The Chartered Institute of Internal Auditors (Charted IIA) announced Thursday the publication of new guidance, intended to serve as an industry benchmark to improve the effectiveness of internal audit functions and raise the bar across the profession within organizations operating in the United Kingdom and Ireland.
Publication of the Chartered IIA’s “Internal Audit Code of Practice” follows a series of high-profile collapses linked to governance deficiencies, most notably the collapse of Carillion in January 2018. The principles-based code was developed by an independent steering committee set up by the Chartered IIA and is chaired by Brendan Nelson, audit committee chair of BP.
“High-profile corporate collapses linked to governance deficiencies have led to a wide-ranging review of the audit and corporate governance framework,” Nelson said. “Strong, effective, and well-resourced internal audit functions have a central role to play in supporting boards to better manage and mitigate the risks they face.”
To this end, Nelson said he urges boards, and particularly audit committees, “to apply appropriately the Internal Audit Code of Practice to increase the effectiveness of their internal-audit functions, in the pursuit of stronger corporate governance and risk management.”
The new code aims to increase the status, scope, and skills of internal audit and makes 38 recommendations to companies, including:
- Unrestricted access for internal audit so it is not restricted from looking at any part of the organization it serves and key management information.
- The right to attend and observe executive committee meetings.
- A direct line to the CEO and a direct report to the audit committee chair to increase the authority and status of internal audit.
- The direct employment of chief internal auditors in every business, even when the internal audit function is outsourced in order to ensure chief internal auditors have sufficient and timely access to key management information and decisions.
- Regular communication and sharing of information by the chief internal auditor and the partner responsible for external audit to ensure both assurance functions carry out their duties effectively.
The final version of the code follows a 12-week public consultation exercise in which over 100 stakeholders participated in November 2019. Meetings were held with senior stakeholders, and chief internal auditors from some of the U.K.’s largest companies took part in online discussions about the draft code.
The final Internal Audit Code of Practice was welcomed in Sir Donald Brydon’s independent review into the quality and effectiveness of audit published in December 2019. The Internal Audit Code of Practice complements the recommendations in the Brydon review.