ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Business and governance
    5. Charities
    6. Coronavirus
    7. Corporate and financial reporting
    8. Cyber security
    9. Ethics
    10. Insolvency
    11. ICAS Research
    12. Pensions
    13. Practice
    14. Public sector
    15. Sustainability
    16. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

Internal audit and its role in corporate governance

Internal audit plays a key part in the corporate governance environment. Alan Simpson CA considers its role.

The board of directors is ultimately responsible for the organisation’s effective governance. Corporate governance is the collective name given to the various policies, rules, practices and processes established by authority of the board to govern the organisation effectively, monitor their application and to meet its objectives.

Internal audit can play a key role here providing what is sometimes known as the Third Line of Defence.

The Institute of Internal Auditors has published a position paper on Internal Auditing’s Role in Corporate Governance in which it states that “Internal audit’s role in governance is vital. Internal audit provides objective assurance and insight on the effectiveness and efficiency of risk management, internal control and governance processes. A vibrant and agile internal audit function can be an indispensable resource supporting sound corporate governance.”

Internal audit can give additional value by including reviews of the organisation's processes and procedures in areas such as:

  • Corporate culture
  • How the organisation first identifies and then chooses how to manage risks
  • Sustainability
  • Cybersecurity
  • Business planning
  • Geopolitical risk

UK requirements on corporate governance

The UK has produced the following requirements and principles for corporate governance:

1. Listed companies

For companies listed on the London Stock Exchange (LSE), the FRC have published the UK Code of Corporate Governance. The Code is applicable to all companies with a premium listing on the LSE,  whether that company is incorporated in the UK or elsewhere. The latest version of the Code (“2018 UK Code of Corporate Governance”) applies to accounting periods beginning on or after 1 January 2019.

2. Larger private companies

The UK Government introduced secondary legislation in June 2018 (The Companies (Miscellaneous Reporting) Regulations 2018 ) which requires all companies with more than 2,000 employees and in addition have a turnover of more than £200 million and a balance sheet total exceeding £2 billion that are not already required to give a corporate governance statement, to provide details of their corporate governance arrangements. To assist large private companies (as defined above) to comply with this legislation, in December 2018 the FRC published in December 2018 the Wates Corporate Governance Principles for Large Private Companies.

How the different elements of governance come together

All LSE-listed companies are required by the Code to have an audit committee which operates in effect as a sub-committee of the Board but there is no requirement in this Code for any company, irrespective of size, to have an internal audit function.

1. The Board

The Code, in Section 4 (“Audit, Risk and Internal Control”), requires the Board to:

“…establish formal and transparent policies and procedures to ensure the independence and effectiveness of internal and external audit functions and satisfy itself on the integrity of financial and narrative statements.”

“…present a fair, balanced and understandable assessment of the company’s position and prospects.”

“… establish procedures to manage risk, oversee the internal control framework, and determine the nature and extent of the principal risks the company is willing to take in order to achieve its long-term strategic objectives”

2. Audit committee

Section 4 of the Code requires that much of the above responsibilities are delegated to the audit committee. This is a key committee and it is required to consist of at least 3 (2 for listed companies below the FTSE 350 threshold) independent non-executive directors and that the Chair of the board is excluded from membership. The committee is responsible for carrying out governance responsibilities in respect of audit, risk and internal controls and will report to the board as appropriate.

There is also a requirement that the company’s annual report must describe what the audit committee does. If there is no internal audit function, then the annual report must give “an explanation for the absence, how internal assurance is [otherwise] achieved, and how this affects the work of external audit…” . The Code stipulates that one of the duties of the audit committee is thus “monitoring and reviewing the effectiveness of the company’s internal audit function or, where there is not one, considering annually whether there is a need for one and making a recommendation to the board .”Formed in 2015, the ACCIF (Audit Committee Chairs’ Independent Forum) is an independent group based on FTSE 350 company audit committees. It was established to ‘promote good governance by enhancing the leadership of Audit Committee Chairs through the sharing of experiences and the establishment of best practice’. Jock Lennox, an ICAS member, is the Chair of its Board and Mike McKeon, the current ICAS President, is also a Board member.

3. Internal audit

Where an internal audit function exists, the audit committee will place great reliance on its work to give an independent, objective view on how well (or otherwise) the organisation is addressing major business risks. It is thus vital that internal audit is given adequate oversight and support by the committee to enable it to provide increased value to the organisation in fast-moving times which are likely to bring fresh risks. This requires:

  • Regular meetings during the year between the audit committee, the head of internal audit and the external audit partner.
  • Internal audit is closely involved in the organisation’s discussions on risk.
  • A properly resourced and staffed internal audit function.
  • An independent review by outside consultants every two or three years of the adequacy of the internal audit function.
  • Internal audit’s independence from operational management and internal politics is monitored and protected by the audit committee.
  • That the head of internal audits feels able to raise informally and timeously any pressing concerns on risk or on internal controls with the audit committee chair.

Please also refer to the ‘What makes a good internal audit’ article for the comments of audit committee members on what they regard comprises an effective internal audit.

Is it compulsory for a company to have an internal audit function?

Surprisingly, no. Whilst many large UK companies do indeed have an internal audit function, you may be astonished that there is no compulsion for a limited company (regardless of its size, or whether it is listed on the London Stock Exchange or not) for it to have an internal audit function. The FRC’s 2018 UK Corporate Governance Code only requires companies to either have an internal audit function on a comply or explain basis.

In contrast to the UK, the world’s largest stock exchange, the New York Stock Exchange (NYSE), made it compulsory from 2013 for all companies listed on it to have an internal audit function. Unlike the world’s second-largest stock exchange, the US NASDAQ (National Association of Security Dealers Automatic Quotation), which does not require companies on it to have an internal audit function.

2023-03-MarksElectrical 2023-03-MarksElectrical
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: