Danny McCance 15 Jul 2019 12:05pm

Code calls for “unrestricted” internal audit access

The Internal Audit Code of Practice, aimed at strengthening corporate governance and prevent corporate collapse, calls for much more extensive access for internal auditors

The code has been launched in the wake of high-profile corporate collapses like Carillion and following proposals from the Competition and Markets Authority and Sir John Kingman.

The key recommendation, among 30 provided by the Chartered Institute of Internal Auditors (CIIA), was for internal auditors to be given “unrestricted access” to all aspects of an organisation’s business.

It also called for internal auditors to be given full access to senior meetings, including executive committee meetings, and that they be provided “key management information”.

The code will for the first time will apply “comprehensive benchmarks” and give “detailed guidance” on effectively providing an internal audit to businesses outside of the financial services sector.

Brendan Nelson, BP audit committee chair and chair of the Steering Committee responsible for the new draft code, said that boosting the “status, standards, score and skills of internal audit” was the way to help businesses better manage risks and protect their assets.

“The draft code offers invaluable guidance about raising internal audit performance to help businesses and other organisations protect their assets, reputation and sustainability,” Nelson said.

Ian Peters, chief executive of the CIIA, said that the new code will “build on the success of the Financial Services Code [that CIIA] launched in 2013, which raised the profile and effectiveness of internal audit with the number of chief audit executives attending Executive Committees rising from 48% to 84%”.

He called on businesses and organisations to have their say on the code.

Alongside Nelson and Peters, the CIIA steering committee included Carolyn Clarke, head of audit, risk and control at Centrica; Byron Gote, audit committee chair for Tesco and Anglo American; Angela O’Hara, director of assurance and risk at Johnson Matthey; Colin Grey, senior vice president of risk and assurance at InterContinental Hotels Group, David Lindsell, audit committee chair at Drax Group, Paul Kaczmar, director of internal audit at Michael Page; Paul Boyle, chairman at Protect; and Paul George, executive director of corporate governance and reporting at the Financial Reporting Council.

Last week, business secretary Greg Clark stated his commitment to reforming audit, but added that this should only be “where it is needed” and must not undermine the UK’s standing as a “centre of audit expertise”.

Consultation on the draft Internal Audit Code of Practice closes on the 11 October.