New Internal Audit Code will help businesses manage risk better

The management of risk by businesses will get a boost as the Chartered Institute of Internal Auditors published a new code to increase the effectiveness of internal audit functions. The Internal Audit Code of Practice will strengthen corporate governance following a series of high-profile collapses linked to governance deficiencies, including Carillion.

The new code aims to increase the status, scope and skills of internal audit and makes 38 recommendations for businesses including:

• Unrestricted access for internal audit so it is not stopped from looking at any part of the organisation it serves and key management information.
• The right to attend and observe executive committee meetings.
• A direct line to the CEO and a direct report to the Audit Committee Chair to increase the authority and status of internal audit.
• The direct employment of Chief Internal Auditors in every business even when the internal audit function is outsourced. This is to ensure Chief Internal Auditors have sufficient and timely access to key management information and decisions.
• Regular communication and sharing of information by the Chief Internal Auditor and the partner responsible for external audit to ensure both assurance functions carry out their duties effectively.

The Internal Audit Code of Practice was developed by an independent Steering Committee set up by the Chartered Institute of Internal Auditors and chaired by Brendan Nelson – Audit Committee Chair of BP. The final version of the code follows a 12-week public consultation exercise in which over one hundred stakeholders participated.