The UK’s regulatory regime is considered to be one of the strongest in the world with numerous regulators across non-ministerial departments, agencies and other public bodies. In this article, we look at what internal audit leaders can learn from regulators and what insights we can take from the regulatory horizon to inform the internal audit profession.
The third line in the Three Lines Model is about independence.
Internal audit operates alone in the third line complemented by regulators and other external assurance providers. Across all sectors, regulators impact the governance, risk management and internal control world of organisations and therefore internal auditors.
Click here for a useful list of regulators, available in our Templates & Tools section for reference.
Internal audit and regulators protect people and organisations by enforcing standards, advising on best practice and constructively addressing problems. Additionally, some regulators have economic responsibilities by promoting competitive forces in industries where monopolies can easily form such as CMA, Ofgem, Ofcom and Ofwat. Here in the UK, the internal audit profession is chartered, a status reserved for bodies that work in the public interest according to the Privy Council.
Regulators are bound by the Regulators Code which requires a risk-based approach, impartiality, gathering of evidence and clarity of communication among other attributes similar to the elements contained within the internal audit standards, and Code of Ethics.
Although regulators obviously have formal power, internal auditors share the same ambition to improve through influence and developing a partnership approach with governance leaders. Organisations can and often do use the assurance provided by internal auditors as an internal early warning mechanism to validate first and second line compliance activities, and potential regulatory breaches.
CAEs work hard to build effective relationships to ensure that internal audit delivers against its charter…