Guidance to support the sector
The Chartered IIA's updated financial services sector code will help internal audit to provide a more effective service in banks and other financial organisations, and play an active role in preventing future problems in the sector.
The guidance gives a clear direction to internal audit functions to focus upon governance and risk management. This includes providing an assessment of the adequacy and effectiveness of risk management, assessing whether all significant risks are identified and reported upon by management and assessing whether risks are adequately controlled.
Internal audit planning should therefore be risk-based enabling internal audit to at least annually provide an assessment of the overall effectiveness of the governance, risk and control framework of the organisation, together with an analysis of themes and trends emerging from internal audit work. The code suggests that the following areas should be within internal audit's scope:
- Internal governance
- Info supporting decision making
- Risk appetite
- Risk culture
- Customer treatment
- Capital & liquidity risk
- Corporate events
- Outcomes and processes
In addition, the code points to the importance of interaction with other internal assurance providers such as risk management, compliance and finance to create a strong corporate governance structure. However, while coordination will help to formulate an annual overall opinion internal audit should be independent from these functions and be neither responsible for or be part of them.
This series of guidance pulls together the fundamentals of internal audit best practice. And, over the next few months, we will provide further information and resources to help you implement the revised financial services code.
Risk based internal audit planning in financial services
How to develop an internal audit plan that is holistic and reflects the nature of the business and its operating environment.
How to set up a new internal audit activity
Our guide and checklist will help you to review the structure of your existing function or set up a new one.
Working with your stakeholders
How internal audit can develop and improve day to day working relations with stakeholders.
How to write an internal audit charter
Use our template to help write or update your charter. This is a formal document that defines internal audit's purpose, authority, responsibility and position within an organisation.
Developing audit competencies
Review the skills, knowledge and techniques required of internal auditors, and the resourcing options available.
Coordination with other assurance providers
Examine the pros and cons of having multiple assurance providers. This guide includes four case studies, including a high street bank and a pension administrator.
Computer assisted audit techniques (CAATs)
Tips for mutuals on using technology and analytics to evaluate controls by examining relevant data.
Challenges and expectations for the future of internal audit in banking and credit institutions
The Spanish Institute of Internal Auditors has written some guidance about the future trends that are emerging in the banking and credit sector following the financial crisis. It identifies not only the trends but also the expectations and the impact that these primary drivers of change will have on internal audit functions.
Read the full guidance (it's in English)
Presentations from past financial services events