The IIA’s new Code follows an FRC review of companies reporting against the Corporate Governance Code published today (10 January) which found many of the UK’s largest companies need to improve their governance and reporting to promote “sustainability and trust” in business.
The new code aims to increase the status, scope and skills of internal audit and makes 38 recommendations for businesses including:
- Unrestricted access for internal audit so it is not stopped from looking at any part of the organisation it serves and key management information.
- The right to attend and observe executive committee meetings.
- A direct line to the CEO and a direct report to the Audit Committee Chair to increase the authority and status of internal audit.
- The direct employment of chief internal auditors in every business even when the internal audit function is outsourced. This is to ensure chief internal auditors have sufficient and timely access to key management information and decisions.
- Regular communication and sharing of information by the chief internal auditor and the partner responsible for external audit to ensure both assurance functions carry out their duties effectively.
Commenting on the new Code, Sir Jon Thompson, CEO of the Financial Reporting Council said: “Internal audit is a vital part of the overall assurance that companies provide their investors and stakeholders, which helps to build trust in business.
“This is a significant time in the evolution of audit in the UK in light of the Kingman, Brydon and CMA reviews. I commend the IIA for developing and introducing this new Code of Practice which sets a high standard of best practice and should be considered an important part of the overall risk management and assurance framework.”