Internal Audit Code of Practice | Guidance
Guidance on Effective Internal Audit Practices
The updated Internal Audit Code of Practice, effective from January 2025, aims to elevate the effectiveness and impact of internal audit functions within organisations across the financial services, private, and third sectors in the UK and Ireland.
The Code’s principles serve as a benchmark for best practices, providing a framework against which organisations can evaluate their internal audit functions. While the Code is principles-based, it is intended to be applied proportionately, considering the size, risk profile, and internal organisation of each entity, as well as the nature, scope, and complexity of its operations. Smaller organisations should apply these principles with these factors in mind.
Relevant guidance
Fully understanding how to practically implement each of the Code’s 37 principles requires cross-referencing with our comprehensive technical guidance. The following pieces of technical guidance are particularly relevant in supporting the Code’s implementation:
Purpose and mandate of internal audit
Internal Audit Charter and Mandate [Global IIA resource, Global IIA log in required]
Insight and internal audit | Professional Practice | Chartered IIA [Chartered IIA membership accessonly]
Scope and priorities of internal audit
Risk assessments and prioritisation of internal audit work | Professional practice | Chartered IIA
Risk-based internal audit planning in financial services | Professional practice | Chartered IIA
Production of the audit plan | Professional practice | Chartered IIA
Audit universe | Professional Practice | Chartered IIA
Emerging Risk Assessment in Internal Audit | Professional Practice | Chartered IIA
Scope of Internal Audit
Purpose, strategy and business model.
Auditing Strategy | How to Audit | Chartered IIA
Organisational culture.
Culture and the role of internal audit | How to Audit | Chartered IIA
Internal Governance.
Board Evaluation | How to Audit | Chartered IIA
Auditing corporate governance | How to Audit | Chartered IIA
Annual governance, risk and control assessments | Professional practice | Chartered IIA
The setting of, and adherence to, the risks the entity is willing to accept (risk appetite).
Information guidance - basics of risk management | Professional practice | Chartered IIA
Risk appetite - the board's role | Professional practice | Chartered IIA
Position paper: Risk management and internal audit | Professional practice | Chartered IIA
Reporting on the management of risk | Professional Practice | Chartered IIA
Key corporate and external events.
Crisis management – predictable unpredictability? | Articles | Chartered IIA
Learning from events and black swans | Audit Leaders | Chartered IIA
Business resilience and crisis planning | Chartered IIA
Capital and liquidity risks.
Markets in Financial Instruments Directive (MiFID II) | How to Audit | Chartered IIA
Wholesale Credit Risk in FS | How to Audit | Chartered IIA
Viability statements | How to Audit | Chartered IIA
Capital and Liquidity (ICAAP and ILAAP) | How to Audit | Chartered IIA
Risks of poor customer treatment, giving rise to conduct or reputational risk.
Reputational Risk | How to Audit | Chartered IIA
How to Audit Marketing | How to Audit | Chartered IIA
Customer service | How to Audit | Chartered IIA
Conduct risk | How to Audit | Chartered IIA
Environmental sustainability, climate change risks and social issues.
Harnessing the Potential of Internal Audit | Research and reports | Chartered IIA
Providing ethical assurance to boards | How to Audit | Chartered IIA
Climate strategy | How to Audit | Chartered IIA
Climate Change | How to Audit | Chartered IIA
Climate change and environmental impact | How to Audit | Chartered IIA
Climate financial risk auditing | Professional practice | Chartered IIA
Auditing climate data and reporting | Professional practice | Chartered IIA
Well-being of future generations | Professional practice | Chartered IIA
How to Audit Diversity, Equity and Inclusion | How to Audit | Chartered IIA
Well-being of future generations | Professional practice | Chartered IIA
CSR: Auditing social commitments | How to Audit | Chartered IIA
Auditing gender pay | How to Audit | Chartered IIA
United Nations human rights reporting | How to Audit | Chartered IIA
Modern Slavery Act 2015 | How to Audit | Chartered IIA
Financial crime, economic crime and fraud.
Whistleblowing – a role for internal audit | Professional practice | Chartered IIA
Anti-money laundering and counter terrorist financing | How to Audit | Chartered IIA
Technology, cyber, digital and data risks.
How to derive an IT audit universe | Professional practice | Chartered IIA
How to Audit IT basics | How to Audit | Chartered IIA
Cyber security | How to Audit | Chartered IIA
Auditing cyber security culture | How to Audit | Chartered IIA
Digital governance | How to Audit | Chartered IIA
Harnessing Technology With Intelligence (part one) | Chartered IIA
Risk management, compliance, finance and control functions.
Reporting on the management of risk | Professional Practice | Chartered IIA
Compliance | How to Audit | Chartered IIA
Outcomes of processes.
Outcomes of Processes | How to Audit | Chartered IIA
Reporting results
Preparing for annual internal audit opinion | Professional practice | Chartered IIA
GIAS Delivering Internal Audit Findings | Professional Practice | Chartered IIA
Following Up recommendations/management actions | Professional Practice | Chartered IIA
Interaction with risk management, compliance, finance and control functions
Is your assurance integrated? | Chartered IIA
Working relationship between risk management and IA | Professional Practice | Chartered IIA
Five steps to create an assurance map | Chartered IIA
Independence and authority of internal audit
Independence and Objectivity | How to Audit | Chartered IIA
Resources
Small Internal Audit Functions Guidance and Tool Kit | Standards and Codes | Chartered IIA
How Internal Audit Works with the Audit Committee | Professional Practice | Chartered IIA
Models of resourcing internal audit | Professional practice | Chartered IIA
What is Internal Audit? | Blog | Chartered IIA
Mentoring and developing talent in internal audit | Articles | Chartered IIA
Quality assurance and improvement programme (QA&IP)
The importance of QAIPs | Articles | Chartered IIA
Measuring internal audit effectiveness and efficiency | Professional practice | Chartered IIA
Relationships with regulators and external audit
Managing IA's relationship with regulators | Professional Practice | Chartered IIA