using technology and analytics to evaluate controls by examining relevant data.


The Solvency II directive has made having an effective and permanent internal audit function a regulatory requirement. 

Solvency II

The European Confederation of national institutes of internal auditors (ECIIA) has published a view of the role of internal auditing in the insurance industry under the new future legal background of Solvency II (SII).

The document, prepared by a working group of Chief Audit Executives of insurance companies is consistent with IIA's financial service code and explains that SII does not impact the role of internal audit set out in the IIA's standards and principle. 

However, the ECIIA also recognises there are major challenges for organisations and their internal auditors as SII defines a new governance system requiring an adequate risk management system and an independent internal audit activity that applies a risk-based approach.

The appendices attached to the document therefore provide guidance on how this can be achieved and summarises the various activities internal audit can perform in helping their organisation conform to SII.

Member resources

Solvency II: the fundamentals
A guide to getting started and to sense-checking your implementation plan

Solvency II: the role of internal audit
A closer look at the changing role and focus of internal audit under the new regime.  

Public sector

The demand for efficiency in public spending together with more localised delivery of services is changing the focus of government. As a result, the risks are changing. Governance, risk management, internal controls and assurance processes must adapt.

A common set of standards, known as the Public Sector Internal Audit Standards (PSIAS), was adopted in April 2013. These were subsequently revised in April 2016 to incorporate enhancements approved by IIA Global’s board of directors to strengthen the ongoing relevance of the International Professional Practice Framework (IPPF).

UK PSIAS consultation

IASAB is currently going through a consultation process to seek agreement to amendments to the PSIAS to reflect the new and revised IIA Standards that came into effect on 1 January 2017. Further information can be found on the websites of IASAB and CIPFA

Member resources

Independent Audit Committees in Public Sector Organizations
This IIA Global guide discusses the importance of independence for public sector audit committees to meet the increasing demands of taxpayers for transparency and accountability. 

Nine Elements Required for Internal Audit Efffectiveness in the Public Sector
Results drawn from a global internal audit survey.

The IIA and INTOSAI: A Comparison of Authoritative Guidance Frameworks
Comparison of their respective organisations and the authoritative guidance they are responsible for delivering.

Case studies from NAO
We collaborated with the National Audit Office (NAO) to produce a series of case studies from the private and public sector that explore approaches to building relationships with audit committees, evaluating the impact of internal audit, and undertaking a risk-based approach to internal audit.

Content reviewed: 7 June 2017
Download PDF

Technical question?

Name: Email: