October 2019

CIIA raising the bar

Businesses fail because of a lack of corporate governance. Even with good financial performance, a business can fail if there is poor corporate governance.

It doesn’t happen overnight though, and the warning signs are there, if you look for them. You might see things like: management who undermine the various governance structures by circumventing or ignoring internal controls; decision makers who misrepresent to auditors and the Board; inadequately qualified audit committee members who do not have the appropriate qualifications or experience to analyse key business transactions; or ignorance by auditors of the financial results and red flags.

Does this all sound far-fetched? Not really. Think of the likes of Carillion, retail giants BHS and Sports Direct, or even the Volkswagen emissions scandal. At the heart of these stories lie some fundamental governance failures. Someone, somewhere forgot to ask the questions.

The world around is changing, and so must we. There has never been a more critical time for internal auditors to help businesses protect their assets, reputation and sustainability. New and emerging risks – such as cybersecurity, macroeconomic and political uncertainty, climate change – are shaping how internal auditors must work and face the future.

Right now, the Chartered Institute of Internal Audit (CIIA) is consulting on a new internal audit code of practice to raise the bar across the profession. Multinational corporations like BP, Tesco and Centrica are just a few of those involved in the CIIA’s independent steering committee.

Not another code?
The code of practice will be a new, over-arching document and be based on the Financial Services (FS) Code it produced in 2013 and updated in 2017

The consultation is due to close on Friday 11 October, and once the Institute has landed this document, it will look to create a charities IA code, a public sector IA Code, and perhaps a retail IA code. It might even be appropriate to create a social housing IA code.

The IA Code of Practice that is currently available for consultation (link below) has been mapped to the IPPF to ensure that there are no contradictions or conflicts. But its intention is to strengthen and boost internal audit’s function by covering the role and mandate of internal audit; internal audit’s scope which then has an impact on what should be internal audit’s priorities; and finally, reporting, including timing, content and scope.

So, why another code? Well, through 30 recommendations its purpose will be to contribute to raising the profile of internal audit throughout industries by documenting a number of requirements: for example, the functional and administrative reporting lines of internal audit, namely, to the audit committee chair and CEO respectively. With a proposed ‘access all areas’ pass to a business’ operations, the board, its committees and executive management should set the right ‘tone at the top’ to ensure support for, and acceptance of, internal audit at all levels of the organisation – how should this be done? And something that will hit closer to home is the proposal that the independence and objectivity of the chief internal auditor should be discussed annually with the chair of the audit committee where the CIA’s tenure exceeds seven years. For some internal audit activities, it may be that they are already conforming to the requirements of this code, for others, the various elements will be aspirational.

What can you do?
HIAF is supporting the CIIA in this consultation. We are looking for members to share their thoughts as to whether or not the IA Code of Practice is appropriate; whether there are other areas you would wish to see covered and/or where you think the Code goes, perhaps, too far in stipulating internal audit’s role.

Remember! The IA Code of Practice will be the first time that organisations, outside of the financial services sector, will be given comprehensive benchmarks for them to meet and detailed guidance about running an effective internal audit function. Once agreed, the new Code will be the industry benchmark for best practice internal audit. It will also provide a gauge for boards, audit committees and, where appropriate, UK regulatory authorities to assess the role, function and effectiveness of internal audit functions.

HIAF doesn’t want our members to miss out on this opportunity. If you haven’t yet submitted a response, please visit https://www.iia.org.uk/research-and-insight/internal-audit-code-of-practice-consultation/ by Friday 11 October 2019.

2019 Draft Accounts

We are pleased to publish the 2017-2018 draft accounts for your review. Click here to view…>