Companies will be forced to review their internal auditor every year after they have been in post for seven years, according to new rules published by the Chartered Institute of Internal Auditors (IIA).
The IIA said, where the tenure of the Chief Internal Auditor exceeds seven years, the Audit Committee should “explicitly discuss” annually the Chair’s assessment of the internal auditor’s independence and objectivity.
It also said the Chair should be accountable for setting the objectives of the internal auditor and appraising his or her performance at least annually.
The new guidance, produced with the support of the Bank of England, PRA, FCA, and FRC, aims to strengthen the role of internal auditors in UK companies.
As per current rules, companies are obliged to put their external audit out to tender every 10 years, and change external auditor at least every 20 years.
Ian Peters, chief executive of the IIA, said: “The new code should make internal audit an even stronger watchdog in managing risk effectively in UK financial services.
“It is not just about changing the ‘tone at the top’ but about helping to achieve a sea change in culture in banks and financial services firms – a shift in attitudes and behaviours. To achieve this, there needs to be systematic and objective assessment of behaviour at the frontline, not just in the boardroom.
“Overall, the enhanced code should help ensure that internal auditors can play their full part in effectively protecting the assets, reputation and sustainability of their organisations.”
The new financial services code, ‘Effective internal audit in the financial services sector’, can be found here.