Banks and other financial institutions are set to face a beefed up internal auditing regime under a new code for auditors unveiled today.
The overhauled code from the Chartered Institute of Internal Auditors (IIA) promises to widen the scope of the balance sheet scrutiny to avoid a repeat of questionable accounting practices and risky behaviour that contributed to the global financial crisis of 2008.
Last month's Parliamentary Commission report called for an improvement of financial firms' internal auditing systems. Northern Rock, the Royal Bank of Scotland and HBOS almost collapsed between 2007 and 2008 despite being given a clean bill of health by their internal auditors.
Under the new code, internal auditors will be empowered to assess the management of risk in any part of the firm. This will cover financial risks of capital and liquidity adequacy but also poor treatment of customers and corporate mergers such as RBS's disastrous acquisition of the Dutch bank ABN Amro in 2007. Auditors will be able to assess whether a firm has been behaving according to its own stated ethical values. And to enhance the independence of auditors, they will report primarily to the chair of the firm's audit committee, rather than the company's management.
The new IIA code has been welcomed by the Bank of England, which now has over-arching regulatory authority over the financial sector. "Throughout the financial crisis the role of internal auditors has received relatively little scrutiny," said Andrew Bailey, pictured, the head of the Bank's Prudential Regulatory Authority. "This guidance raises the bar."
However, Mr Bailey warned the new code would only be effective if firms' management and internal audit committees threw their weight behind the new regime.
The new code was drawn up by an independent committee established by the IIA. It was chaired by Roger Marshall, the head of the audit committee of the FTSE 100 insurer Old Mutual. The committee drew on input from the financial industry as well as regulators.
And Mr Marshall's committee said that, after listening to industry feedback, that it did not want internal auditors to "second guess" the decisions of company directors.