ICAEW.com works better with JavaScript enabled.

New Internal Audit Code to strengthen corporate governance

Author: ICAEW Insights

Published: 11 Sep 2024

Enhanced Chartered Institute of Internal Auditors Code of Practice aims to tackle emerging risks, bolster business resilience and support economic stability.

ICAEW is putting its weight behind the new Internal Audit Code of Practice launched today to strengthen corporate governance and help organisations navigate an increasingly complex risk environment.

The enhanced code from the Chartered Institute of Internal Auditors (Chartered IAA) serves as a benchmark to embed best practices and improve internal audit practice across the UK and Ireland.

Effective from January 2025, the new code applies to all internal audit functions in the financial, private and third sectors across the UK and Ireland, in alignment with the International Professional Practices Framework, the new Global Internal Audit Standards and the revised UK Corporate Governance Code

Previously there was a separate code for financial services firms. Now, internal audit functions across all sectors should assess capital and liquidity risks and risks stemming from poor customer treatment. 

Enhanced reporting

This latest version of the code also calls for a summary of the internal audit function’s activities, impact and effectiveness in the annual report and accounts. It furthermore calls for culture audits that extend beyond risk and control culture to encompass broader cultural risks.

Meanwhile, the code brings emerging risks into scope and calls on internal audit to address risks posed by areas including environmental sustainability, climate change, social issues, financial and economic crime, and technology risks such as AI and cyber security.

Internal audit’s assessments of risk management and internal controls should now support board disclosures on material controls, aligning with the revised UK Corporate Governance Code. At the same time, the internal audit functions should coordinate with other assurance providers on key risks and assurance timing to ensure risk coverage is comprehensive, the code says.

Restoring trust and supporting economic stability

Anne Kiem OBE, Chief Executive of the Chartered IIA, says a robust internal audit profession is essential to restoring trust in the broader audit and corporate governance ecosystem and supporting economic stability.

“As organisations confront an increasingly uncertain and dynamic risk landscape, the new Internal Audit Code of Practice offers a crucial framework that will enhance the role of internal audit in advising and providing assurance to boards and senior management over their organisation’s risks, controls and corporate governance processes.”

Alan Vallance, ICAEW Chief Executive, says: “Internal auditors are a key part of the organisation's audit and assurance capability and provide confidence to the board and the executive that risk management process and internal controls are in good order. 

“Many of our members work as internal auditors or work closely with them as CFOs or audit committee chairs. We therefore welcome the revised Internal Audit Code of Practice as it further strengthens the role of internal audit.” 

Mark Babington, Executive Director, Regulatory Standards at the Financial Reporting Council, which contributed to the code’s development, says: “This code is a significant step forward in improving independent assurance over the way businesses manage risk and assess the effectiveness of their internal controls to support reporting against the Corporate Governance Code.”

Best practice in a single document

Peter van Veen, ICAEW Director, Corporate Governance and Stewardship, says having a unified code brings best practice from across sectors into a single document. “It also strikes a good balance between large company internal audit and smaller entities – most of these principles are scalable, so you don’t need lots of resources to make use of the new code.” 

Van Veen says he particularly welcomed clarity around internal audit’s independence and objectivity. “The code also highlights the importance of ensuring that internal audit has the appropriate standing in the organisation and that it has unfettered, timely access to all of the organisation’s data. It is also key that internal audit has a direct line to the audit committee and preferably reports directly into the chair of this committee.

Internal audit to support board and audit committee

Meanwhile, van Veen welcomed the code’s warnings not to compromise internal audit’s independence by extending its remit to second-line functions. “Internal audit is there to support the board and the audit committee in particular, to assess risks and ensure those risks are being adequately managed by the organisation, and that the auditing of internal processes can be done without interference from management. 

“But it’s very hard to do that if they are also responsible for second-line functions such as compliance, investigations or cyber security. Internal audit should never be put in a position where it has to mark its own homework.”

The code is not drafted with the public sector specifically in mind. Therefore, public sector internal audit functions should continue to follow the Public Sector Internal Audit Standards.

Download the Internal Audit Code of Practice – principles on effective internal audit in the financial, private and third sectors

Join your peers

ICAEW's Internal Audit Conference 2024 focuses how internal audit builds resilience. Hear from the Government Internal Audit Agency, the IIA and the Institute of Business Ethics.

Two individuals (a woman with a mixed ethnic background and a black man) sat at a desk looking at paperwork.

Further resources

Toolkit
Three people standing around a table in an office.
Changing role of the CFO

Hear from senior finance professionals on the changing role of the CFO and use our toolkit to make the most of new opportunities to create a fairer future.

Browse resources
ICAEW Community
Magnifying glass and pen
Internal Audit Community

Essential resources, support and news on the latest technical and regulatory changes impacting the internal audit function. Membership is open to everyone, including non-ICAEW members.

ICAEW support
A pair of hands holding 3 blocks showing compliance symbols
Training and events

Browse upcoming and on-demand ICAEW events and webinars covering corporate governance and stewardship.

Events and webinars CPD courses and more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250