The Proposed Internal Audit Code of Practice: A Necessity or A Duplication?
The Chartered Institute of Internal Auditors has published for consultation a draft of a proposed Internal Audit Code of Practice. According to the Institute, the 30 recommendations included in the draft are aimed at enhancing the overall effectiveness of internal audit, and its impact, in the UK and Ireland. The recommendations can be regarded as a benchmark of good practice against which organizations can assess their internal audit function.
The Institute emphasized that the code should be applied in conjunction with the existing International Professional Practices Framework (IPPF). It continued to mention that the code builds on the IIA standards and seeks to clarify expectations and requirements needed to strengthen the effectiveness and impact of internal audit.
The 30 principle-based recommendations cover the following areas:
· Role and mandate of internal audit
· Scope and priorities of internal audit
· Reporting results
· Interaction with risk management, compliance and finance
· Independence and authority of internal audit
The recommendations range from identifying the primary role of internal audit to calling for the internal audit to have sufficient and timely access to key management information and right of access to all of the organization’s records.
The code which is described as “voluntary” is written in the context of a reasonably sized organization operating in all private sector organizations within the UK and Ireland. Modifications may be needed to accommodate the size, scope, risk profile and complexity of operations of various organizations.
- Duplicate the IIA standards and add little value
- Complement the IIA standards
- Add significant value to the IIA standards.