The purpose of The Institute’s Code of Ethics is to promote an ethical culture in the profession of internal auditing.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. The Institute’s Code of Ethics extends beyond the definition of internal auditing to include two essential components:
1.Principles that are relevant to the profession and practice of internal auditing;
2.Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors.
The Code of Ethics together with The Institute’s Professional Practices Framework and other relevant Institute pronouncements provide guidance to internal auditors serving others. "Internal auditors" refers to Institute members, recipients of or candidates for IIA professional certifications, and those who provide internal auditing services within the definition of internal auditing.
Applicability and Enforcement
This Code of Ethics applies to both individuals and entities that provide internal auditing services.
For Institute members and recipients of or candidates for IIA professional certifications, breaches of the Code of Ethics will be evaluated and administered according to The Institute’s Bylaws and Administrative Guidelines. The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action.
Principles
Internal auditors are expected to apply and uphold the following principles:
Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
Confidentiality
Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.
Rules of Conduct
1. Integrity
Internal auditors:
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and the profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.
2. Objectivity
Internal auditors:
2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.
2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
3. Confidentiality
Internal auditors:
3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.
3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
4. Competency
Internal auditors:
4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
4.2 Shall perform internal auditing services in accordance with the Standards for the Professional Practice of Internal Auditing.
4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.
Mission Statement
Our mission is to assist members of Management and the Board of Directors in the effective discharge of their responsibilities. To this end internal audit will furnish them with analysis, appraisals, recommendations, counsel and information concerning activities reviewed.
We will achieve our mission by providing independent, value-added and risk-based audits.
Audit Notification Letter
To: Department head to be audited
C.C: Other concerned personnel
From: Director of internal audit
Subject: Audit of the department
Date:
The internal audit department at Company Name has scheduled an audit of the operations of the (specify the department or function) department. The audit will commence on (specify date) and is expected to continue until (specify date).
The auditors will be reviewing the following areas:
(Include all areas to be reviewed).
An audit report is expected to be issued by (specify date).
The auditor - in - charge will be (specify name) and he will be assisted by (specify names).
The internal audit charter grants the auditors full and free access to the department’s records and personnel. Accordingly, you are kindly requested to facilitate such access.
The auditors will make every effort to minimize the disruption of the department’s operation to the minimum possible. Your full cooperation with them will be vital in ensuring that they complete their work effectively and efficiently.
Please do not hesitate to contact me should you have any question on the above.
____________
Signature
Final Audit Report
To: Management Date::
C.C: Board of Directors,Audit Committee
From: Internal Audit Department
Subject: Final Audit Report – (insert unit name)
The internal audit department at Company Name has completed the audit of (insert the name of the department, function, project or transaction audited and the period covered).The audit took place during the period from (insert audit start date) to (insert audit completion date).Our audit was conducted in accordance with the standards issued by the Institute of Internal Auditors (use this sentence only if the audit was conducted in accordance with the standards).
Our audit was conducted for the purpose of (state the objectives of the audit and whether it was conducted at the request of management).Our audit included, but was not limited to, reviews of the following:
(Insert list of major audit procedures applied)
Our findings and recommendations are summarized as follows:
Summary of findings:
(Insert a brief summary of the major findings)
Summary of recommendation:
(Insert a brief summary of the major recommendations)
Summary of action plans
(Insert a summary of action plans taken or will be taken to correct a deficiency).
Summary of management response
(Insert a brief summary of management response to audit findings)
The details of the findings, recommendations, management response and action plans are attached to this report.
Our review indicated that the (insert name of the department, function, etc.. under review) is well managed with generally good controls over its operations ( list exceptions if any)
Workpapers Retention and Access Policy
Access Policy
Work papers are the property of Company Name, but they should remain under the custody of the internal audit department and should be accessible only to authorized personnel.
Access to work papers by management and other members of Company Name. is subject to the approval of the director of internal audit.
Access to work papers by third parties is subject to the approval of management and/or legal counsel as appropriate.
External auditors may have access to work papers subject to the approval of the director of internal audit.
Retention Policy
All work papers and files should be stored in a secured place at all times.
Permanent work papers are kept as long as the company exists.
Current work papers will be maintained for five years, after which they will be destroyed.
Review notes should be retained unless the questions raised have been resolved and the work papers have been amended accordingly.
The director of internal audit should always consult with the company’s legal counsel on legal issues, which may affect the retention policy in Country Name.
Follow Up Letter
Internal Audit Department
To: Management Date:
C.C: Board of Directors
From: Internal Audit Department
Subject: Follow-up Report – ( insert unit name)
We refer to our final audit report dated (insert date) relating to the audit of (insert unit name and period covered) and to the follow-up work performed during the period from (insert date) to (insert date) and we would like to summarize the results of our work as follows:
Resolved Findings:
( list here all final audit findings that have been resolved by the auditee and the actions taken to resolve them)
Unresolved Findings:
( list here all unresolved findings, the original final audit recommendations, the auditee response and the current condition of the findings)
Exposure to the Company
(discuss in this section the exposure arising as a result of not resolving the findings)
As evidenced by the above exposure ,every effort should be exerted to resolve the outstanding findings as soon as practical to minimize the company’s exposures and risks.
