Audit & Risk

Financial Services Code: Time for review

When we published the Code, we promised to conduct a thorough review after three years. The time has come for us to deliver, writes Ian Peters, CEO of the Chartered IIA.

in CEO Blog.

As I write this, the UK financial services sector is in reasonable shape, despite challenging global economic and political conditions and the concerns raised by the EU referendum result. Just a few years ago it was a very different story.   

In 2012, UK regulators were reflecting on the causes and consequences of the global financial crisis. As part of that process, they asked searching questions about the state of internal audit in financial institutions.  While internal audit was not directly implicated in the biggest failures that caused the crash, there was nevertheless a sense that it could and should have done more to help avert – or at least to draw attention to – the decisions that precipitated the crisis.  

Against that backdrop, and following discussions with regulators, the institute responded with a new approach: a framework for effective internal audit across the financial services sector, underpinned by the International Professional Practices Framework and IIA Global’s standards.  We consulted widely with internal audit professionals, senior executives and non-executives; and set up an independent committee, chaired by Roger Marshall (audit committee chairman of Old Mutual), to develop what became the institute’s ‘Code for Effective Internal Audit in Financial Services’, published in July 2013.  Its aim was to support internal audit to become a fully effective tool for boards to manage risk and help them to drive the right behaviours throughout organisations – to raise expectations.  

The regulators participated in the process, warmly welcomed the Code when it was published, and have been referring to it ever since as a gauge of the effectiveness of corporate governance. As Prudential Regulation Authority chief Andrew Bailey put it, the Code “raised the bar”. 

Since then the Code has benefitted internal auditors, and the organisations they serve, across all parts of the financial services sector. Boards and audit committees use it to deliver more effective challenge on the management of risk and internal control, through a better understanding of the role of internal audit and better and more productive engagement. And it has lent credibility and status to the profession.  

Last year, we reviewed initial progress in implementation of the different provisions of the Code.  The resulting progress report, Surfing the Wave (July 2015), showed a real impact in terms of internal audit’s access to the board and executive committees, its reporting lines and its resources.  And earlier this year the Prudential Regulation Authority confirmed its view that “the Code has undoubtedly had a positive effect”.

But there is no room for complacency.  When we published the Code, we promised to conduct a thorough review after three years.  The time has come for us to deliver.  

So we have been talking to heads of internal audit, to audit committee chairs, to other non-executives as well as executives, and to the regulators, to get a closer view on the current state of play and to discuss how best to conduct our review. The formal review process will get under way shortly – we will make an announcement about it soon.  But I can already say that it will consist of two phases.    

First, we will be seeking views from the profession and its clients; firm evidence of impact; and feedback about any areas where it has been challenging to implement the Code, or issues which are not covered adequately.  We will do this by way of formal consultation, survey activity, and more in-depth discussions with individual institutions – of differing sizes, in different parts of the sector such as retail and investment banking, asset management and insurance. 

Secondly, the evidence will be considered by an independent committee of senior practitioners, audit committee members and other non-executives, with input from the regulators.  That committee will make recommendations about whether the Code needs to be amended;  or whether the focus needs to be on additional guidance, on assessing performance against its provisions, or on other action to support the profession and raise standards. 

We have raised the bar once.  Perhaps the time has come to raise it again?  The next few months will give us the answer.    

The IIA: find out more

Visit the main IIA site

Jobs

Auditor

Post Number: FSA02
Grade: 7- SO2 Salary: £23,166 - £29,854
Hours: 37 per week

Audit Manager

£38,789 - £42,474 pa
37 hpw, permanent.

Senior Internal Auditor

Sector: Not For Profit
Salary: £41,000 (raising to £46,000 after probation)
Location: London
Job Ref: SD/148943

Careers advice

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Training & Development

CPE: Solid foundations

Continuing professional education is an important tool for developing your skills, progressing through your career and ensuring that the qualification and the profession are respected. The Chartered IIA’s CPE requirements will be changing in April to bring them into line with those of IIA Global. So what do you need to know to stay ahead?
Words: Ruth Prickett

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Tools

You asked us

Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve recently asked.

Early warning systems

New regulatory demands for whistleblowing – or “speak up” – policies are raising the bar on best practice. Internal auditors need to take note.
Words: Alexander Glebovskiy

CPE: Solid foundations

Continuing professional education is an important tool for developing your skills, progressing through your career and ensuring that the qualification and the profession are respected. The Chartered IIA’s CPE requirements will be changing in April to bring them into line with those of IIA Global. So what do you need to know to stay ahead?
Words: Ruth Prickett