The Chartered Institute of Internal Auditors (Chartered IIA) has published a new code with the goal of increasing the effectiveness of internal audit functions.
The Internal Audit Code of Practice aims to strengthen corporate governance following a number of high-profile company collapses which have been linked to governance deficiencies, such as the collapse of UK construction company Carillion.
The code aims to increase the status, scope and skills of internal audit and makes 38 recommendations for business including:
- Unrestricted access for internal audit so it is not stopped from looking at any part of the organisation it serves and key management information.
- The right to attend and observe committee meetings.
- A direct line to the CEO and a direct report to the audit committee chair to increase the authority and status of internal audit.
- The direct employment of chief internal auditors in every business even when the internal audit function is outsourced. This is to ensure chief internal auditors have sufficient and timely access to key management information and decisions.
- Regular communication and sharing of information by the chief internal auditor and the partner responsible for external audit to ensure both assurance functions carry out their duties effectively.
The Internal Audit Code of Practice was developed by an independent steering committee set up by the Chartered IIA and chaired by BP audit committee chair Brendan Nelson. The final version of the code follows a 12-week public consultation in which more than a hundred stakeholders participated.
Nelson said: “High-profile corporate collapses linked to governance deficiencies have led to a wide-ranging review of the audit and corporate governance framework. Strong, effective and well-resourced internal audit functions have a central role to play in supporting boards to better manage and mitigate the risks they face.
“The Code makes 38 important recommendations, including the right for internal audit to attend executive committee meetings, unrestricted access for internal audit to all parts of the business and a direct line for internal audit to the Chief Executive.
“I urge boards, and in particular Audit Committees, to apply appropriately the Internal Audit Code of Practice to increase the effectiveness of their internal audit functions, in the pursuit of stronger corporate governance and risk management.”
Commenting on the code, UK Financial Reporting Council (FRC) CEO Jon Thompson said: “Internal audit is a vital part of the overall assurance that companies provide their investors and stakeholders, which helps to build trust in business.
“This is a significant time in the evolution of audit in the UK in light of the Kingman, Brydon and CMA reviews.
“I commend the IIA for developing and introducing this new Code of Practice which sets a high standard of best practice and should be considered an important part of the overall risk management and assurance framework.”
The Internal Audit Code of Practice follows an FRC review of companies reporting against the Corporate Governance Code which was also published today.