Topic 3

Ethics and the Internal Auditor

What is Ethics?
Ethics in general:
Set of moral principles, values or acceptable behaviour
Science of morals, study of principles of human duty, rules of conduct
Provide standard of conduct in daily life

Breach of ethics

Corruption

Monetary/financial loss + tarnished image

Definition of ethics:
A set of moral principles that distinguish between what is right and what is wrong
It is a set of values that guide the conduct and the behavior of the individuals, enabling them

to differentiate between rights and wrong, good and bad and what should and should not be
done
Ethical behavior is not an act BUT a HABIT

Roots of Unethical Behaviour

Favour own interest over well-being of shareholders/stakeholders
Willing to abuse position/power to enhance individual interest
Rewards for behaviours that violate ethical behaviours
Managerial values undermine integrity

IIAs Code of Ethics

Purpose
All members of the IIA must maintain high standards of
conduct in order to effectively discharge their responsibility
The purpose of Code of Ethics is to promote an ethical culture
in the profession of internal auditing
Applicability and Enforcements
The code is applicable to all members of the IIA
Code of ethics applies to both individuals and entities that
provide internal auditing services
Violation of the Codes
Subject to forfeiture of the IIAs membership or CIAs
designation
4

Ethics and Independence

Independence not depending on authority of another, autonomous, free
Independent of the management should not be part of the management
Reporting to the Audit Committee
Power to appoint/remove and performance appraisal of internal auditor

should not rest with the management should be the power of Audit
Committee
Internal auditor should be independent of the activities they audit, work
should be carried out freely, objectively, impartially an unbiased
judgments
Could be achieved through organisational status and objectivity
- Organisational status: Should be sufficient to assure broad range of
audit coverage adequate consideration of an effective action on audit
findings and recommendations
- Objectivity: Internal auditor should have independent mental attitude,
honest belief in their work and avoid any conflict of interest

INTERNATIONAL PROFESSIONAL
PRACTICES FRAMEWORK [IPPF]

Differences between practices

framework which are mandatory &
strongly recommended
MANDATORY IPPF
Definition of International Auditing
Code of Ethics
IPPF of Internal Auditing(Standards)
principles-focused, provides
conceptual basis for internal auditors
to follow.

Differences between practices

framework which are mandatory &
strongly recommended
STRONGLY RECOMMENDED IPPF
Position
Papers

provide
understanding on issues of governance,
risk and control, and the roles and
responsibilities of internal auditors.
Practice Advisories provide guidance
on conforming to the Standards
Practice Guides provide information
on practical tools and techniques in
conducting the internal audit
8

Ethical Principles and Rules of

Conduct
This code is divided into 2 components:

Principles
Rules of conduct

Ethical Principles and Rules

of Conduct
1. Principles

The 4 ideals the

internal audit
professional should
aspire to maintain
in conducting their
work & represent
the core values
that internal
auditors must
uphold to earn the
trust of those who
rely on their
services.

2. Rules of Conduct

The 12 behavioral
norms that internal
auditor should follow
to put the Principles
into practices.
10

Components of
Code of Ethics

1. Principles
1. Integrity

2. Rules of
Conduct
Shall perform
with honesty,
diligence &
responsibility

Internal auditors
establish trust, thus
provides the basis for
reliance on their
judgment.

Shall observe the

law & make
disclosure
expected by the
law & the
profession
Shall not
knowingly be a
party to any
illegal activity, or
engage in acts
that are
discreditable.
Shall respect &
contribute to the
legitimate &
ethical objectives
11

Principles
2. Objectivity

2. Rules of
Conduct

Internal
auditors Shall
not
exhibit the highest
participate
in
level of objectivity in
any activity or
gathering,
relationship that
evaluating,
&
may impair or
communicating
be presumed to
information.
impair
their
Internal
auditors
unbiased
make
a
balanced
assessment.
assessment of all the
This
activity
relevant
includes those
circumstances
and
may
be
in
are
not
unduly
conflict with the
influenced by their
interest of the
own interests or by
organization.
others in forming
judgments.
12

1. Principl 2. Rules of Conduct

es
2.
Objectivity

Shall not accept

anything that may
impair or be
presumed to impair
their professional
judgment.
Shall disclose all
material facts known
to them, if not
disclosed, may distort
the reporting.

13

Objectivity
To be objective, internal auditors:
Aware of potential threats to their
objectivity such as personal
relationships or conflict of interests and
Avoiding misleading languages.
[Example accepting gifts from auditees,
auditing an operation in which their
works]
14

3.
Confidentiality

1.Principles

2. Rules of
Conduct

Internal
auditors
respect the
value &
ownership of
information
Internal
auditors do
not disclose
information
without
appropriate
authority
unless there
is legal or
professional
right

Shall be
prudent in
the use and
protection of
information
required.
Shall not use
information
for any
personal gain
or in any
manner that
would be
contrary to
the law or
detrimental
to the
legitimate

15

4. Competency

1. Principles

2. Rules of
Conduct

Internal
auditors
apply the
knowledge,
skills and
experience
needed.

Shall engage
only in those
services for
which they
have the
necessary
knowledge,
skills and
experience.
Shall perform
in
accordance
with the
Standards
Shall
continually
improve
proficiency

16

International Standards for the

Professional Practice of Internal
Auditing(ISPPIA).
The standards are principles-focused,
mandatory required in meeting the
responsibilities of internal auditors
and the internal audit activity.

17

Component of ISPPIA

18

Type of Standards

19

Attributes Standards

20

Attributes Standards

21

Performance Standards

22

Practice Advisories
Provide concise and timely guidance
as to how the Standards might be
implemented.

23

Whistleblowing and Internal

Audit
Whistleblowing the act of disclosing adverse information to

someone in the organization who is outside of the individuals normal

chain of command, or to a governmental agency or other authority
that is wholly outside the organization

Unauthorized dissemination by internal auditor, in good faith, of

serious information relating to questionable practices, whose

disclosure is perceived to be in the public interest. The information
may comprise audit results, findings, opinions, or information
acquired in the course of performing their duties

The authorized dissemination by internal auditors of audit results,

findings, opinions or information acquired in the course of performing

their duties to anyone outside the organisation or to the general
public

Encompasses any person(s) who made confidential reporting

beyond the stipulated authorized channels to another party whom

they believed to be able to act on it

24
24

Whistleblowing and Internal

Audit (cont.)
Whistleblower informers
U.S Sarbanes Oxley Act 2002 post corporate

collapse such as Enron, WorldCom

Sarbanes-Oxley Act (2002) requires that audit
committee to establish procedures for:
i) The receipt, retention and treatment of complaints
received by the issuer regarding accounting, internal
accounting controls or auditing matters and
ii) The confidential, anonymous submission by employees of
the issuer of concern regarding questionable accounting or
auditing matter

Establishment of internal regulated program e.g

25
25

whistleblowing policy, confidential reporting system

act as siren to alert the senior management of any
misconduct and malpractice

Internal Auditor as
Whistleblower?
Internal auditor may encounter misconduct and

wrong doing report to AC

But what if AC failed to resolve the matters reported?
Should the matters be reported to another party?
IIA if the communication results in a conclusion
that management, by its inadequate or lack of
actions, is exposing the organization to an
unacceptable level or risk, the CAE should consider
other options to achieve satisfactory resolution
Jubb (2000) auditing not constitute whistleblowing,
principally part of the nature of internal auditor job
26
26

Internal Auditor in the Whistleblowing

Process
Employees (whistleblower) more comfortable/

confident to report to the internal auditor

Internal auditor should foster ethical culture that
encourages employees to report misconduct
internally allowing the problem to be solved
internally
But, not to mitigate/discourage whistleblowing

27
27

List of whistleblowers
Cynthia Cooper of Worldcom
Sherron Watkin of Enron
Other cases of whistleblower

28
28

END OF TOPIC 3