Governance gap: Chartered IIA calls on Parliament to help ensure all company pensions schemes are subject to internal audit.

Should all companies operating pension schemes be required to have an internal audit function? Given the employee funds they manage and the fact that providers of contract-based and outsourced schemes must have internal audit functions, since they are financial services firms regulated by the Financial Conduct Authority (FCA), the Chartered IIA believes they should be.  

However, those that operate their own trust-based or in-house schemes do not currently need to have internal audit capabilities. This is likely to surprise most people who assume that all financial services products available to the general public must be regulated to the same standards.  

In fact, while the Pensions Regulator regulates all pension schemes, it does not require private companies that run trust-based and master schemes to have an internal audit function – even when the schemes are large and complex. This is only a requirement for those regulated by the Financial Conduct Authority and Prudential Regulation Authority, which require internal audit functions in their respective Handbook and Rulebook.  

The Chartered IIA believes this creates a regulatory gap, which it has highlighted in a new Parliamentary briefing: Protecting Pensions Through Stronger Internal Audit Requirements, published on 11 June. It has already called on the Pensions Regulator to strengthen its Code of Practice guidance on internal audit to ensure parity across the sector and equal regulatory scrutiny to protect pension fund savers. This briefing now brings the issue to the attention of Parliamentarians.  

Millions of MPs’ constituents pay into pension schemes that may lack the level of independent assurance needed for boards and trustees to effectively oversee risks, it warns. 

“Many will remember the collapse of BHS in 2016, which resulted in 11,000 job losses, 167 store closures, and exposed serious governance failings – including the absence of an internal audit function. Critically, it left behind a pension deficit of over £570 million, putting thousands of employees’ pensions at risk,” says Gavin Hayes, Head of Policy and Public Affairs at the Chartered IIA. 

Both BHS and Patisserie Valerie, which went bankrupt two years later, ran trust-based pension schemes but had no internal audit functions. Many large companies today do the same, Hayes warns. If these two businesses had had internal audit professionals scrutinising their affairs, they might have identified control weaknesses earlier, “potentially recommending improvements that could have helped prevent or detect fraud and ultimately reducing the risk to employees’ pensions,” Hayes says. 

The Chartered IIA’s briefing therefore calls on Parliamentarians to support its campaign to reinforce regulatory scrutiny of pension schemes and ensure all schemes are subject to internal audit. In particular, it asks MPs to: 

• Support our call for The Pensions Regulator to amend its Code of Practice to recommend all trust-based occupational and master trust pension schemes establish and maintain an independent internal audit function as part of their governance framework. This could include writing a letter to the CEO of The Pensions Regulator.  

• Work with us to table parliamentary questions on the issues we have raised in this briefing and with The Pensions Regulator.  

Action is essential if all pension scheme contributors are to be equally protected against fraud and mismanagement.