Guidance
Know Your Code
To demonstrate conformance with The IIA's International Standards for the Professional Practice of Internal Auditing (Standards), an organization must have a policy that establishes the expectation that audit staff will comply with The IIA's Code of Ethics (The Code) requirements. Also, there must be evidence that the policy is communicated to and understood by the internal audit staff.
|
The Code is part of The IIA's International Professional Practices Framework and includes four main professional principles - integrity, objectivity, confidentiality, and competency - as well as rules of conduct expected of practitioners. While most organizations have a formalized corporate code of ethics that sets forth the rules of conduct expected of their employees, these corporate codes tend to be general in nature and are not specific to internal audit practices.
"There are several ways to attest where an audit shop is adhering to The Code," says Victor Gaines, CIA, CGAP, CFE, IIA technical director, Standards and Guidance. "The attestation may be incorporated into the organization's internal audit charter, which is approved by the audit committee and reviewed by employees on a periodical basis, or it may be referenced in the audit report itself. Sometimes just asking employees if they are aware of an official professional code is the easiest way to discover problems."
Other examples of evidence of compliance include audit policies and procedures, interviews with selected auditors and/or clients, and an annual evaluation. "Surveys of a cross-section of auditors and clients to determine their levels of awareness with The Code can also be helpful in a quality assessment," Gaines says.
