The Chartered Institute of Internal Auditors has updated their Internal Audit Financial Services Code of Practice which acts as guidance on effective internal audit for organisations in the financial services sector, both with internal and outsourced internal audit functions.
The intended audience for this updated publication includes chief audit executives, executive and non-executive directors, and in particular members of audit and risk committees, working in financial services. The previous version was published in 2017 and has been shown to have a positive impact on the internal audit profession; promoting good practice and raising the professional bar for internal audit across the financial services sector.
According to the CIIA, the latest research on the Code has found that it remains relevant and its recommendations are fundamentally sound and therefore do not require substantive changes. The 2021 Code has been updated to include:
- A change of emphasis from iterating that all financial services organisations should comply with the Code to an emphasis on applying the Code proportionally
- Provisions for the recipients of the Code which emphasise its specificity to the financial services sector. Internal audit functions outside the financial services sector should follow the ‘Internal Audit Code of Practice: Guidance on effective internal audit in the private and third sectors’.
Other key changes to the Code include:
- Additional guidance to cover the relationship with external audit has been added and asserts that the chief audit executive and the partner responsible for the external audit should ensure appropriate and regular communication and sharing of information
- Additional guidance to address outsourced internal audit functions in which the Code still applies. The emphasis is on empowerment of the chief audit executive (“CAE”) function by stating that the CAE should always be employed directly by the organisation to ensure they have sufficient and timely access to key management information and decisions. Please note that this change fits in with existing SMCR requirements
- Quality assurance capability has been updated to be referred to as ‘Quality Assessment and Improvement Programme’.
In conclusion, the updated Code only contains minor changes to the previous edition and can be regarded as a benchmark of good practice against which organisations can assess their internal audit function.
If you have any queries on how to apply the updated Code please do not hesitate to contact a member of our team.
Subscribe to receive the latest BDO News and Insights
Please fill out the following form to access the download.