The true value of internal audit lies in ensuring that these identified gaps are effectively addressed, and that risks are mitigated to an acceptable level. This is where a robust follow-up process becomes indispensable.

A key aspect of a successful IA function is the ability to strategically leverage the work performed by other assurance providers, particularly those within the second line of defence and external advisors. This blog post will explore how IA can effectively utilise the work of these crucial partners, drawing on best practices and the guidance highlighted in our recent internal discussions.

This briefing document provides an overview of the new Internal Audit Code of Practice (the "Code"), released in September 2024 and effective from January 2025. This Code, endorsed by the Chartered IIA’s Council, consolidates principles for effective internal audit across the financial services, private, and third sectors in the UK and Ireland. It aims to enhance the impact and effectiveness of internal audit by providing a benchmark of good practice.

This blog post delves into the ethics of internal auditing and the behaviour expectations placed upon auditors and their functions. We will explore the guiding principles that underpin this crucial profession, drawing upon the insights provided by the International Institute of Internal Auditors (IIA) Global Internal Audit Standards.

Does your Internal Audit Charter say that your function "complies" with the IIA Standards. if it does this means that you are committed to comply with the new IIA UK Code (Sept 2024). Given a reasonable period to bring your functions up to standard (say 12 months) if you are not complying with Principle 28 by Sept 2025 then you will not be not complying with your Charter or the Code.

In today's rapidly evolving business landscape, the Internal Audit function faces unprecedented challenges and opportunities. The increasing reliance on data, the proliferation of Artificial Intelligence (AI) systems, and the ever-present need for robust risk management necessitate a proactive approach to ensure the continued relevance and effectiveness of Internal Audit. The IIA Standard and, crucially for our context, the new IIA Code sets out guidance.

How do we ensure our teams are adequately equipped to fulfil this mandate effectively? The Institute of Internal Auditors (IIA) Standard provides a clear starting point, stating that the internal audit activity's resources should be "appropriate to the nature and complexity of the organisation, the risks inherent in its activities, and the size of the organisation."

Think of the Internal Audit Charter as the constitution for the internal audit function. It's a formal document that sets the stage for everything we do, including how we communicate our findings. Let's explore how these elements directly impact the crucial process of reporting audit findings.

As Internal Audit consultants, we often find ourselves immersed in the intricacies of processes, risks, and controls. But the true value of our work lies not just in identifying areas for improvement, but in effectively communicating those findings and ensuring they lead to meaningful change.

As Internal Audit professionals, our work doesn't conclude with the issuance of a report and recommendations. A crucial, and often understated, phase is verifying management actions. This process ensures that the agreed-upon steps have been implemented effectively and, most importantly, that they truly address the original risk gaps we identified.

Auditing the IT General Control environment is not just a technical exercise; it's a fundamental aspect of good governance.

The new IIA UK Internal Audit Code represents a significant step forward for the profession in the United Kingdom.

How does your audit team expect to audit AI systems in the future. Here is a guide to some of the areas that you need to consider. AI introduces unique risks and complexities that require specific attention. This post outlines key factors management should consider regarding AI governance and risk management, and the corresponding skills our IA team needs to effectively audit these systems.

This post outlines how an Internal Audit function can enhance its effectiveness and efficiency by integrating Data Analytics (DA).

Taking your QAIP seriously can significantly elevate the effectiveness and value of your internal audit function.

Think of an EQA as a health check for your internal audit team. It's a way to get an independent, expert opinion on how well your internal audit function is operating and whether it's following best practices.

What if an Internal Audit function chooses not to use a formal Audit Universe? How would they approach their annual planning?

As internal auditors, our mission is to provide independent and objective assurance and consulting services designed to add value.