06 July 2015
Internal audit is driving significant changes in how the financial services sector deals with governance and risk, says the Chartered Institute of Internal Auditors (IIA).
These findings come as a result of a survey of Heads of Internal Audit (HIAs) and interviews with audit committee chairs, which looked at how the sector dealt with governance and risk since the IIA Financial Services Code (The Code) was introduced in July 2013.
According to the IIA, the Code has driven these changes by setting out consistent expectations of internal audit functions for boards, audit committees and regulators alike. It was launched to help all firms improve their management of risk as they respond to intense public, investor and regulatory pressure to improve corporate governance.
Key findings of the survey include the result that 72% of Heads of Internal Audit are line-managed by their Audit Committee chair, compared to 56% in July 2013. The code recommends that the primary reporting line of internal audit departments should be to the board.
The survey also found that the Code has had a marked impact on the position and status of the HIA – 84% now attend executive committee meetings, compared to just 48% in 2013. All HIAs have full access to audit committee papers (compared to 89% in 2013), 90% to board papers (69% in 2013) and 84% to executive committee papers (69% in 2013).
Additionally, the Code recommended that internal audit’s scope should include a number of areas, including risk and control culture and the setting of risk appetite. The survey found that 93% now carry out audit work on risk culture (compared to 54% in 2013) and 90% now carry out work on the setting of risk appetite (59% in 2013).
Ian Peters, Chief Executive of the Chartered Institute of Internal Auditors said: ‘The Code has driven change in the area of corporate culture. Our report Culture and the role of internal audit – looking below the surface released last year found that the audit of corporate culture and tone at the top are now priorities for financial services firms.’
The report was supported by global consulting firm, Protiviti. Lindsay Dart, Managing Director of Protiviti Limited said: ‘The Code has evidently stimulated internal audit functions to raise their game and demonstrate their increasing value to their organisation. As a result, we can see that internal audit is increasingly regarded by the financial services sector as being essential to sound corporate governance and risk management.’