Codes of ethics are usually required by professional organizations and typically address the following areas of auditor conduct: Establishment and compliance with information systems controls, standards, and procedures Trustworthy service and reporting to stakeholders throughout the audit process Avoidance of participating in improper acts personally and professionally Confidentiality of observed and collected audit evidence Auditor independence Professional competence through participation in continuing professional development Due diligence when conducting audits and documentation of sufficient evidence supporting conclusions and recommendations Communication of audit results to appropriate stakeholders Education of stakeholders in the audit process to enhance understanding of systems and the audit process
Free and Independent
External auditing is often called independent auditing as qualified individuals outside the organization being audited do the audit. External auditors represent the interests of third-party stakeholders such as creditors, government agencies, and stockholders.
Internal auditors operate as independent appraisers established within an organization examining and evaluating activities as a service to the organization itself. Internal auditors perform a wide variety of tasks including assessing compliance with legal obligations, assessing operational efficiency, detecting and pursuing fraud and system vulnerabilities. External auditors are distinguished from internal auditors in that they represent outside constituents, while internal auditors represent the interests of the organization. Their efforts are not necessarily exclusive, internal auditors often cooperate and assist external auditors in performing audits achieving efficiency and reducing audit fees. External auditors depend on the independence and competence of internal auditors in relying on their work. Independent internal auditors add value to business processes. Internal auditors often collect evidence throughout the fiscal period that can be used at year end to conduct more-efficient, less-costly external audits.
In auditing and all related matters, auditors must be free from personal and external impairments to their independence. Auditors must be organizationally independent and should maintain an independent attitude and appearance.
Auditors must consider not only if they are independent with their attitudes and beliefs, but also whether there is anything about their situation that might lead others to question their independence. All situations must be considered, as it is essential that auditors consider themselves to be impartial and that knowledgeable third parties consider them to be independent.
For auditors, there are essentially three very general types of impairments to independence: organizational, personal, and external. If any of these impairments affect their ability to do their work and report their findings impartially, the auditors must decline the engagement.
Organizational Impairments
Internal auditors may be affected by their job-placement within the structure of the business entity where they are employed. Auditors must be sufficiently removed from managerial, political, and organizational pressures ensuring that they can conduct their audits independently and report their findings, opinions, recommendations, and conclusions objectively. In the case of external auditors, they may be presumed to be independent of the audited entity if there are no personal, external, or organizational impairments.
External Impairments
There may be factors external to the auditor interfering with an auditor's ability to form objective and independent opinions, recommendations, and conclusions. There may be interference or undo influence that improperly limits or modifies the scope or methodology of an audit.
Personal Impairments
Regrettably, there are circumstances in which auditors may not be impartial or perceived by knowledgeable third parties as being impartial. It is important for an auditing unit to have policies and procedures in place to determine if auditors have any personal impairment affecting their ability to conduct audits. Although the responsibility rests on the shoulders of the individual auditors, audit managers and executives need to be alert for impairments affecting the judgment and performance of their audit staff. Auditors must be responsible for notifying the appropriate official about any personal impairment. Personal impairments include, but are not limited to the following:
Official, professional, financial, or personal relationships that might cause the auditor to limit the methodology, extent of the audit inquiry, limit disclosure, or minimize or slant the audit findings in any way. Preconceived ideas toward the audit or the organization on which the audit is going to be performed; any feelings that the auditor has that could taint audit results require that the auditor is removed from the audit engagement Previous responsibility for decision making or management authority that would affect current operations of the entity to be audited is considered biasing Personal biases (including business, political, religious, or social convictions) resulting from employment or loyalty to a particular group or organization Direct or indirect financial interest in the audited entity