The Chartered Institute of Internal Auditors (Chartered IIA) has launched an enhanced Internal Audit Code of Practice, supported by the Institute of Chartered Accountants in England and Wales (ICAEW), aiming to improve corporate governance and address emerging risks across the UK and Ireland.
"As organisations confront an increasingly uncertain and dynamic risk landscape," said Anne Kiem OBE, Chief Executive of the Chartered IIA, “the new Internal Audit Code of Practice offers a crucial framework that will enhance the role of internal audit in advising and providing assurance to boards and senior management over their organisation's risks, controls and corporate governance processes.”
The new code expands the role of internal audit in assessing the capital and liquidity risks stemming from poor customer treatment. It also seeks to enhance reporting, calling upon firms to conduct broad culture audits and to include a summary of the activities and effectiveness of the internal audit function in their annual reports. Additionally, the code urges internal auditors to address emerging risks posed by such areas as environmental sustainability, social issues, financial crime, and technology risks.
In recent years, many internal auditors have seen their roles expand to include functions which would traditionally belong to risk and/or compliance. The updated code warns that this threatens internal auditors' independence. “Internal audit is there to support the board and the audit committee in particular, to assess risks and ensure those risks are being adequately managed by the organisation, and that the auditing of internal processes can be done without interference from management," said Peter van Veen, the ICAEW's Director of Corporate Governance and Stewardship. “But it’s very hard to do that if they are also responsible for second-line functions such as compliance, investigations or cyber security. Internal audit should never be put in a position where it has to mark its own homework.”
Join The Discussion