Where the global risk landscape is growing ever more complex, organizations face mounting pressures to manage risks effectively and uphold corporate governance. In response to these challenges, the Chartered Institute of Internal Auditors (Chartered IIA) has introduced a transformative new Internal Audit Code of Practice, designed to guide organizations in strengthening their internal audit functions and bolstering governance frameworks. This development is particularly critical for organizations across the UK and Ireland, where the IIA’s members play a key role in safeguarding corporate stability.
Released after extensive consultation with regulators, business leaders, and internal audit professionals, the new Code is more than a set of guidelines—it is a comprehensive framework that enhances the role of internal audit in today’s risk environment. As Anne Kiem, Chief Executive of Chartered IIA, put it, “The new Internal Audit Code of Practice offers a crucial framework that will enhance the role of internal audit in advising and providing assurance to boards and senior management over their organization’s risks, controls, and corporate governance processes.” This post takes a closer look at the implications of the new Code, its key components, and the broader impact on corporate governance and economic stability.
The Need for an Enhanced Code
Internal audit functions have long been essential to corporate governance, helping organizations identify risks, safeguard assets, and ensure operational efficiency. However, as the risk landscape evolves—driven by factors such as digital transformation, environmental sustainability, and geopolitical instability—traditional internal audit practices have struggled to keep pace. In this environment, a reactive, compliance-driven audit function is no longer sufficient.
Organizations now require internal audit functions that can anticipate emerging risks and offer strategic advice to boards and senior management. This proactive role is at the heart of the new Internal Audit Code of Practice. Developed by an independent committee led by Sally Clark, Chair of Citigroup Global Markets’ Audit Committee, and shaped by input from regulators like the Bank of England, the Financial Reporting Council, and the Central Bank of Ireland, the Code aims to future-proof internal audit functions. It emphasizes a higher standard of performance and governance that spans financial services, private companies, and third-sector organizations.
Key Features of the New Internal Audit Code
The new Code introduces several key enhancements that internal audit professionals must integrate into their practices. These changes reflect the growing need for comprehensive risk management, stronger corporate governance, and more transparent reporting. Below are some of the most significant updates:
- Enhanced Reporting and Transparency
One of the most significant updates to the Code is the requirement for Chief Internal Auditors to collaborate closely with their Audit Committees to ensure that annual reports include detailed summaries of internal audit activities. This emphasis on transparency will allow stakeholders, including shareholders and regulators, to better understand how internal audit contributes to managing risks and improving controls within the organization. In this way, the Code aligns with the UK Corporate Governance Code, which calls for greater disclosure on material risks and controls. - Cultural Audits
The Code introduces a new focus on organizational culture, recognizing the critical role culture plays in both operational risk and long-term sustainability. Internal audit functions are now expected to conduct risk-based reviews of organizational culture, extending beyond the traditional focus on risk and control culture to examine broader cultural risks. This move reflects growing recognition that a toxic or misaligned corporate culture can have serious ramifications for a company’s reputation and financial health. For example, poor customer treatment and unethical practices can severely impact an organization’s brand, as seen in high-profile cases such as Wells Fargo’s sales scandal. - Wider Scope of Risk Assessment
Historically, internal audit functions in the financial services sector have focused primarily on financial risks. The new Code expands this scope, encouraging internal auditors to assess a broader range of risks, including those related to capital, liquidity, and customer treatment. This shift ensures that internal audit functions across all sectors—not just financial services—address critical non-financial risks that could impact an organization’s resilience and reputation. - Emerging Risk Focus: Climate, Technology, and Social Issues
Reflecting the growing importance of sustainability, the new Code requires internal audit functions to evaluate emerging risks such as environmental sustainability, climate change, and social issues. Additionally, it highlights the need to address risks associated with technological advancements, including artificial intelligence (AI) and cybersecurity. By incorporating these emerging risks into audit plans, organizations can better anticipate and mitigate threats that may not yet be fully understood or quantifiable. - Coordination with Assurance Providers
To ensure comprehensive risk coverage, the new Code emphasizes the need for internal audit functions to coordinate with other assurance providers. This coordination is critical in organizations with complex risk environments, where various departments or third-party providers may be responsible for different aspects of risk management. For example, in large multinational corporations, risks such as supply chain disruptions or regulatory compliance may involve multiple assurance providers working in tandem with the internal audit function. - Diversity and Technology Integration
The new Code underscores the importance of diversity within internal audit teams, calling for a broader range of skills, experiences, and backgrounds. It also emphasizes the need for Chief Internal Auditors to ensure their teams have access to advanced technology, including data analytics and AI, to enhance audit effectiveness. This emphasis on both human and technological diversity reflects the evolving nature of internal audit, where sophisticated tools and a wide range of expertise are essential for navigating today’s complex risk environment.
The Impact on Corporate Governance
The Chartered IIA’s new Code is not just a tool for internal auditors; it is a critical development for corporate governance. As Sally Clark noted, “Internal auditors must be bold and proactive if they are to add value to the organizations that they work within.” The Code elevates internal audit’s role in protecting organizational assets and ensuring sustainability by offering a framework for more strategic and forward-looking audits. It aligns with broader governance frameworks, including the UK Corporate Governance Code, which calls for greater board accountability in risk management.
Moreover, the Code contributes to economic stability by reinforcing the role of internal audit in restoring public trust in governance. In recent years, high-profile corporate failures—such as the collapse of Carillion—have exposed weaknesses in governance frameworks. By setting higher standards for internal audit, the Chartered IIA hopes to prevent similar failures and strengthen the foundations of corporate governance across the UK and Ireland.
Conclusion: A New Era for Internal Audit
The Chartered IIA’s new Internal Audit Code of Practice is a pivotal advancement for internal auditors, audit committees, and boards alike. By enhancing transparency, expanding the scope of risk assessment, and emphasizing the importance of emerging risks, the Code equips organizations with the tools needed to navigate today’s increasingly complex risk environment. As internal auditors embrace a more proactive and strategic role, they will not only safeguard their organizations but also contribute to broader corporate governance reforms that are essential for economic stability.
The internal audit profession, bolstered by this new framework, is now positioned to play a critical role in the future of corporate governance. Organizations that embrace these changes will be better equipped to manage risks, protect their assets, and navigate the challenges ahead.
Take Control of Your Risk Landscape with Connected Risk Internal Audit
Empower your internal audit team to navigate today’s increasingly complex risk environment with Connected Risk Internal Audit. Enhance your organization’s governance, risk management, and compliance efforts by leveraging cutting-edge tools and real-time insights. Ensure comprehensive risk coverage, streamline reporting, and drive proactive decision-making with our integrated solution.
Ready to elevate your internal audit function and safeguard your organization’s future? Contact us today to schedule a demo and discover how Connected Risk can help you anticipate risks, improve transparency, and deliver value across your enterprise.
