IIA training and events

Internal Audit Code of Practice

Guidance on effective internal audit in the private and third sectors

Our Internal Audit Code of Practice aims to enhance the overall effectiveness of internal audit, and its impact, within organisations operating in the UK and Ireland.

Its recommendations can be regarded as a benchmark of good practice against which organisations can assess their internal audit function.

The Code is principles-based. It is expected that the Code should be applied proportionately, and therefore smaller organisations should apply the principles on which the Code is based in light of their size, risk profile and internal organisation and the nature, scope and complexity of their operations.

Download the full Internal Audit Code of Practice


Who is it for?

The Code applies to organisations in the private and third sectors with an internal audit function and audit committee of independent non-executive directors.

It is based on Effective Internal Audit in the Financial Services Sector (‘Financial Services Code’), but internal audit functions in financial services should continue to follow the ‘Financial Services Code’ which contains provisions which are specific to financial services.

Whilst it may prove useful for internal audit in the public sector, it is not drafted with the public sector specifically in mind and public sector internal audit functions should continue to follow the Public Sector Internal Audit Standards.

BP Audit Committee Chair Brendan Nelson was part of the independent Steering Committee that led the Code’s development. Hear what he has to say about purpose of the Code and who it’s for.


What recommendations does the Code make?

The Code makes 38 recommendations, formulated following a thorough twelve-week public consultation process in which our independent Steering Committee engaged and gathered the views of a range of stakeholders including internal audit professionals, executive and non-executive directors, professional bodies, business groups and the professional services firms.

In this video, Brendan outlines just a few of those recommendations and why they’re important.


How should it be applied?

The Code of Practice should be applied in conjunction with the existing International Professional Practices Framework (IPPF) published by the Global Institute of Internal Auditors, which includes the International Standards for the Professional Practice of Internal Auditing (‘the IIA Standards’).

The Code builds on those Standards and seeks to increase the effectiveness and impact of internal audit within organisations by clarifying expectations and requirements.

Contextualising your understanding of the Code requires cross reference with our technical guidance. In particular, our Code overlaps with the following pieces of guidance:

Relevant guidance

Internal audit charter

Supplemental guidance: Model Internal Audit Charter

IIA Global - Model audit committee charter

Audit universe

How to derive an IT audit universe

Sector specific – FS - Risk assessments and prioritisation of internal audit work

Annual internal audit coverage plans

Concept and theory

The board's role

The role of internal audit

Risk maturity

Risk based internal audit planning in financial services

Emerging risk assessment in internal audit

Coordination of assurance services

Auditing corporate governance

Sector specific – FS - Annual governance, risk and control assessments

Board evaluation

Organisational culture

Top tips: Making culture part of your DNA

Reward and recognition

Performance management

Organisational change

Projects

Auditing projects in the early stages

Research and development

Supply chains

Shared services

Outsourced services

Sector specific – FS - Outcomes of processes

Delivering internal audit findings

Following up recommendations/management actions

Things to consider when preparing your internal audit opinion

Employee engagement

Recruitment and selection

Sickness absence

Talent management

Training and development

Accounts payable

Accounts receivable

Accruals and prepayments

Bank reconciliation

Health and safety

Managers acknowledging risk

Standards for managing risks

Operational responsibilities

Position paper – Risk management and internal audit

How internal audit works with the audit committee

Position paper – Independence and objectivity

How to set up a new internal audit activity

Secondments

Coaching

Communication skills

Difficult clients

Mentoring

Presentation skills – top tips

Quality and the International Standards

Quality assurance and improvement programmes

Ensuring quality in the smallest internal audit activities

Internal audit performance management

Financial Services - Internal audit effectiveness

Internal audit file reviews

Improving audit efficiency

Measuring internal audit effectiveness and efficiency

Internal audit manual