Course Title: Advanced

Auditing and EDP

Instructor: Lemessa B.(PhD)

Chapter One: Overview
Major Developments in Auditing in the 21st Century
Four events, in particular, shifted the auditing profession in one form or
another.
Each has had a considerable influence on internal auditing as it’s practiced
today, and has helped define the role of today’s auditor.
1. Flagrant Financial Reporting Fraud
Financial reporting fraud has most likely been present since the beginning
of financial reporting itself.
But the extent and audaciousness of the reporting frauds at the start of the
21st century were unprecedented.
While Fortune magazine named Enron “America’s most innovative company”
for six years, little did anyone know that its greatest innovation may actually
have been dreaming up new ways to deceive auditors and investors.
 Overview Cont’d
And Enron was not alone as we consider WorldCom, Tyco, and others.
The biggest impact on internal auditing as a result of these scandals was
probably the U.S. Sarbanes-Oxley Act of 2002 — particularly Section
404, which focuses on internal controls over financial reporting.
A problem companies and external audit firms faced was that many
employees lacked internal control expertise.
Company personnel had for years been working to squeeze costs out of
routine processes, and external audit firms had shifted away from
detailed testing of processes.
Most companies looked to their internal auditors to help them
understand controls and comply with the new law.
We all learned that while financial reporting was supposedly mature,
internal auditors cannot ignore a risk area just because we have become
comfortable with it.
 Overview Cont’d
2. Financial Markets Meltdown
What does one do when banks that are “too big to fail” look like they
are going to collapse under the weight of toxic loans and market
illiquidity?
In a conversation with Fortune 50 in 2008, a chief financial officer said
that a government bailout was needed, as liquidity in the banking
system is like blood in the human body — when it is missing, nothing
works and a transfusion is required.
These events taught us all a lot about risk.
While enterprise risk management (ERM) was birthed before the
financial market meltdown, ERM’s lack of maturity became painfully
evident during this period.
N.B: ERM is the process of planning, organizing, leading, and
controlling the activities of an organization in order to minimize the
effects of risk on an organization's capital and earnings.
Overview Cont’d
Financial institutions that were revered for their ERM expertise
were the same ones that apparently didn’t fully understand risk
or see concentrations of risk.
Many internal auditors who had been trained to audit internal
controls over financial reporting were now asked to roll up their
shirt sleeves to help implement or improve ERM processes.
The “best” role for internal audit in ERM has not been agreed
upon, nor probably will it ever be, given the differences among
organizations.
But it is clear that internal auditing needs to live and breathe
risk.
Overview Cont’d
3. Cybersecurity
A newer issue for virtually every organization is cybersecurity risk.
What started as seemingly isolated attacks on companies for
specific purposes has grown into a generalized concern over
security of all electronic data.
Today, it would be difficult to find a board of directors that doesn’t
have cybersecurity on its agenda.
Internal auditors were often caught unprepared for this risk.
For decades, many audit functions have struggled to find enough
qualified IT auditors.
With cybersecurity risk, that task is even more difficult.
Such situations require expertise of penetration-testing auditors.
The technology is new, and the way it is implemented relies on
st
Overview Cont’d
4. Bribery and Corruption
Bribery and corruption have been part of human history for about
as far back as records exist.
Many countries have passed new laws addressing bribery — some
stronger than others.
Every company of reasonable size faces risk not only of bribery
perpetrated by its employees, but also of violating strict laws that
are strongly enforced.
Perhaps the most glaring example of bribery occurred at German
industrial group Siemens, where it was reported that processes
organized to implement bribery payments were quite mature.
But any observers who think the risk only involves large
organizations would be fooling themselves.
All it takes is one person with access to cash for bribery to
Overview Cont’d
Lessons From the Past
While it is interesting to look back on the events that have shaped
internal auditing, practitioners must ask themselves what they
should learn from these events moving forward.
A few key messages stand out:
Human behavior is always a risk.
Each of the aforementioned events resulted from people making the
wrong decisions, often for the wrong reasons.
The world of potential risks we might face is enormous.
No matter how good our risk assessments may be, we will not always
be able to anticipate the next big event.
While new risks regularly come into view, the old ones never seem to
go away completely.
Overview Cont’d
So what should an internal auditor, specifically, take away
from this retrospective look?
S/he must stay true to what makes her/him indispensable to
their respective organizations.
Audit departments should assemble the best talent they
possibly can, stay focused on risk, keep watching for what is
happening inside and outside the organization, and challenge
themselves to ever increasing levels of performance.
Any less would be a disservice (harmful practice) to their
organizations.
 Credibility Crisis to the Accounting
Profession in 21st Century
The 21st century saw various company scandals that
undermined the accounting profession.
We see in the next few slides some of such scandals,
particularly of Enron, Tyco, and WorldCom Companies briefly.
I. The Enron Scandal
The Company Profile
• In 1985, Enron was born from the merger of Houston Natural
Gas and InterNorth.
• Kenneth Lay, the former chief executive officer of Houston
Natural Gas, became CEO, and the next year won the post of
chairman.
• Started trading futures in Gas Contracts.
• Soon got the control of over 25% of the all Gas business.
• Began trading in commodities like steel, coal, weather risk,
etc.
Enron Cont’d
Partners in Crime
• Kenneth Lay- the Chairman
• Andrew Fastow - The CFO
• Jeffrey Skilling- The President and CEO
• Arthur Anderson- The accounting Firm
Enron Cont’d
Causes of the Enron Scandal
• Dubious Accounting Practices
• Enron’s misleading Accounts
• Mark to market accounting—a measure of the fair value of accounts
that can change over time, such as assets and liabilities—with an aim to
provide a realistic appraisal of a company's current financial situation.
• Special Purpose Entities (such as limited partnerships with outside
parties, a company is permitted to increase leverage and ROA without
having to report debt on its balance sheet.)
• Executive compensation
• Financial Audit
• Over-statement of Profits
 Enron Cont’d
• On an annualized basis between 1995 and 2000:
– Enron's assets grew 38%,
– revenues grew more than 60%, and
– earnings grew 12%.
Enron Cont’d
The Whistle Blower
• On Feb 14, 2002, Sherron Watkins, the Enron whistleblower,
testifies before a Congressional panel against Skilling and Lay.
Sherron Watkins is an Enron vice president.
She wrote to Lay in the past expressing concerns about
Enron's accounting practices.
The Rise and Fall of Enron

The company’s success was based on artificially inflated profits, dubious accounting
practices, and – some say – fraud.
Enron Cont’d
Enron Cont’d
Role of Auditor
The Internal Audit Department
• Should have ensured the compliance of SA 240, SA 520.
• Should maintain a tight internal control system established by the board
members & directors
• Report directly to the CEO
• Direct consultation with the board of director
• Submit a quarterly report to the board and the supervisory committee.
Statutory Auditor
• Ensured compliance with SA 700 and SA 720.
• Independent from the company and the board
• Abides with accounting principles and rules
• Should hold neutral opinions
Enron Cont’d
Enactment of Sarbanes Oxley Act
In response to the Arthur Anderson, Enron, The Sarbanes
Oxley Act seeks to
• Restore the public confidence in both public
accounting and publicly traded securities.
• Assure ethical business practices through heightened
levels of executive awareness and accountability.
II. TYCO
SCANDAL
Tyco Cont’d
Company History
Founded in 1960 by Arthur J. Rosenburg
Initially supported by government research contracts
In 1964 it became a publicly owned company
It was in control of 16 companies by 1968
In 1974 its stock was listed on the NYSE
Between 1982 and 2000 it undertook several subdivisions
Tyco Cont’d
It participated in several different industries:
Electronics
Fire & Security
Healthcare
Plastics & Adhesives
Engineered Products & Services
It employed over 267,000 people
Its services and products were provided worldwide
In January of 2002 questions began to arise concerning the
business practices of three top executives at Tyco . . .
 Graduate of Seton Hall
Dennis Kozlowski University
Began work at Tyco in
1976
Worked his way up
through the company,
becoming CEO in 1992
Was key in an $850 million
dollar purchase of an
under seas fiber-optic
cable business from AT&T
 Dennis Kozlowski
On June 3, 2002 he
resigned for “personal
reasons”
On September 12, 2002 he
was formally indicted on
several charges
On October 7, 2003 he
went to trial
Mark Swartz Previously worked for
Deloitte & Touche
Started working at Tyco in
1991
In 1995 he became the
CFO
He was nominated for a
CFO Excellence Award in
2000
September 12, 2002 he Mark Swartz
was formally charged and
pleaded innocent
October 7, 2003 he went
to trial
February 10, 2004 he
testified on his behalf
Mark Belnick Chief Legal Officer of Tyco
He supposedly accepted a Mark Belnick
17 million dollar “gift”
from the company to
remain silent
He was indicted for
falsifying business records
On July 15, 2004 he was
acquitted after deciding to
risk prison time in order to
have his name cleared
Where the Money Went
Over 600 million was stolen from Tyco
9 million dollar home in Boca Raton, Fl and Park Avenue
apartment in Manhattan for Kozlowski
Bonuses of 56 million and 28 million to Kozlowski and Swartz
respectively
15,000 dollar umbrella stand, 6,300 sewing basket, coat
hangers for 2,900, and a 1,650 dollar appointment book
A variety of expensive paintings
A bonus of 17 million to Belnick
“Pres Monte Carlos” by Monet from Kozlowski’s personal collection.
The Charges
They were charged with civil fraud and theft
Other charges against Kozlowski and Swartz included
corruption, conspiracy, grand larceny, and falsifying records
The maximum sentence for the two would be 30 years each
Belnick would only receive a maximum sentence of 4 years
All three pleaded innocent in court
Facts Related to Stock Market
Kozlowski sold 5.5 million shares of Tyco stock, receiving 280
million dollars
2 million shares were also sold by Swartz who earned 125
million dollars
None of the sales were disclosed to the public
"Messrs. Kozlowski, Swartz and Belnick treated
Tyco as their private bank, taking out hundreds of
millions of dollars of loans and compensation
without ever telling investors. Defendants put
their own interests above those of Tyco's
shareholders. Those shareholders deserved better
than to be betrayed by the management of the
company they owned.” - Stephen M. Cutler (SEC
Director of Enforcement)
Outcomes
The trial of Kozlowski and Swartz was declared a mistrial on
April 2, 2004
They will be tried again in 2005
Belnick was proven innocent on July 15, 2004
Implications
Implications
The company re-structured their management, firing a total
of 9 executives on their board
Most notably, Edward Breen was hired as the new CEO and
David FitzPatrick was hired as the new CFO
On May 6, 2003 a new ethical guide was distributed to all
employees
Tyco Guide to Ethical Conduct
“Tyco's commitment to the highest standards of integrity
begins with making sure that everyone across the Tyco
organization understands the company's core values—
integrity, excellence, teamwork, and accountability. That
understanding begins with the Tyco Guide to Ethical Conduct,
a 32-page booklet that provides a guide to help employees
know what is expected from them and to help them make
good decisions.”
Possible Precautions
Companies could more closely monitor their employees for
unethical conduct
The government could monitor accounting practices of
companies more closely
Any executives of companies who exhibit suspicious behavior
should be closely watched
III. Corporate Governance: The
WorldCom Scandal
The WorldCom Scandal: A Chronology of Events
Founded in 1983 by Bernie Ebbers, WorldCom began as a re-
seller of long-distance telephone services.
Having bought around 50 other small long-distance firms, the
Mississippi-based company set its sights on MCI, America’s
second-biggest long-distance carrier, in 1997.
A high share price helped WorldCom outbid competitors,
securing a $37 billion merger in September 1998.
Two years later Mr. Ebbers tried to buy Sprint, another
American rival, but was blocked by antitrust regulators on both
sides of the Atlantic.
 WorldCom: Chronology of Events…
With WorldCom’s share price tumbling, and a probe by regulators
in the offing, Mr. Ebbers resigned as chief executive in April 2002.
Shortly after, the discovery of massive fraud in WorldCom’s
accounts shook stock markets around the world and prompted the
company to file for bankruptcy protection.
Two of its most senior finance officers were charged with fraud.
Michael Capellas, previously boss at Compaq, took WorldCom's
helm.
In May 2003 the company, renamed MCI, settled an investigation
into its accounting for $1.51 billion.
WorldCom: Chronology of Events…
In August of that year, the outlines of a radical overhaul of its
corporate governance, required by the settlement, were
published, and in November the company emerged from
bankruptcy in better financial shape than its competitors.
But the company's troubles are not over yet: Oklahoma's
attorney general filed another big lawsuit against it, this one
alleging that the company unfairly exploited the telecoms
regulations at the expense of competitors.

-from the Economist, June 27, 2004

46
What was the most salient financial fraud committed by
WorldCom’s top management?
Over the five quarters leading up to July 2002, WorldCom
“misclassified” almost $4 billion of telecoms-maintenance
costs as capital spending that could be depreciated over
several years, not one.
This egregious error is even more offensive to common sense
than Enron's use of off-balance-sheet vehicles.
Overview Cont’d

IFRS = International Financial Reporting

Standards
Scope:
1. Full IFRS
2. IFRS for SMEs
Financial Reporting
General purpose financial reporting
aims to provide useful financial information about the
reporting entity to primary users who cannot require the
reporting entity to provide information directly to them.
Special purpose financial reporting
responds to the requirements of users that have the authority
to require the reporting entity to provide the information that
they need for their purposes directly to them. Examples
include:
prudential regulation reporting requirements

tax reporting requirements

International Financial Reporting
Standards (IFRS)—Full
Designed for general purpose financial reporting by profit-
oriented entities
might be found to be appropriate for not-for-profit activities too
Focused on information needs of (primary users) existing and
potential investors, lenders and other creditors who
cannot require information from the entity
information to enable primary users to make their own assessments
of the reporting entity’s prospects for future net cash inflows
as a basis for their decisions to buy, hold, sell equity and debt
instruments or to provide a loan or to require settlement of a loan
The IFRS for SMEs
Designed for general purpose financial reporting by entities that
are not ‘publicly accountable’
An entity has public accountability if:
its debt or equity trades (or is being prepared to trade) in a
public market; or
it holds assets in a fiduciary capacity for a broad group of
outsiders as one of its primary businesses.
Focused on economic decision-making information needs of a broad
range of users who cannot require information from the entity
also shows the results of the stewardship of management
International Standards on Auditing : The
Clarified Standards
The final set of clarified standards comprise 36 International
Standards on Auditing (ISAs) and International Standard on Quality
Control (ISQC) 1, including:
One new standard, addressing communication of deficiencies
in internal control;
16 ISAs containing new and revised requirements (these
have been referred to as "revised and redrafted ISAs"); and
20 ISAs that have been redrafted to apply the new
conventions and reflect matters of general clarity only (these
have been referred to as "redrafted ISAs and redrafted ISQC
1").
Structure of the ISAs

The ISAs now have a new structure, in which information is presented in

separate sections: Introduction, Objective, Definitions, Requirements, and
Application and Other Explanatory Material.
Introduction
Introductory material may include information regarding the purpose, scope, and
subject matter of the ISA, in addition to the responsibilities of the auditors and
others in the context in which the ISA is set.
Objective
Each ISA now contains a clear statement of the objective of the auditor in the
audit area addressed by that ISA.
Structure of the ISAs…
Definitions
For greater understanding of the ISAs, applicable terms have been defined in
each ISA.
Requirements
Each objective is supported by clearly stated requirements. Requirements are
always expressed by the phrase "the auditor shall."
Application and Other Explanatory Material
The application and other explanatory material explains more precisely what a
requirement means or is intended to cover, or includes examples of procedures
that may be appropriate under given circumstances.
 ISAs and ISQC 1
A complete list of the individual standards that comprise the clarified ISAs, as well
as ISQC 1, is below. These standards are available to view and/or download under
Publications & Resources.
The Basis for Conclusions for each ISA and ISQC 1 can be found under Publications
& Resources
. These staff-prepared documents provide background information, main comments
received on the exposure drafts, and the IAASB's conclusions regarding these
comments in developing the final standard.
In finalizing the 2012 Handbook of International Quality Control, Auditing, Review,
Other Assurance, and Related Services Pronouncements (the handbook), editorial
and formatting changes were made to some ISAs from the 2010 handbook.
General Principles and Responsibilities
A bridging document has been prepared which provides an overview of these changes.
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit
in Accordance with International Standards on Auditing
ISA 210, Agreeing the Terms of Audit Engagements
ISA 220, Quality Control for an Audit of Financial Statements
ISA 230, Audit Documentation
ISA 240, The Auditor's Responsibilities Relating to Fraud in an Audit of Financial
Statements
ISA 250, Consideration of Laws and Regulations in an Audit of Financial Statements
ISA 260, Communication with Those Charged with Governance
ISA 265, Communicating Deficiencies in Internal Control to Those Charged with
Governance and Management
Risk Assessment and Response to Assessed Risks
ISA 300, Planning an Audit of Financial Statements
ISA 315, Identifying and Assessing the Risks of Material Misstatement
through Understanding the Entity and Its Environment
ISA 320, Materiality in Planning and Performing an Audit
ISA 330, The Auditor's Responses to Assessed Risks
ISA 402, Audit Considerations Relating to an Entity Using a Service
Organization
ISA 450, Evaluation of Misstatements Identified during the Audit
Audit Evidence
ISA 500, Audit Evidence
ISA 501, Audit Evidence-Specific Considerations for Selected Items
ISA 505, External Confirmations
ISA 510, Initial Audit Engagements-Opening Balances
ISA 520, Analytical Procedures
ISA 530, Audit Sampling
ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting
Estimates, and Related Disclosures
ISA 550, Related Parties
ISA 560, Subsequent Events
ISA 570, Going Concern
ISA 580, Written Representations
Using Work of Others
ISA 600, Special Considerations-Audits of Group Financial Statements

(Including the Work of Component Auditors)

ISA 610, Using the Work of Internal Auditors

ISA 620, Using the Work of an Auditor's Expert

Audit Conclusions and Reporting
ISA 700, Forming an Opinion and Reporting on Financial Statements

ISA 705, Modifications to the Opinion in the Independent Auditor's Report

ISA 706, Emphasis of Matter Paragraphs and Other Matter Paragraphs in

the Independent Auditor's Report

ISA 710, Comparative Information-Corresponding Figures and

Comparative Financial Statements

ISA 720, The Auditor's Responsibilities Relating to Other Information in

Documents Containing Audited Financial Statements

60
Specialised Areas
ISA 800, Special Considerations-Audits of Financial Statements Prepared in

Accordance with Special Purpose Frameworks

ISA 805, Special Considerations-Audits of Single Financial Statements and
Specific Elements, Accounts or Items of a Financial Statement
ISA 810, Engagements to Report on Summary Financial Statements
Ethiopian Code of Professional Accountants issued by the Office of Federal Auditor General
The Code recognizes that the objectives of the accountancy
profession are to work to the highest standards of professionalism,
to attain the highest levels of performance and generally to meet
the public interest requirement set out above.
These objectives require four basic needs to be met:
Credibility
In the whole of society there is a need for credibility in information
and information systems.
It is essential that the information be considered to be thoroughly
accurate and reliable and viewed as impartial by knowledgeable
third parties.
Cont’d
Professionalism
There is a need for individuals who can be clearly identified by
clients, employers and other interested parties as professional
persons in the accountancy field.
Quality of Services
There is a need for assurance that all services obtained from a
professional accountant are carried out to the highest standards
of performance.
Confidence
Users of the services of professional accountants should be able
to feel confident that there exists a framework of professional
ethics, which governs the provision of those services.
Technical Standards
All authorized accountants and auditors should follow the
technical and professional standards promulgated by:
IFAC’s International Standard on Auditing and
IASB’s International Financial Reporting Standards, if they
opt for this or
Generally accepted accounting and auditing standards as
currently applicable in the country and
Relevant Government legislation in Ethiopia

64
 Basic Principles of the profession
a. Integrity
A professional accountant should be straightforward and honest in
performing professional services.
In order to maintain and broaden public confidence, professional
accountants should perform all professional responsibilities with the
highest sense of integrity.
Integrity is an element of character fundamental to professional
recognition.
It is the quality from which the public trust derives and the
benchmark against which a professional accountant must ultimately
test all decisions.
Integrity requires a professional accountant to be, among other
things, honest and candid within the constraints of client
65
Cont’d
b. Objectivity
A professional accountant should be fair and should not allow
prejudice or bias, conflict of interest or influence of others to
override objectivity.
A professional accountant should maintain objectivity and be free
of conflicts of interest in discharging professional responsibilities.
Objectivity is a state of mind, a quality that lends value to a
professional accountant's services.
It is a distinguishing feature of the profession.
The principle of objectivity imposes the obligation to be impartial,
intellectually honest, and free of conflicts of interest.

66
Cont’d
c. Independence
Professional accountants working in attestation function should be
independent of their clients and maintain an independent attitude.
Independence precludes relationships that may appear to impair a
member's objectivity in rendering attestation services. For
professional accountants in public practice, the maintenance of
objectivity and independence requires a continuing assessment of
client relationships and public responsibility.
Such a professional accountant who provides auditing and other
attestation services should be independent in fact and appearance.
In providing all other services, a professional accountant should
maintain objectivity and avoid conflicts of interest.

67
Cont’d
d. Professional Competence and Due Care
A professional accountant should perform professional services
with due care, competence and diligence and has a continuing duty
to maintain professional knowledge and skill at a level required to
ensure that a client or employer receives the advantage of
competent professional service based on up-to-date developments
in practice, legislation and techniques.
As the quest for excellence is the essence of due care, it requires a
professional accountant to discharge professional responsibilities
with competence and diligence.
It imposes the obligation to perform professional services to the
best of a professional's ability with concern for the best interest of
those for whom the services are performed and consistent with the
profession's responsibility to the public.
68
Cont’d
e. Confidentiality
A professional accountant should respect the confidentiality of
information acquired during the course of performing professional
services and should not use or disclose any such information
without proper and specific authority or unless there is a legal or
professional right or duty to disclose.
f. Professional Behavior
A professional accountant should act in a manner consistent with
the good reputation of the profession and refrain from any conduct,
which might bring discredit to the profession

69
Cont’d
g. Technical Standards
A professional accountant should carry out professional services in
accordance with the relevant technical and professional standards.
In other words, he/she should observe the profession's technical
and ethical standards, strive continually to improve competence
and the quality of services, and discharge professional
responsibility to the best of his/her ability.
Professional accountants have a duty to carry out diligently with
care and skill, the instructions of the client or employer insofar as
they are compatible with the requirements of integrity, objectivity
and, in the case of authorized auditors, independence

70
Cont’d
The Rule of conduct is divided into:
i. Rules of conduct that applies to all authorized auditors and
accountants unless otherwise specified.
ii. Rules of conduct that applies only to those authorized auditors.
iii. Rules of conduct that applies to all employed accountants.
iv. Enforcement of rule of conduct.

71
 Ethics and Internal Audit-the
critical link- “setting the scene
regarding the importance of
doing the right thing”.
What is Ethics
The definition of ethics is that ethics concerns itself
with what is good or right in human interaction it
resolves around three different concepts: good, self
and other. Ethical behavior results when one does
not merely consider what is good for oneself but
also what is good for others
Ethics is all about behavior, choices and doing what
is right.
Ethical culture
A strong is the foundation of good governance.
An ethical culture is created through a robust ethics
program that sets expectations for acceptable behaviors
in conducting business within the organization and with
external parties. It includes effective board oversight,
strong
tone-at-the-top, senior management involvement,
organization
wide commitment, a customized code of conduct,
Ethical culture
timely follow-up and investigation of reported
incidents,
consistent disciplinary action for offenders, ethics
training,
communications, ongoing monitoring systems,
and an
anonymous incident reporting system.
 IIA’s Code of Ethics for Internal Auditors —
Practice What We Preach
The IIA’s Code of Ethics underlies the conduct of
internal audit work and compliance with the Code is
mandatory.
Compliance with the Code of Ethics is mandatory
because of the trust placed by internal and external
stakeholders in the internal audit profession and the
activity.
Internal audit must be viewed as a role model and
an advocate of strong ethics
 IIA’s Code of Ethics for Internal Auditors —
Practice What We Preach

The IIA’s Code of Ethics is applicable to the internal

audit activity and its staff. Internal auditors must
apply the principles to all aspects of their work and
their relationships with the audit committee,
management, employees, and other stakeholders.
Noncompliance can result in disciplinary actions,
including expulsion from The IIA and withdrawal of
the Certified Internal Auditor (CIA) designation.
Code of Ethics
 Code of Ethics
The Code of Ethics of the Institute exceeds the definition of
internal audit that includes two basic components:
1. Principles that are relevant to the profession and practice of
internal audit;
2. Rules of Conduct that describe behavior norms expected of
internal auditors
 1. Integrity
The integrity of internal auditors establishes trust and thus provides the
basis for reliance on their judgment.
Rule of Conduct
1.1. Shall perform their work with honesty, diligence, and responsibility.
1.2. Shall observe the law and make disclosures expected by the law and
the profession.
1.3. Shall not knowingly be a party to any illegal activity, or engage in acts
that are discreditable to the profession of internal auditing or to the
organization.
1.4. Shall respect and contribute to the legitimate and ethical objectives of
the organization.
2. Objectivity
Internal auditors exhibit the highest level of professional
objectivity in gathering, evaluating, and communicating
information about the activity or process being examined.
Internal auditors make a balanced assessment of all the
relevant circumstances and are not unduly influenced by
their own interests or by others in forming judgments
2. Objectivity –continues……
Rules of Conduct
2.1. Shall not participate in any activity or relationship that
may impair or be presumed to impair their unbiased
assessment. This participation includes those activities or
relationships that may be in conflict with the interests of the
organization.
2.2. Shall not accept anything that may impair or be
presumed to impair their professional judgment.
2.3. Shall disclose all material facts known to them that, if
not disclosed, may distort the reporting of activities under
3. Confidentiality
Internal auditors respect the value and ownership of
information they receive and do not disclose information
without appropriate authority unless there is a legal or
professional obligation to do so.
Rules of Conduct
3.1. Shall be prudent in the use and protection of
information acquired in the course of their duties.
3.2. Shall not use information for any personal gain or in any
manner that would be contrary to the law or detrimental to
the legitimate and ethical objectives of the organization.
4. Competency
Internal auditors apply the knowledge, skills, and experience
needed in the performance of internal audit services.
Rule of conduct
4.1. Shall engage only in those services for which they have the
necessary knowledge, skills, and experience.
4.2. Shall perform internal audit services in accordance with
the International Standards for the Professional Practice of
Internal Auditing.
4.3. Shall continually improve their proficiency and the
effectiveness and quality of their services.
 Ethical Dilemma
Chief Audit Executive and Internal Audit Staff have a
responsibility to behave professionally and ethically at all
times and will have a particularly important role to play in
creating, promoting and maintaining an ethical culture
within the practice and, possibly, among the clients of the
practice.
Internal Auditors have an Impact on the organizational
ethics tone and may be subject to scrutiny by the staff of the
organization.
A high level of professional competence from their Internal
Auditors is expected, and to be a trusted advisor requires the
 Ethics intelligence
Internal Auditors are challenged to recognize and evaluate
ethical and unethical situations often encountered in
practice and it is important to be alert to situations that may
threaten these fundamental principles.

“What on earth is ethics intelligence? I would define it as

the ability to discern when there are ethical implications in an
issue and being able to respond appropriately from an ethical
perspective” by Dr. C von Eck
 Ethics intelligence
Speaks to the individuals ability to recognize ethical
implications in decisions and situations and respond
appropriately

It also speaks to the ability to recognize ethical dilemma and

being able to find the best means to deal with such a
dilemma i.e finding a solution that would have the least
adverse impact.
 Ethics intelligence
The ability to identify ethical and unethical behavior is essential in
all professions, internal auditing is no exception!!!
IA has an obligations to the organizations they serve, their
professions and themselves to exercise sound ethical
judgement.
Ethical Threats to Internal Auditor Independence
Ethical Treats to Internal Auditor Independence

Familiarity: the threat that, due to a long or close

relationship with someone, you will be too sympathetic to
that person’s interests, or too accepting of their work
 Intimidation: the threat that you will be deterred from
acting objectively because of actual or perceived
pressures, including attempts to exercise undue influence
over you.
 Ethical Treats to Internal Auditor Independence
Self-interest: the threat that a financial or other interest will
inappropriately influence your judgement or behaviour
Self-review: the threat that you will not properly evaluate the
results of a previous judgement made or service performed by
you (or someone else within your practice) when forming a
judgement as part of providing a current service
Advocacy: the threat that you will promote a position (usually
your client’s) to the point that your objectivity is compromised
Internal Auditors Continue to Face Ethical Dilemmas
 The IIA’s 2015 Global Internal Audit Common Body of
Knowledge Survey.
Ethics and Pressure: Balancing the Internal Audit Profession
states that 23 percent of internal auditors worldwide have
been asked at least once to change or suppress an important
audit finding, and 11 percent “preferred not to answer” the
question,
The survey of more than 14,500 practitioners in 166
countries also indicates that 20 percent of staff auditors have
been pressured “occasionally or frequently” to alter audit
findings, while 14 percent declined to answer, which the
report suggests could be because of “intimidation.”
What happens when internal auditors don’t want to go along
with unethical requests?
According to the report,
33 percent said they’d be excluded from meetings,
18 percent would lose opportunities,
4 percent saw budget cuts,
1 percent were demoted, another
1 percent had their pay cut, and
 13 percent said “other.”
What happens when internal auditors don’t want to go along
with unethical requests?

While each situation is unique, the report states,

some of the more typical “other” responses included:
Reduced communication from executive management.
Discrimination via gossip and second-guessing.
Job elimination.
Audit department outsourcing.
What happens when internal auditors don’t want to go along
with unethical requests?

Hostile working conditions and stress, resulting in health issues.

Pay raises for internal audit staff frozen, while others received
pay increases.
Denied requests for additional internal audit department staff.
Internal auditors can often find themselves side-lined or
hindered in their quest to ascertain whether the governance
around such decisions is adequate. Being asked to reschedule
audits, delaying meetings, documents forgotten to be shared or
worse still being told that certain areas will not be looked at
Are you facing ethical dilemma?

Seek advice from your professional body or obtain

independent legal advice.
Consider whether your actions in response to the
situation and the advice obtained are sufficiently well
documented, either by way of minutes or your own
records.
Auditing ethics – definition

“Ethics audit is a systematic evaluation of an

organization’s ethics program and performance to
determine whether it is effective.

The audit provides an opportunity to measure conformity to

the organization’s desired ethical standards.
Auditing ethics – CBOK 2015 Global Practitioner Survey

Institute of Internal Auditors' (IIA) Common Body of

Knowledge (CBOK) 2015 Global Practitioner Survey,
Mapping Your Career, Competencies Necessary for
Internal Audit Excellence.

Internal auditors throughout the world rate themselves

highly in professional ethics but far lower in technical
skills
 Auditing ethics - CBOK 2015 Global Practitioner Survey
But despite auditors' overall high ranking in professional ethics,
the survey revealed a need for improvement in certain areas. For
example, the survey report notes that 73 percent and 72 percent
of respondents rate themselves as advanced or expert in ethics'
competencies of maintaining confidentiality and objectivity.
But in incorporating ethics and fraud into audit engagements,
professionals confident in performing advanced and complex
tasks dropped to 64 percent and 60 percent, respectively.
And slightly more than 10 percent indicated they need
supervision for routine tasks in those two skills.
Auditing ethics – legal requirement
The International Standards for the Professional Practice of
Internal Auditing (The Standards) issued by the Institute of
Internal Auditor (IIA) state that (Standard 2110.A1):
“The internal audit activity must evaluate the design,
implementation, and effectiveness of the
organization’s ethics-related objectives, programs,
and activities.”
 Auditing ethics – the role of Internal Auditors
Assessing the state of the organization’s ethical climate and the
effectiveness of its strategies, tactics, communications, and
other processes in achieving the desired level of legal and
ethical compliance
Evaluating the design, implementation, and effectiveness of the
organization’s ethics-related objectives, programs, and activities.
Providing assurance that ethics programs achieve stated
objectives, key risks are effectively managed, and controls
continue to operate effectively
 Auditing ethics – the role of Internal
Auditors
Providing consulting services to help the organization
establish a robust ethics program and improve its
effectiveness to the desired performance level.
Serving as a role model and ethics advocate. Internal audit
has a high level of trust, integrity, and competence to
advocate appropriate conduct to comply with the
organization’s legal, ethical, and societal responsibilities
and promote appropriate ethics and values.
 Auditing ethics – the role of Internal
Auditors
Serving as a subject matter expert on ethics-related issues
and as a member of the organization’s ethics council (or
equivalent).
Acting as a catalyst for change, promoting and recommending
enhancements for the organization’s governance structure
and practices.
 Auditing ethics – understanding
organizational culture
Reviewing the organization’s mission, vision, strategic plan,
code of conduct, allegation reporting system, related
regulatory and privacy requirements, etc.
Confirming internal audit’s understanding with management
and employees.
Reflecting on insights from past business issues and audit
findings.
Reviewing applicable legislation and guidelines.
 Auditing ethics – Key Considerations
Realistic audit objectives need to be set, which are
likely to include such things as whether:
There is compliance with laws, regulations and
policies.
The organization has a documented ethics program
and adequate means of measuring its effectiveness.
There has been effective implementation of the
ethics program.
 Auditing ethics – Key Considerations
Breaches of the ethics program have been properly
investigated and adequate sanctions imposed on offenders.
Lapses in ethical behavior have an impact on the efficiency,
effectiveness and economy of business operations and, if so,
what is the impact on the organization.
Assets are properly safeguarded from unethical conduct.
Opportunity for fraud and corruption is minimized.
 Auditing ethics - Key considerations
The audit committee should identify specific ethics-related
issues on which to focus. In some settings, the committee
may decide to conduct a comprehensive ethics audit. In
other organizations, the committee may focus on specific
ethical issues that are especially important in those settings.
An audit of ethics needs to be risk-based and based on a risk
assessment. The internal auditor must establish the key
risks to the organization’s ethics program which will help to
focus the audit objectives.
Auditing ethics - Scope of the Audit

An audit of ethics should at least cover the following:

Tone at the top – commitment of the board and top
management to ethics.
Ethical principles – how well these are adhered to by all
levels of the organization, including stakeholders and
suppliers.
Risk management – recognition of the need for risk
management and effective implementation of risk
management throughout the organization.
Auditing ethics - Scope of the Audit

Information – availability of information relating to ethical

conduct such as a documented ethical program, awareness
activities, and breaches of ethical guidelines.
Sharing – active sharing of information relating to the
ethical program and its results.
Alignment – risk management alignment with the
organization’s ethical culture.
 Auditing ethics – Reporting and monitoring
Report the audit results without fear or favor to the
audit committee and senior management.
Monitor and follow-up to ensure recommendations
are effectively implemented and meaningful change
occurs in a timely way.
Auditing Ethics – Benefits
To improve ethical performance and to give assurance that the
organizations has an effective ethics program.

The auditing process can highlight trends, improve organizational

learning, and facilitate communication and working relationships.

Improved relationships with stakeholders who desire greater

transparency.
Way forward
Internal auditors should take an active role in support of
the organization’s ethical culture. They should be trusted
within the organization and possess a high level of
integrity and the skills to be effective advocates of ethical
conduct.
They should have the competence and capacity to appeal
to the organizations ’s leaders, managers, and other
employees to comply with the legal, ethical, and societal
responsibilities of the organization
Way forward
The IIA’s Code of Ethics helps ensure that internal
auditors “practice what they preach.” The CAE should
ensure that all audit work is performed in full compliance
with, and meets the intent of, the Code.
The CAE may assume proactive roles such as becoming a
nonvoting member of an internal ethics council or
conducting ethics training sessions.
Way forward
The internal audit activity may also play roles that relate
to both promoting and assessing ethics, such as
hosting the organization’s whistleblowing hotline or
conducting fraud investigations.
 Before accepting such roles the CAE should consider
how they would affect the perception of internal audit
within the organization.
 Maintaining dignity of the profession and internal
auditors
The supervising and governing institution of internal auditing profession
to hold training courses, workshops and conferences on the standards of
Internal auditing and professional work in general including the ethical
principles and rules conduct of auditing in particular.
The Role of the Audit Committees to be strengthened to support of the
independence and neutrality of the internal auditors, as well as verifying
the efficiency and professional level performance.
The development and establishment of an incentive means that contribute
in making the auditors committed to ethics of their profession
Auditing ethics – conclusion

Conducting an ethics audit requires a team effort as well as

a clear definition of ethical behavior. Auditing ethics is not
only required by the IIA’s Standards but it is essential for the
overall health of the organization.
Even though there is no “one size fits all” approach to
auditing ethics, the internal audit department should still
take steps to audit the ethics program. Just because it is a
difficult audit to do is no reason to ignore it especially when
the risk of not carrying out an ethics audit can be severe.
End of Chapter One!

Thank You!