Code of Ethics

The Institute of International Auditors Code of Ethics was adopted on June 17, 2000.

The purpose of the Institute's Code of Ethics is to promote an ethical culture in the profession of internal auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. The Institute's Code of Ethics extends beyond the definition of internal auditing to include 2 essential components:
  • Principles that are relevant to the profession and practice of internal auditing;
  • Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors.
Internal auditors are expected to apply and uphold the following principles:
  • Integrity: The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
  • Objectivity: Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
  • Confidentiality: Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
  • Competency: Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services.
Rules of Conduct
  • Integrity: Internal auditors shall:
    • Perform their work with honesty, diligence, and responsibility
    • Observe the law and make disclosures expected by the law and the profession
    • Not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization
    • Respect and contribute to the legitimate and ethical objectives of the organization
  • Objectivity: Internal auditors shall:
    • Not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interest of the organization
    • Not accept anything that may impair or be presumed to impair their professional judgment
    • Disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review
  • Confidentiality: Internal auditors shall:
    • Be prudent in the use and protection of information acquired in the course of their duties
    • Not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization
  • Competency: Internal auditors shall:
    • Engage only in those services for which they have the necessary knowledge, skills, and experience
    • Perform internal auditing services in accordance with the Standards for the Professional Practice of Internal Auditing
    • Continually improve their proficiency and the effectiveness and quality of their services