New Chartered IIA Code of Practice: the responses so far
Internal audit leaders, regulators and leaders of other professional bodes have welcomed the Chartered IIA’s new combined Code of Practice, launched in September 2024. What have people said so far?
The Chartered IIA’s new combined Code of Practice attracted widespread publicity when it launched in September. Senior figures in related professions and regulators praised its scope and the role it can play in enhancing the role and value of internal audit functions. Internal audit leaders have also praised it and believe it will help to raise internal audit’s impact and status.
The Code builds on the Global Internal Audit Standards and the revised UK Corporate Governance Code and introduces key enhancements, including:
-
Chief audit executives (CAEs) should collaborate with their audit committee to ensure the annual report and accounts include a summary of the internal audit function’s activities and conclude on its impact and effectiveness.
-
Internal audit functions should conduct risk-based reviews of organisational culture, extending beyond risk and control culture to broader cultural risks.
-
Internal audit functions in all sectors should assess capital and liquidity risks and risks stemming from poor customer treatment.
-
Internal audit functions should address emerging risks, such as environmental, climate and societal risks, as well as cyber, data and technology.
-
Internal audit's assessments of risk management and internal controls should support board disclosures on material controls.
-
Internal audit functions should coordinate with other assurance providers on key risks and assurance timing.
-
Internal audit teams should comprise individuals with diverse backgrounds, skills and experiences, and CAES should ensure access to necessary tools and technology.
What people said:
Mark Babington, Executive Director, Regulatory Standards, of the Financial Reporting Council
“This Code is a significant step forward in improving independent assurance over the way businesses manage risk and assess the effectiveness of their internal controls to support reporting against the Corporate Governance Code.”
Andy Kemp, Chair of the Audit Committee Chairs’ Independent Forum, and Audit Committee Chair at The Berkeley Group Holdings
“The new Internal Audit Code of Practice empowers Audit Committee Chairs to elevate internal audit functions, which are increasingly vital in navigating today’s complex controls and risk landscape.”
Jonathan Geldart, Director General at the Institute of Directors (IoD)
“The Internal Audit Code of Practice provides company directors with the tools to embed the strong internal company controls that are vital for business success.”
Myles McGuiness, Chief Executive Officer of the Financial Markets Standards Board
“Strong and effective internal audit functions play a crucial role in promoting transparency, accountability and integrity across financial markets. We welcome the new Internal Audit Code of Practice, which raises the bar and establishes a new standard of excellence for the internal audit profession. We are particularly pleased to see the increased focus on assessing corporate culture and behaviours.”
Jean-Philippe Perraud, General Director of NEDonBoard (Institute of Board Members)
“We welcome the new Internal Audit Code of Practice and believe it will help to ensure the best business governance practices at the highest levels. We encourage non-executive directors to work closely with their internal audit teams to ensure the new Code is implemented effectively."
Alan Vallance, Chief Executive of the Institute of Chartered Accountants England and Wales (ICAEW)
“Internal auditors are a key part of the organisation's audit and assurance capability and provide confidence to the board and the executive that risk management process and internal controls are in good order. We welcome the revised Internal Audit Code of Practice as it further strengthens the role of internal audit.”
Helen Brand OBE, Chief Executive of the Association of the Chartered Certified Accountants (ACCA)
“This is an important step forward in ensuring the continued effectiveness of internal audit. I’m particularly pleased to see the widening focus in areas such as organisational culture, sustainability risk, climate change, financial crime and AI.”
Bruce Cartwright, CEO of the Institute of Chartered Accountants Scotland (ICAS)
“We very much welcome that the Code is principles-based and it is intended that the principles are to be applied proportionately, in line with the nature, scope and complexity of the organisation concerned.”
Andrew Harding, Chief Executive of the Chartered Institute of Management Accountants (CIMA)
“Internal audit plays an increasingly important role within the corporate ecosystem, not just in the UK, but around the world. Management accountants working within the internal audit function, or alongside it, rely on their business acumen and critical thinking skills to help power value creation and trust. Internal audit is a vital safeguard for boards, helping to improve the effectiveness of the company's risk management, controls and governance. The new Internal Audit Code of Practice is a must-read for company directors who want to get the most out of their internal audit functions in a constantly changing world.”
Gavin Faloona, Head of Internal Audit at Goodbody Stockbrokers and Chair of the Chartered IIA Ireland region, posted on LinkedIn:
“This isn’t just a revision – it’s a game-changer. Our new Code is designed to not only meet, but exceed, the baseline Standards, raising the bar for internal audit practices across the UK and Ireland. As nations that lead the way in the global economy and corporate governance, we must continue to push boundaries.
"In today’s fast-paced world, this Code is your roadmap to ensuring your internal audit function remains effective, forward-thinking and aligned with best practices. For the first time, we offer a unified approach that spans across sectors, elevating the standards of internal auditing everywhere.
"What does this mean for you? The Code provides an opportunity to fortify your role in helping boards and senior management identify, manage, and mitigate risks in an ever-evolving landscape.”
Richard Chambers, Senior Advisor, Risk and Audit, at AuditBoard, wrote in Audit Beacon
“The UK’s New Code of Practice Raises the Bar for Internal Auditors”. He said he was impressed “by how clearly and logically it is organised” and “by how much further the principles go when compared with The Global Internal Audit Standards”.
Business & Accountancy Daily called it
“A significant step towards bolstering corporate governance and helping prevent company failures by ensuring companies have robust and effective internal audit functions.”
Author and governance authority Norman Marks titled a blog about the Code:
"Excellent authoritative guidance for internal auditors and strongly recommended that internal auditors around the world should read and consider it. “The Code is a serious and very significant upgrade (sorry IIA) to GIAS. In fact, I think it transcends GIAS,” he said. He went on to highlight the main areas that he endorses and believes are important for all internal auditors to consider."
The Chartered IIA’s new combined Code of Practice was led by an independent committee and included input from key UK and Irish regulators, including the Bank of England, Central Bank of Ireland, Financial Conduct Authority and Financial Reporting Council. It comes into operation in January 2025.