Internal Audit Code of Practice | Guidance

Guidance on Effective Internal Audit Practices

The updated Internal Audit Code of Practice, effective from January 2025, aims to elevate the effectiveness and impact of internal audit functions within organisations across the financial services, private, and third sectors in the UK and Ireland.

The Code’s principles serve as a benchmark for best practices, providing a framework against which organisations can evaluate their internal audit functions. While the Code is principles-based, it is intended to be applied proportionately, considering the size, risk profile, and internal organisation of each entity, as well as the nature, scope, and complexity of its operations. Smaller organisations should apply these principles with these factors in mind.

Download the Code of Practice

Relevant guidance

Fully understanding how to practically implement each of the Code’s 37 principles requires cross-referencing with our comprehensive technical guidance. The following pieces of technical guidance are particularly relevant in supporting the Code’s implementation:

Internal Audit Charter and Mandate [Global IIA resource]

Insight and internal audit

Risk assessments and prioritisation of internal audit work

Risk-based internal audit planning in financial services

Production of the audit plan

Audit universe

Emerging Risk Assessment in Internal Audit

Auditing Strategy

Culture and the role of internal audit

Risk culture

Board Evaluation

Auditing corporate governance

Annual governance, risk and control assessments

Information guidance - basics of risk management

Risk appetite - the board's role 

Position paper: Risk management and internal audit

Reporting on the management of risk

Crisis management – predictable unpredictability?

Learning from events and black swans 

Business resilience and crisis planning

Markets in Financial Instruments Directive (MiFID II)

Wholesale Credit Risk in FS 

Viability statements

Capital and Liquidity (ICAAP and ILAAP)

Reputational Risk

How to Audit Marketing

Customer service

Conduct risk

Harnessing the Potential of Internal Audit 

Providing ethical assurance to boards 

Climate strategy

Climate Change 

Climate change and environmental impact

Climate financial risk auditing

Auditing climate data and reporting

Well-being of future generations

How to Audit Diversity, Equity and Inclusion

Well-being of future generations

CSR: Auditing social commitments

Auditing gender pay

United Nations human rights reporting

Modern Slavery Act 2015

Whistleblowing – a role for internal audit 

Anti-money laundering and counter terrorist financing

How to derive an IT audit universe

How to Audit IT basics

Cyber security

Auditing cyber security culture

Digital governance

Harnessing Technology With Intelligence (part one)

Reporting on the management of risk

Compliance

How to audit

Outcomes of Processes

Preparing for annual internal audit opinion

GIAS Delivering Internal Audit Findings

Following Up recommendations/management actions

Is your assurance integrated?

Working relationship between risk management and IA 

Five steps to create an assurance map

How to facilitate creation of the Audit and Assurance Policy (AAP)

Independence and Objectivity

Small Internal Audit Functions Guidance and Tool Kit 

How Internal Audit Works with the Audit Committee

Models of resourcing internal audit

Global Internal Audit Standards and Different Resource Models

Mentoring and developing talent in internal audit 

The importance of QAIPs

Measuring internal audit effectiveness and efficiency

Position paper: Internal audit's relationship with external audit 

Managing IA's relationship with regulators

        

 

   

About Us
Quick Links
Contact