UP EXPERT OPINION: The ethics of internal audit and the internal audit of ethics

Posted on May 27, 2024

To celebrate Internal Audit Awareness Month in May, this article highlights the role of ethics in internal auditing. In January 2024, the Institute of Internal Auditors (IIA) issued the new Global Internal Audit Standards (GIAS). The GIAS consists of five domains, 15 principles and 52 standards that internal auditors must adhere to when providing assurance and advisory services to their clients.
 
Domain II is titled “Ethics and Professionalism” and replaces the previous IIA Code of Ethics. It outlines the behavioural expectations for professional internal auditors. The five principles are integrity, objectivity, competence, due professional care and confidentiality.
 
Acting with integrity implies that internal auditors are honest and perform their work with professional courage. This entails taking appropriate action, even when confronted by dilemmas and difficult situations.
Maintaining objectivity implies having an impartial and unbiased attitude when performing internal audit services and making decisions. Internal auditors must avoid conflicts of interest and must not be unduly influenced by their own interests or the interests of others. Furthermore, internal auditors must recognise and avoid any impairments to objectivity.
 
Internal auditors also need to demonstrate competency which requires developing and applying the knowledge, skills and abilities to provide internal audit services. To improve the effectiveness and quality of internal audit services, internal auditors must participate annually in continuing professional development (CPD) initiatives such as obtaining relevant certifications and completing relevant education and training programmes.
 
Internal auditors must also apply due professional care in planning and performing internal audit services. This includes the application of professional scepticism to critically assess and evaluate the reliability of information. It further entails that internal auditors must maintain an attitude that includes inquisitiveness, being straightforward and honest when raising concerns and asking questions about inconsistent information.
 
Finally, internal auditors need to maintain confidentiality. Due to the fact that internal auditors have access to client information, they need to be prudent in the use of such information and only make disclosures if there is a legal obligation to do so.
 
Apart from taking cognisance of the ethics of internal auditors as described above, the internal audit function (IAF) also needs to audit the ethics of an organisation. The GIAS state that internal auditors must evaluate the adequacy and effectiveness of an organisation’s governance processes. These processes include building an ethical organisational culture in line with the recommendations of the fourth King Report on Corporate Governance issued by the Institute of Directors in South Africa.
 
It is management’s responsibility to implement a sound ethical organisational culture. This can be done by implementing, amongst others, a formal ethics management framework. Such a framework consists of key components that are needed within an organisation to build an ethical organisational culture.
 
The first component is leadership commitment. Without the necessary buy-in from top management, organisations will not succeed in building an ethical culture. Second, governance structures are needed at multiple levels within the organisation. For example, at the strategic level, a social and ethics committee can provide oversight for the effective implementation of the ethics management framework. At a systems level, an ethics officer or ethics office can take responsibility for managing ethics within the organisation. At operational level, various ethics champions can “walk the ethics talk”. Third, a formal ethics management process forms part of the ethics management framework. The ethics management process consists of the following steps:
  • Identifying ethics risks (such as reputational damage) and opportunities;
  • establishing an ethics strategy;
  • developing a code of ethics or conduct and related policies (such as gifts, conflicts of interests and entertainment policies);
  • institutionalising the ethics codes and related policies; and
  • monitoring and reporting on ethics performance.
 
The fourth and final component of the ethics management framework is the independent assessment of ethics performance in the organisation. This is where the IAF can add value by assessing the adequacy and effectiveness of the organisation’s ethics management framework. In an assurance capacity, the IAF can provide assurance on whether the ethics management framework is effective in building an ethical organisational culture. In an advisory capacity, the IAF can provide advice and assistance to an organisation that has not yet implemented a formal ethics management framework.
 
When performing an internal audit of ethics, the IAF can, for example, consider the following:
  • Is ethics a standing item on the agenda of the governing body (the board of directors or accounting officer)?
  • Are adequate governance structures in place to manage ethics within the organisation?
  • Are ethics risks identified on a regular basis?
  • Is ethics made real in the organisation by embedding ethics codes and policies?
  • Is there regular ethics awareness training and ethics dialogue (discussing ethical dilemmas and finding solutions that consider the interests of all stakeholders)?
 
In conclusion, the ethics of internal auditors and the internal audit of ethics are two distinct dimensions of ethics that need to be considered by internal auditors. On the one hand, one has the professional ethical principles and values that internal auditors must possess to guide their ethical behaviour, and on the other hand, the role of the IAF in providing assurance on the organisational ethics of their clients. Considering these two dimensions will, to a large extent, address ethical dilemmas that may arise in the internal audit domain of any organisation.
 
Prof Kato Plant is a Professor in the University of Pretoria’s Department of Auditing and her research focuses on professional learning, audit quality, organisational governance and ethics
 
 

Copyright © University of Pretoria 2024. All rights reserved.

FAQ's Email Us Virtual Campus Share Cookie Preferences