Internal Audit Code of Practice
Guidance on effective internal audit in the private and third sectors
Our Internal Audit Code of Practice aims to enhance the overall effectiveness of internal audit, and its impact, within organisations operating in the UK and Ireland.
Its recommendations can be regarded as a benchmark of good practice against which organisations can assess their internal audit function.
The Code is principles-based. It is expected that the Code should be applied proportionately, and therefore smaller organisations should apply the principles on which the Code is based in light of their size, risk profile and internal organisation and the nature, scope and complexity of their operations.
Download the full Internal Audit Code of Practice
Who is it for?
The Code applies to organisations in the private and third sectors with an internal audit function and audit committee of independent non-executive directors.
It is based on Effective Internal Audit in the Financial Services Sector (‘Financial Services Code’), but internal audit functions in financial services should continue to follow the ‘Financial Services Code’ which contains provisions which are specific to financial services.
Whilst it may prove useful for internal audit in the public sector, it is not drafted with the public sector specifically in mind and public sector internal audit functions should continue to follow the Public Sector Internal Audit Standards.
BP Audit Committee Chair Brendan Nelson was part of the independent Steering Committee that led the Code’s development. Hear what he has to say about purpose of the Code and who it’s for.
What recommendations does the Code make?
The Code makes 38 recommendations, formulated following a thorough twelve-week public consultation process in which our independent Steering Committee engaged and gathered the views of a range of stakeholders including internal audit professionals, executive and non-executive directors, professional bodies, business groups and the professional services firms.
In this video, Brendan outlines just a few of those recommendations and why they’re important.
How should it be applied?
The Code of Practice should be applied in conjunction with the existing International Professional Practices Framework (IPPF) published by the Global Institute of Internal Auditors, which includes the International Standards for the Professional Practice of Internal Auditing (‘the IIA Standards’).
The Code builds on those Standards and seeks to increase the effectiveness and impact of internal audit within organisations by clarifying expectations and requirements.
Contextualising your understanding of the Code requires cross reference with our technical guidance. In particular, our Code overlaps with the following pieces of guidance:
Relevant guidance
Supplemental guidance: Model Internal Audit Charter
IIA Global - Model audit committee charter
How to derive an IT audit universe
Sector specific – FS - Risk assessments and prioritisation of internal audit work
Annual internal audit coverage plans
Risk based internal audit planning in financial services
Emerging risk assessment in internal audit
Coordination of assurance services
Sector specific – FS - Annual governance, risk and control assessments
Top tips: Making culture part of your DNA
Auditing projects in the early stages
Sector specific – FS - Outcomes of processes
Delivering internal audit findings
Following up recommendations/management actions
Things to consider when preparing your internal audit opinion
Position paper – Risk management and internal audit
How internal audit works with the audit committee
Position paper – Independence and objectivity
How to set up a new internal audit activity
Presentation skills – top tips
Quality and the International Standards
Quality assurance and improvement programmes
Ensuring quality in the smallest internal audit activities
Internal audit performance management
Financial Services - Internal audit effectiveness
Measuring internal audit effectiveness and efficiency
