TOPIC:

Fundamental principles an accountant must observe to achieve the objectives of

the accounting profession according to the IFAC ethics guidelines

Auditing is the on-site verification activity, such as inspection or examination, of

a process or quality system, to ensure compliance to requirements. An audit can apply to an
entire organization or might be specific to a function, process, or production step. Find more
information in the video, The How and Why of Auditing.

There are three discrete types of audits: product (which includes services), process, and
system. However, other methods, such as a desk or document review audit, may be employed
independently or in support of the three general types of audits.

Some audits are named according to their purpose or scope. The scope of a department or
function audit is a particular department or function. The purpose of a management audit
relates to management interests such as assessment of area performance or efficiency.

An audit may also be classified as internal or external, depending on the interrelationships

among participants. Internal audits are performed by employees of your organization.
External audits are performed by an outside agent. Internal audits are often referred to as
first-party audits, while external audits can be either second-party, or third-party.

 Types of audits

 Product audit – An examination of a particular product or service (hardware,

processed material, software) to evaluate whether it conforms to requirements (that is,
specifications, performance standards, and customer requirements).
 Process audit – A verification that processes are working within established limits. It
evaluates an operation or method against predetermined instructions or standards to measure
conformance to these standards and the effectiveness of the instructions. Such an audit may:
o Check conformance to defined requirements such as time, accuracy,
temperature, pressure, composition, responsiveness, amperage, and component mixture.
o Examine the resources (equipment, materials, people) applied to transform the
inputs into outputs, the environment, the methods (procedures, instructions) followed, and
the measures collected to determine process performance.
o Check the adequacy and effectiveness of the process controls established by
procedures, work instructions, flowcharts, and training and process specifications.
 System audit – An audit conducted on a management system. It can be described as a
documented activity performed to verify, by examination and evaluation of objective
evidence, that applicable elements of the system are appropriate and effective and have been
developed, documented, and implemented in accordance and in conjunction with specified
requirements.
o A quality management system audit evaluates an existing quality program to
determine its conformance to company policies, contract commitments, and regulatory
requirements.
o Similarly, an environmental system audit examines an environmental
management system, a food safety system audit examines a food safety management system,
and safety system audits examine the safety management system.

1
 Internal & external audits: first-, second-, and third-party audits

 A first-party audit is performed within an organization to measure its strengths and

weaknesses against its own procedures or methods and/or against external standards adopted
by (voluntary) or imposed on (mandatory) the organization. A first-party audit is an internal
audit conducted by auditors who are employed by the organization being audited but who
have no vested interest in the audit results of the area being audited.
 A second-party audit is an external audit performed on a supplier by a customer or
by a contracted organization on behalf of a customer. A contract is in place, and the goods or
services are being, or will be, delivered. Second-party audits are subject to the rules of
contract law, as they are providing contractual direction from the customer to the supplier.
Second-party audits tend to be more formal than first-party audits because audit results could
influence the customer’s purchasing decisions.
 A third-party audit is performed by an audit organization independent of the
customer-supplier relationship and is free of any conflict of interest. Independence of the
audit organization is a key component of a third-party audit. Third-party audits may result in
certification, registration, recognition, an award, license approval, a citation, a fine, or a
penalty issued by the third-party organization or an interested party.

Purposes of audits:
An auditor may specialize in types of audits based on the audit purpose, such as to verify
compliance, conformance, or performance. Some audits have special administrative purposes
such as auditing documents, risk, or performance or following up on completed corrective
actions.
4 Phases of an audit

1. Audit preparation – Audit preparation consists of everything that is done in advance

by interested parties, such as the auditor, the lead auditor, the client, and the audit program
manager, to ensure that the audit complies with the client’s objective. The preparation stage
of an audit begins with the decision to conduct the audit. Preparation ends when the audit
itself begins.
2. Audit performance – The performance phase of an audit is often called
the fieldwork. It is the data-gathering portion of the audit and covers the time period from
arrival at the audit location up to the exit meeting. It consists of activities including on-site
audit management, meeting with the auditee, understanding the process and system controls
and verifying that these controls work, communicating among team members, and
communicating with the auditee.
3. Audit reporting – The purpose of the audit report is to communicate the results of
the investigation. The report should provide correct and clear data that will be effective as a
management aid in addressing important organizational issues. The audit process may end
when the report is issued by the lead auditor or after follow-up actions are completed.
4. Audit follow-up and closure – According to ISO 19011, clause 6.6, “The audit is
completed when all the planned audit activities have been carried out, or otherwise agreed
with the audit client.” Clause 6.7 of ISO 19011 continues by stating that verification of
follow-up actions may be part of a subsequent audit.

2
 The Code of Ethics states the principles and expectations governing the behavior of
individuals and organizations in the conduct of internal auditing. It describes the minimum
requirements for conduct, and behavioral expectations rather than specific activities.

Introduction to the Code of Ethics

The purpose of The Institute's Code of Ethics is to promote an ethical culture in the
profession of internal auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to

add value and improve an organization's operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.

A code of ethics is necessary and appropriate for the profession of internal auditing, founded
as it is on the trust placed in its objective assurance about governance, risk management, and
control.

The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include
two essential components:

1. Principles that are relevant to the profession and practice of internal auditing.
2. Rules of Conduct that describe behavior norms expected of internal auditors. These
rules are an aid to interpreting the Principles into practical applications and are intended to
guide the ethical conduct of internal auditors.

"Internal auditors" refers to Institute members, recipients of or candidates for IIA

professional certifications, and those who perform internal audit services within the
Definition of Internal Auditing.

Applicability and Enforcement of the Code of Ethics

This Code of Ethics applies to both entities and individuals that perform internal audit
services.

For IIA members and recipients of or candidates for IIA professional certifications, breaches
of the Code of Ethics will be evaluated and administered according to The Institute's Bylaws
and Administrative Directives. The fact that a particular conduct is not mentioned in the
Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore,
the member, certification holder, or candidate can be liable for disciplinary action.

Code of Ethics — Principles

Internal auditors are expected to apply and uphold the following principles:

1. Integrity
The integrity of internal auditors establishes trust and thus provides the basis for reliance on
their judgment.

3
2. Objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating,
and communicating information about the activity or process being examined. Internal
auditors make a balanced assessment of all the relevant circumstances and are not unduly
influenced by their own interests or by others in forming judgments.
3. Confidentiality
Internal auditors respect the value and ownership of information they receive and do not
disclose information without appropriate authority unless there is a legal or professional
obligation to do so.
4. Competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of
internal audit services.

Rules of Conduct
1. Integrity
Internal auditors:
o Shall perform their work with honesty, diligence, and responsibility.
o Shall observe the law and make disclosures expected by the law and the profession.
o Shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization.
o Shall respect and contribute to the legitimate and ethical objectives of the
organization.

2. Objectivity

Internal auditors:
o Shall not participate in any activity or relationship that may impair or be presumed to
impair their unbiased assessment. This participation includes those activities or
relationships that may be in conflict with the interests of the organization.
o Shall not accept anything that may impair or be presumed to impair their professional
judgment.
o Shall disclose all material facts known to them that, if not disclosed, may distort the
reporting of activities under review.

3. Confidentiality
Internal auditors:
o Shall be prudent in the use and protection of information acquired in the course of
their duties.
o Shall not use information for any personal gain or in any manner that would be
contrary to the law or detrimental to the legitimate and ethical objectives of the
organization.
4. Competency
Internal auditors:
o Shall engage only in those services for which they have the necessary knowledge,
skills, and experience.
o Shall perform internal audit services in accordance with the International Standards
for the Professional Practice of Internal Auditing (Standards).
o Shall continually improve their proficiency and the effectiveness and quality of their
services.