Global Internal Audit Standards – Domain II

1.  Entrench Domain II in Internal Audit governance framework

• Update existing Code of Ethics to align to Domain II.
• Include Principles in Domain II in the Internal Audit Charter and Policies.
• Work through Internal Audit processes and procedures in detail to ensure that every aspect of these documents reflect and support the principles of integrity, objectivity, confidentiality, and due professional care.
• Have a zero-tolerance policy for unethical behaviour.

2. Embed Domain II in Internal Audit operations

• Publish the requirements for Ethics and Professionalism where it can be readily accessed by all internal auditors and all service providers.
• Reinforce ethical culture and expectations through formal and on-the-job training, in Internal Audit meetings, and through Internal Audit internal communications.
• Create an environment that encourages continuous learning and sees mistakes as part of the learning process.
• Periodically update Methodology with any changes to Domain II.

3. Train up ethical professionals

• Include Ethics and Professionalism training in the onboarding process for internal auditors and all service providers.
• Engage HR or an external service provider to provide regular refresher training to reinforce and enhance conformance with Domain II.
• Use relevant and up-to-date real-world case studies and role plays as part of the training to allow internal auditors to learn through mistakes in a safe space
• Budget for regular Ethics and Professionalism training and use it.
• Build regular Ethics and Professionalism training into your operational plan and stick to it.

4.  Provide the necessary support structures

• Assign mentors to support internal auditors facing ethical dilemmas.
• Consider giving internal auditors access to an external service where they can anonymously share dilemmas and get advice.
• Recognise team members who uphold ethics and professionalism in their day-to-day behaviour and engagement in the organisation.

5. Establish reporting protocols for unethical behaviour

• Create protocols to report internal auditors who have behaved unethically or unprofessionally.
• Develop a structured investigation and response process.
• Keep detailed documentation of reported cases of unethical behaviour by internal auditors, investigations, outcomes and remedial action (including changes that are needed to the Internal Audit governance framework).

6.  Measure, monitor and adjust Internal Audit Ethics and Professionalism climate

• Ensure all internal auditors sign an acknowledgment confirming they understand and will comply with Domain II.
• Conduct regular (preferably) annual reviews of the Ethics and Professionalism climate in Internal Audit
• Conduct periodic surveys amongst client staff to assess level of Ethics and Professionalism demonstrated by internal auditors in client engagements.
• Include Ethics and Professionalism in KPIs and use the regular reviews and survey results as the measures.
• Report results to the Audit Committee together with any proposed remedial action and feedback on remedial action taken.
• Report to the Audit Committee on any reported cases of unethical and unprofessional behaviour, the outcomes and remedial action taken.