A new Internal Audit Code of Practice
Shakeel Aslam · Posted on: September 17th 2024 · read
Shakeel Aslam, Partner and Head of the GRC / Internal Audit Practice at MHA, the UK member of the global Baker Tilly Network discusses the Chartered Institute of Internal Auditors most recent new Internal Audit Code of Practice, effective from January 2025.
The Chartered Institute of Internal Auditors has released a new Internal Audit Code of Practice, effective from January 2025. This Code aims to enhance the effectiveness of internal audit functions across financial services, private, and third sectors in the UK and Ireland. It emphasises a principles-based approach, advocating for proportionality in application based on an organisation's nature, scope, and complexity.
Key Principles and Recommendations
The Code outlines several core principles and recommendations to achieve robust internal audit practices:
- Purpose and Mandate The primary purpose of internal audit is to assist the board and senior management in safeguarding the organisation's assets, reputation, and sustainability. This is achieved through independent, risk-based assurance, advice, and insight. The internal audit function's purpose and mandate should be clearly defined in a publicly available internal audit charter.
- Scope and Priorities Internal audit should have unrestricted access to all areas of the organisation. It should adopt a risk-based approach to determine audit coverage, considering factors like business strategy and emerging risks. The internal audit plan should be dynamic and adaptable to address unplanned events and emerging risks.
- Reporting Internal audit should provide impactful and relevant reports to key governance committees. These reports should include overall opinions on high-risk areas, insights into control weaknesses, and an independent view of management's risk reporting.
- Interaction with Other Functions Internal audit should maintain independence from risk management, compliance, finance, and other control functions. While collaboration is encouraged, internal audit should not solely rely on the work of these functions.
- Independence and Authority The chief audit executive should hold a senior position within the organisation, enabling them to challenge senior management effectively. Internal audit should have unrestricted access to key management information and the right to attend executive committee meetings.
- Resources Internal audit should have the necessary skills, experience, and resources to fulfil its mandate. This includes access to appropriate tools and technology, such as data analytics.
- Quality Assurance The board audit committee is responsible for evaluating the performance of the internal audit function. Internal audit should maintain a Quality Assurance and Improvement Programme (QAIP) to ensure adherence to standards and continuous improvement.
- Relationship with Regulators and External Audit Internal audit should foster open communication and cooperation with regulators and external audit.
Significance and Impact
The new Code represents a significant step in strengthening the internal audit profession in the UK and Ireland. By adopting these principles, organisations can enhance their corporate governance practices and ensure that internal audit plays a vital role in protecting their assets, reputation, and long-term sustainability.
The Code's emphasis on a principles-based approach allows for flexibility and adaptability, recognising that organisations vary in size and complexity. It encourages internal audit functions to focus on key risks and areas of greatest impact, promoting efficiency and effectiveness.
Furthermore, the Code's focus on independence and authority empowers internal audit to provide objective and unbiased assessments. This strengthens the function's ability to challenge senior management and contribute to improved governance practices.
Conclusion
The new Internal Audit Code of Practice provides a comprehensive framework for enhancing the effectiveness of internal audit functions. By embracing these principles, organisations can strengthen their corporate governance, manage risks effectively, and ensure long-term success. The Code's emphasis on proportionality, independence, and a risk-based approach makes it a valuable tool for internal audit professionals across various sectors.