Ethics and Internal Auditing

The internal auditor have a duty to gather, analyze, and document relevant, reliable, and sufficient information to support their assertions, opinions, and recommendations to the Board and Management. It is critical the internal auditor has full and unrestricted access to all company records, property, and personnel to prevent the opportunity for a company employee to falsify, manipulate, or distort information. This level of unrestricted authority should be granted by a formal internal audit charter, approved and communicated by the Board and Management of the company at least annually. As trusted custodians of company information internal auditors must hold themselves accountable to a strict Code of Ethics. If the internal auditor is a Certified Internal Auditor, then they must apply and uphold the 4 following principles as defined by the Institute of Internal Auditors:


1. Integrity - The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.

2. Objectivity - Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.

3. Confidentiality - Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

4. Competency - Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Internal Audit's Role in Corporate Governance

The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal Auditors. The IPPF guidance includes mandatory guidance, which includes the Definition of Internal Auditing, the Code of Ethics, and the Standards.

With respect to Governance Standard 2110, "the internal audit activity must assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:

• Promoting appropriate ethics and values within the organization;
• Ensuring effective organizational performance management and accountability;
• Communicating risk and control information to appropriate areas of the organization; and
• Coordinating the activities of and communicating information among the board, external and internal auditors, and management."

Earlier in 2010, Boundless LLC asked Paul Washington, Chair for Society of Corporate Secretaries and Governance Professionals and the Corporate Secretary and Deputy Counsel for Time Warner how Internal Audit should be involved in assessing and making recommendations regarding board composition and governance structures, and his view was that "The board is not immune to internal audit and it is appropriate for Internal Audit to assess the rigor around board structure and processes." This can truly be the starting point for internal audit to understand the culture and the "tone at the top." While auditing the Board may be easier said than done, we must appreciate the fact that this is part of our professional obligation as such we need to communicate this to our Boards to engage in candid and constructive dialogue with key stakeholders.