Add to collection(s) Add to saved
  1. Business
  2. Management

study unit three internal audit ethics

1
STUDY UNIT THREE
INTERNAL AUDIT ETHICS
3.1
3.2
3.3
3.4
3.5
3.6
Codes of Ethical Conduct for Professionals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Audit Ethics – Introduction and Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Audit Ethics – Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Audit Ethics – Objectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Audit Ethics – Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Internal Audit Ethics – Competency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2
3
4
5
6
Adopting a code of ethical conduct is a hallmark of a profession. This study unit discusses the
importance of having a code of ethical conduct for professionals and the specifics of The IIA’s code.
Note Concerning Ethics Material: Ethics is an extremely important topic for all professionals.
Ethics material is tested on both Parts 1 and 2 of the CIA exam. Thus, Study Unit 3 is identical in
these two parts of the Gleim CIA Review.
3.1 CODES OF ETHICAL CONDUCT FOR PROFESSIONALS
1.
Reasons for Codes of Ethical Conduct
a.
b.
The primary purpose of a code of ethical conduct for a professional organization is to
promote an ethical culture among professionals who serve others.
Additional functions of a code of ethical conduct for a professional organization include
1)
2)
3)
2.
Communicating acceptable values to all members,
Establishing objective standards against which individuals can measure their
own performance, and
Communicating the organization’s values to outsiders.
Aspects of Codes of Ethical Conduct
a.
The mere existence of a code of ethical conduct does not ensure that its principles are
followed or that those outside the organization will believe that it is trustworthy. A
measure of the cohesion and professionalism of an organization is the degree of
voluntary compliance with its adopted code.
1)
b.
c.
3.
A code of ethical conduct worded so as to reduce the likelihood of members
being sued for substandard work would not earn the confidence of the public.
A code of ethical conduct can help establish minimum standards of competence, but it
is impossible to legislate equality of competence by all members of a profession.
To be effective, the code must provide for disciplinary action for violators.
Typical Components of a Code of Ethical Conduct
a.
A code of ethical conduct for professionals should contain at least the following:
1)
b.
Integrity: A refusal to compromise professional values for personal gain.
Another facet of integrity is performance of professional duties in accordance
with relevant laws.
2) Objectivity: A commitment to providing stakeholders with unbiased information.
Another facet of objectivity is a commitment to independence from conflicts of
economic or professional interest.
3) Confidentiality: A refusal to use organizational information for private gain.
4) Competency: A commitment to acquiring and maintaining an appropriate level of
knowledge and skill.
These four elements are the core principles of The IIA’s Code of Ethics.
Copyright © 2012 Gleim Publications, Inc., and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
2
SU 3: Internal Audit Ethics
3.2 INTERNAL AUDIT ETHICS – INTRODUCTION AND PRINCIPLES
1.
Introduction
a.
The IIA incorporates the Definition of Internal Auditing in the Introduction to the Code
of Ethics and specifies the reasons for establishing the Code.
Introduction to The IIA Code of Ethics
The purpose of The Institute’s Code of Ethics is to promote an ethical culture in the profession of
internal auditing.
Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve an organization’s operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is
on the trust placed in its objective assurance about governance, risk management, and control.
The Institute’s Code of Ethics extends beyond the Definition of Internal Auditing to include two
essential components:
1.
Principles that are relevant to the profession and practice of internal auditing.
2.
Rules of Conduct that describe behavior norms expected of internal auditors. These rules
are an aid to interpreting the Principles into practical applications and are intended to guide
the ethical conduct of internal auditors.
“Internal auditors” refers to Institute members, recipients of or candidates for IIA professional
certifications, and those who perform internal audit services within the Definition of Internal Auditing.
2.
Applicability
a.
The provisions of the Code are applied broadly to all organizations and persons who
perform internal audit services, not just CIAs and members of The IIA.
Applicability and Enforcement of the Code of Ethics
This Code of Ethics applies to both entities and individuals that perform internal audit services.
For IIA members and recipients of or candidates for IIA professional certifications, breaches of the
Code of Ethics will be evaluated and administered according to The Institute’s Bylaws and
Administrative Directives. The fact that a particular conduct is not mentioned in the Rules of Conduct
does not prevent it from being unacceptable or discreditable, and therefore, the member, certification
holder, or candidate can be liable for disciplinary action.
b.
3.
Violations of rules of ethics should be reported to The IIA’s Board of Directors.
Core Principles
a.
The 12 Rules of Conduct in the Code (listed in Subunits 3.3 through 3.6) are grouped
around the same four principles described in item 3. in Subunit 3.1: integrity,
objectivity, confidentiality, and competency:
1)
The integrity of internal auditors establishes trust and thus provides the basis for
reliance on their judgment.
Copyright © 2012 Gleim Publications, Inc., and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
3
SU 3: Internal Audit Ethics
2)
3)
4)
Internal auditors exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being
examined. Internal auditors make a balanced assessment of all the relevant
circumstances and are not unduly influenced by their own interests or by others
in forming judgments.
Internal auditors respect the value and ownership of information they receive and
do not disclose information without appropriate authority unless there is a legal
or professional obligation to do so.
Internal auditors apply the knowledge, skills, and experience needed in the
performance of internal audit services.
3.3 INTERNAL AUDIT ETHICS – INTEGRITY
1.
Rules of Conduct – Integrity
Rules of Conduct – Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and the profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to
the profession of internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.
EXAMPLE
From CIA Exam
An internal auditor working for a chemical manufacturer believed that toxic waste was being dumped
in violation of the law. Out of loyalty to the organization, no information regarding the dumping was
collected. The internal auditor
A.
Did not violate the Code of Ethics. Loyalty to the employer in all matters is required.
B.
Did not violate the Code of Ethics. Conclusive information about wrongdoing was not gathered.
C.
Violated the Code of Ethics by knowingly becoming a party to an illegal act.
D.
Violated the Code of Ethics by failing to protect the well-being of the general public.
This question emphasizes that the reason for the answer is as important as the answer itself.
Questions like this one make it clear that simple memorization of a list of rules provides only the
foundation for a sense of ethics. Knowing how to apply those rules to real-life situations is crucial
both on the exam and in a career in internal auditing.
(A) can be dismissed immediately. The IIA Code of Ethics imposes no absolute duty of loyalty to the
organization. Indeed, no meaningful code of ethical conduct would do so.
(B) is incorrect also. Under the justification provided in this response, the auditor is blameless
because (s)he only believed that illegal acts were occurring. This justification ignores the auditor’s
duty of diligence, that is, to gather sufficient, reliable, relevant, and useful information about a
material illegal act.
(C) is the correct response. A person with a duty to act who does not act violates an ethical if not a
legal obligation. By failing to respond properly to the information about possible illegal acts, the
auditor would become a guilty party if it is determined that illegal acts actually occurred. Thus, the
auditor violated the Rules of Conduct by (1) knowingly becoming a party to an illegal act,
(2) engaging in an act discreditable to the profession, (3) failing to make disclosures expected by the
law and the profession, and (4) not performing the work diligently.
(D) is irrelevant. The IIA Code of Ethics does not impose a duty to the general public.
Copyright © 2012 Gleim Publications, Inc., and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
4
SU 3: Internal Audit Ethics
3.4 INTERNAL AUDIT ETHICS – OBJECTIVITY
1.
Rules of Conduct – Objectivity
Rules of Conduct – Objectivity
Internal auditors:
2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their
unbiased assessment. This participation includes those activities or relationships that may be in
conflict with the interests of the organization.
2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of
activities under review.
2.
Conflict of Interest Policy
a.
A conflict of interest policy should
1)
2)
Prohibit the transfer of benefits between an employee and those with whom the
organization deals
Prohibit the use of organizational information for private gain
EXAMPLE
From CIA Exam
An internal auditing team has made observations and recommendations that should significantly
improve a division’s operating efficiency. Out of appreciation of this work, and because it is the
holiday season, the division manager presents the in-charge internal auditor with a gift of
moderate value. Which of the following best describes the action prescribed by The IIA Code of
Ethics?
A.
Accept it, regardless of other circumstances, because its value is insignificant.
B.
Not accept it prior to submission of the final engagement communication.
C.
Not accept it if the gift is presumed to impair the internal auditor’s judgment.
D.
Not accept it, regardless of other circumstances, because its value is significant.
This question is like the previous one in that it presents an ethical challenge with two outcomes but
four possible reasons.
(A) is incorrect because the inherent value of the gift is not the crucial factor. Rule of Conduct 2.2
prohibits the receipt of any gift, regardless of its monetary value, if its receipt “may impair or be
presumed to impair” the auditor’s judgment.
(B) is incorrect. The timing of the gift is irrelevant.
(C) is the best of the choices offered. According to Rule of Conduct 2.2, the decision whether to
accept a gift should be based on the potential impairment of the auditor’s judgment.
(D) is incorrect for the same reason as (A). Acceptance or rejection of the gift should be based on
whether the auditor’s professional judgment will be (or presumed to be) impaired, disregarding the
inherent monetary value of the gift.
Copyright © 2012 Gleim Publications, Inc., and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
5
SU 3: Internal Audit Ethics
3.5 INTERNAL AUDIT ETHICS – CONFIDENTIALITY
1.
Rules of Conduct – Confidentiality
Rules of Conduct – Confidentiality
Internal auditors:
3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.
3.2. Shall not use information for any personal gain or in any manner that would be contrary to the
law or detrimental to the legitimate and ethical objectives of the organization.
EXAMPLE
From CIA Exam
Which of the following most likely constitutes a violation of The IIA Code of Ethics by an internal
auditor?
A.
Discussing at a trade convention the organization’s controls over its computer networks.
B.
Deleting sensitive information from a final engagement communication at the request of
senior management.
C.
Investigating executive expense reports based completely on rumors of padding.
D.
Purchasing stock in a target organization after overhearing an executive’s discussion of a
possible acquisition.
This type of question requires a different deductive process than the one in the previous example.
That question described a scenario and gave the candidate four possible outcomes. This one
describes an outcome and requires the candidate to pick the matching scenario.
(A) is not a violation. Disclosure of information technology controls is not detrimental to the
objectives of the organization, and they are not likely to be trade secrets.
(B) is not a violation. If senior management permits the omission, the internal auditor is not guilty
of failing to disclose material facts.
(C) is not a violation. An investigation of expense accounts is within the internal auditor’s normal
responsibilities. (However, further investigation of fraud ordinarily should be made by investigative
specialists.)
(D) is the violation. Rule of Conduct 3.2 states, “Internal auditors shall not use information for any
personal gain or in any manner that would be contrary to the law or detrimental to the legitimate
and ethical objectives of the organization.” The auditor also might be prosecuted for insider
trading.
Copyright © 2012 Gleim Publications, Inc., and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
6
SU 3: Internal Audit Ethics
3.6 INTERNAL AUDIT ETHICS – COMPETENCY
1.
Rules of Conduct – Competency
Rules of Conduct – Competency
Internal auditors:
4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and
experience.
4.2. Shall perform internal audit services in accordance with the International Standards for the
Professional Practice of Internal Auditing.
4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.
EXAMPLE
From CIA Exam
An organization has recently placed a former operating manager in the position of chief audit
executive (CAE). The new CAE is not a member of The IIA and is not a CIA. Henceforth, the
internal audit activity will be run strictly by the CAE’s standards, not The IIA’s. All four staff internal
auditors are members of The IIA, but they are not CIAs. According to The IIA Code of Ethics,
what is the best course of action for the staff internal auditors?
A.
The Code does not apply because they are not CIAs.
B.
They should comply with the International Standards for the Professional Practice of Internal
Auditing.
C.
They must respect the legitimate and ethical objectives of the organization and ignore the
Standards.
D.
They must resign their jobs to avoid improper activities.
This type of question highlights the relationship between the Code and the Standards and the
candidate’s need to distinguish their various requirements.
(A) is not the best course of action. The IIA Code of Ethics may be enforced against IIA members
and recipients of, or candidates for, IIA professional certifications.
(B) is the correct response. Rule of Conduct 4.2 under the competency principle states, “Internal
auditors shall perform internal auditing services in accordance with the International Standards for
the Professional Practice of Internal Auditing.” Because the internal auditors are members of
The IIA, The IIA Code of Ethics is enforceable against them even though they are not CIAs.
(C) is not the best course of action. Internal auditors should respect and contribute to the
legitimate and ethical objectives of the organization. But an IIA member, a holder of an IIA
professional certification, or a candidate for certification may be liable for disciplinary action for
failure to adhere to the Standards.
(D) is not the best course of action. The IIA Code of Ethics says nothing about resignation to
avoid improper activities.
Copyright © 2012 Gleim Publications, Inc., and/or Gleim Internet, Inc. All rights reserved. Duplication prohibited. www.gleim.com
Related documents
Secondary Value Influences
Secondary Value Influences
A model for ethical decision-making
A model for ethical decision-making
Exploring the Concept of Organizational Integrity
Exploring the Concept of Organizational Integrity
sample credit union organizational code of ethics
sample credit union organizational code of ethics
HCS 335 week 3 Learning Team Assignment Code of Ethics Paper
HCS 335 week 3 Learning Team Assignment Code of Ethics Paper
Chapter 5 Learning Outline
Chapter 5 Learning Outline
Business Ethics: A View From The Trenches
Business Ethics: A View From The Trenches
Download