Introduction:

This paper represents the ethical issues that internal auditors encounter in the course of their duties and how important the code of ethics is in their careers.  Examinations of how ethical decision-making has had an influence on their occupations have been realized and consideration for the ethical environments in which auditors work have been studied.  In our globalization of business, technological advancements, increasing business failures, and widely publicized fraud have encouraged entities to place more emphasis on their internal control systems and internal audit functions.  Thus, Worldwide, the demand for internal auditors continues to grow to provide independent assurance that an organization’s risk management, governance, and internal control processes are operating effectively.  Nevertheless, internal auditing is performed in diverse legal and cultural environments within organizations that vary in purpose, size, and structure and, by persons within or outside the organization. The growth in demand for the services of the internal auditor and the growing complexities of internal audit functions have generated interest among stakeholders in the field of Auditing. The Institute of Internal Auditors (IIA) has standards that constitute the criteria by which the operations of an internal auditing department are evaluated, measured, and intended to represent internal auditing practices. (Ramamoorti, 2003)

Code of Ethics – Purpose and Importance:

Ethics is defined as a “code of behavior considered correct”. The primary purpose of the Code of Ethics issued by the Institute of Internal Auditors (IIA) is to promote the ethical activities that are performed by organizations or individuals that provide internal audit services.  It is necessary and appropriate for the profession as it is founded based on the trust placed in its objective assurance of governance, risk management, and control. (The Institute of Internal Auditors, 2016). IIA Code of Ethics extends to include two very essential components, principles that are relevant to the practice and profession of internal auditing and Rules of Conduct that describe behaviors and norms expected of internal auditors.  Internal auditors include members of IIA, recipients of or candidates for IIA professional certifications, and individuals and entities that perform internal audit services within the Definition of Internal Auditing.  IIA Code of Ethics applies to individuals and entities that perform internal audit services.  The Code of Ethics is administered by Internal Audit Institutes and breaches are administered under Institute By-laws.  Serious breaches may result in disciplinary action being taken against internal auditors and reported to the global body. (The Institute of Internal Auditors, 2016). Ethics is important when completing an audit.  We all know that auditing is a complex and technical process.  While examining the books of accounts of an organization the principles of truthfulness, honesty, care, and integrity should be applied.  When ethics is used and applied in an audit process one can be rest assured that there will be no gross auditing failures and no lapses of professional conduct.  Ethics and its presence will have a positive impact on the audit results for both the internal as well as external stakeholders of an organization.  It will ensure that the financial statements and reports of the organization present a true and fair picture of the operations of the organization and are free from any misrepresentation or inaccuracies. (The Institute of Internal Auditors, 2016).                                                                                                 

The Institute's Code of Ethics includes two essential components: First, the Principles that are relevant to the profession and practice of internal auditing.  Second, Rules of Conduct that describe behavior norms expected of internal auditors.  These rules are an aid to interpreting the principles into practical applications and are intended to guide the ethical conduct of internal auditors. (The Institute of Internal Auditors, 2016).This Code of Ethics applies to both entities and individuals that perform internal audit services.  For IIA members and recipients of or candidates for IIA professional certifications, breaches of the Code of Ethics will be evaluated and administered according to The IIA’s Bylaws, the Process for Disposition of Code of Ethics violations, and the Process for Disposition of Certification Violation.  The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action.  (The Institute of Internal Auditors, 2016).

Internal auditors are expected to apply and uphold the following principles:

Integrity - The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.

Objectivity - Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their interests or by others in forming judgments.

Confidentiality - Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

Competency - Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Rules of Conduct: (The Institute of Internal Auditors, 2016).

1)Integrity – Internal auditors

1. Shall perform their work with honesty, diligence, and responsibility.
2. Shall observe the law and make disclosures expected by the law and the profession.
3. Shall not knowingly be a party to any illegal activity or engage in acts that are discreditable to the profession of internal auditing or the organization.
4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

2) Objectivity – Internal auditors

1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may conflict with the interests of the organization.
2. Shall not accept anything that may impair or be presumed to impair their professional judgment.
3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

3) Confidentiality – Internal auditors

1. Must be prudent in the use and protection of information acquired in the course of their duties.
2. Must not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

4) Competency – Internal auditors

1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
2. Shall perform internal audit services by the International Standards for the Professional Practice of Internal Auditing.
3. Shall continually improve their proficiency and the effectiveness and quality of their services. (The Institute of Internal Auditors, 2016).

Ethical Issues of Internal Auditors:

Internal auditors face ethical issues during their roles and responsibilities daily.  Some of these issues are: (Nand, 2015)    

1. Prevention of Lawful Disclosure - Most organizations and firms are required by legislation to disclose financial and non-financial results to state agencies which may include regulators or law enforcement agencies. To provide the required assurance internal auditors must review the information before it is released.  In most cases, internal auditors are prevented from reviewing such information or where they are allowed, errors and omissions are not corrected before submission.  In addition, companies have strict policies for reporting suspected criminal activities or breaches of law which prevent internal auditors from directly reporting them. (Nand, 2015)
2. Pressure from Management - Pressure from Management may be in many forms sometimes direct and in most cases indirect which may be termed as “in the best interests “of the organization or firm.  Direct pressure could be made on the Head of Internal Audit to change the content of audit reports or papers to Audit Committees if the contents do not reflect favorably on Management.  Indirect pressure could be in the form of not supporting the internal audit function to adopt the International Professional Practices Framework for Internal Audit (IPPF) issued by IIA Global which mandates independence of the function and restricts influence by management.  Internal auditors are also under continuous pressure to “strike the balance” between their independence as auditors and providing support to management in operational duties such as assisting in tender evaluations, participating in the employee recruitment process, and disciplinary tribunals.  (Nand, 2015).
3. Influencing objectivity and integrity of internal auditors - Internal Auditors are like any other employee of an organization or firm.  Their role in the internal audit function makes them more vulnerable.  The Human Resources Department is responsible for processing training applications, promotions, payroll, and benefits for all employees including internal auditors.  It is common for the HR Department to significantly delay of processing of training requests, promotions, and benefits for internal auditors.  In some cases, reduced salaries and benefits may be accorded to internal auditors and justified by their interpretation of the HR policies.  A poorly resourced internal audit function is unable to perform its fundamental objectives.  In some cases, the HR Department may delay in processing of vacancies or the creation of new positions.  Due to the vast knowledge of the institution or firm business, senior internal audit staff may also be offered higher-paying jobs in other business units which can weaken an internal audit function. (Nand, 2015).
4. Delay by Management in timely completion of audits - Timely completion of audits may be affected when information or records required for audit purposes are not released promptly or responses required from Management are unnecessarily delayed.  Sometimes Management may withhold or delay the release of critical information which should generally be provided, based on confidentiality or sensitivity.  The reason for such delays can sometimes be attributed to preventing the release of the final audit report to the Audit Committee or implementation of audit recommendations.  (Nand, 2015).
5. Internal auditors failing to maintain independence - Everyone who joins the internal audit profession is responsible for maintaining the IIA Code of Ethics.  Personal greed should not overcome the independence and integrity of internal auditors.  In many instances, internal auditors engage in activities that conflict with their roles and responsibilities while others give in to pressure from Management to amend or ignore facts. Internal auditors have also been found to have released confidential information that came to their knowledge during their audits to unauthorized persons within or outside an organization or firm.  On certain occasions, internal auditors have used confidential information within the internal audit function to discredit their colleagues for personal gain or to please Management.  IPPF holds the Head of Internal Audit functions or Chief Audit Executives responsible for the professional development of internal auditors.  Hence in the process, they have refused to utilize the funding made available by some employers for their professional development in internal auditing.  (Nand, 2015)                  

The Influence of Ethical-Decision Making:

Authors O’Leary and Stewart speak to whether the ethical decision is influenced by years of experience in internal auditing.  Scenarios of ethical dilemmas were presented, and the corporate governance was altered to assess its impact on ethical decision-making in the scenarios.  The elements of corporate governance consisted of (1) audit committee support, (2) management integrity regarding accounting policies, (3) management integrity regarding pressure on internal audit, (4) external auditor characteristics, and (5) organizational code of conduct.  It is no secret that ethical principles are important to internal auditors and there are 2 reasons why: First, internal auditors’ standards are typically challenged with ethical problems as well as faced with situations that require them to speak out.  Second, it has become recognizable that internal auditors play a key role in strengthening business ethics and corporate integrity.  When it comes to corporate governance internal auditors are expected to work with audit committees, boards, and senior management to help set the right tone at the top and to help ensure that ethical actions flow down through the ranks to lower-level employees.  After many discussions and substantial research to evaluate internal auditors’ ethical decision-making and the influence of corporate governance mechanisms two pieces of information surfaced; a high empathy toward ethical issues from internal auditor groups was identified and the fact that internal auditors are faced with ethical issues quite frequently and are not persuaded by their peers to behave in an unethical manner.  They pay attention to the strength and the effect external audit functions have on ethical decision-making.  For future research on auditor ethical making, there are several other areas to be explored including board independence, CEO/board chair duality, risk management procedures, and whistle-blowing policies. (O’Leary & Stewart, 2005) 

Ethical Culture & Quality Audits:

Authors Jan Svanberg and Peter Ohman arranged a study that addressed the implications that ethical culture had on the quality of an audit in which auditors are under pressure from a budget crunch.  Contentious cultures in audit firms suggest that the decline of audit quality is linked to the strain of budget and time constraints, but little investigation has been done to examine the correlations between organizational culture, time pressure, and audit quality. The charge of audit contracts causes conflict between cost control and a high-quality audit being achieved by auditors.  Research has determined that auditors respond to time budget pressures by reacting responsibly by working and charging more hours to the client, seeking, and procuring an increase in time and the budget from senior managers, centering their attention on more relevant information and/or by using more efficient audit techniques.  The other course of action would be to react abnormally by carrying out reduced audit quality acts or underreporting time.  In the auditor frame of reference, it has been discovered there is a negative link between ethical behavior and ethical culture in which authoritative obedience is called for.  This unfavorable link leads auditors to “selectively” forget ethical issues.  The professional values of an auditor clashes with a culture in which it is not possible to question what one is doing, after all acting with professional doubt and integrity lies at the heart of an auditor’s professional obligations.  In the end, when ethical culture is durable it can lead to two notions: (1) Reduced audit quality acts happen less frequently and (2) underreporting time is reduced.  (Svanberg & Ohman, 2013)

Improving the Licensing Requirement:

As claimed by Patrick Heaston an Associate Professor of Accounting at Drake University, in the US most of the areas use a process of acquiring and maintaining a CPA license that consists of four elements: (1) a formal college education, (2) a completed examination with favorable results, (3) an experience stipulation that was supervised, and (4) continuous professional education in the accounting profession. The problem facing the accounting profession is the desire to keep adequate experience requirements in most areas of the United States.  There are only 2 organizations concerned when it comes to licensing of accountants, the AICPA and NASBA, and both have a different outlook on the requirements.  The NASBA demands a CPA certificate to be awarded upon completion of 150 hours of an education stipulation and a passed CPA exam including 2 years of experience in the practice of public accounting and attestation practice.  Whereas the AICPA proposes granting a license without experience. By trying to attain a systematic approach to improve the licensing methods it was discovered by the Beamer Committee that the primary weakness of the experience requirement was the lack of a uniform definition of the attest function and the inability to provide administrative procedures that effectively policed the period of experience.  It was determined by the committee that attestation was the heart of certification and that imposing an audit experience requirement for all CPAs to obtain a license was not achievable.  With that being said, there was an indication that a modification of the current attestation procedures could be more feasible, and an applicant’s history is a more desirable way of enhancing the procedures. (Heaston, 1990)

Ethical Issues from The Auditor's Perspective:

Two Perspectives - Auditing involves a team of auditors from an outside company looking into another company’s financial statements and making a judgment or certifying that the reports are accurate and discovering any ethical issues.  That is just a quick overview of the main duties of an audit as seen from the outside.  However, auditing is so much more.  Let’s start by discussing a little more detailed explanation of what happens during an audit and what the auditor’s role is. Auditors come into an audit from two perspectives: one is generally more well-known, and the other is only seen by those close to the accounting profession. (Martin 2006) This first perspective focuses on the auditor’s ability to come into and perform the audit with integrity and objectivity.  The second, lesser known, perspective is the auditor’s ability to assess and respond to the ethics of the client.  This can be much more difficult to do but is much more effective at uncovering ethical issues.

The First Perspective - The first perspective that an auditor comes in with, and uses to face ethics we will call the traditional view. Mostly because it has been sued the longest and because it is better known.  However, many scandals happened while using only this perspective in the past.  That is not to say that it is outdated.  Once these scandals arose, such are Enron, the Sarbanes-Oxley Act came into the world of accounting.  This addressed many of the potential situations that might have been a source of or may cause future ethical issues to arise and cause future scandals.

This traditional view of auditor independence, which became a hot topic after this scandal and others has been up too much debate ever since.  This led to the realization from the accounting profession that the perception from the public of independence is also a large issue to be considered.  In the past, a company would choose an auditing firm for their external audit and negotiate a price.  This just seems like the wheels of capitalism rolling down the road. Two issues arose that made this simple process of finding an external auditing firm have certain restrictions.

The first issue that came to light was that these clients would also use the same auditing firm they used for the eternal audit for a variety of other services.  These services were more profitable to the auditing firm so the question arose of would an auditor be less likely to report a misstated report or unethical event to keep their big dollar client.   The second common practice that started to be seen as a problem for auditor independence was that firms often hired employees from the auditing firm to come on as accountants or to work with the financials, this brought about the possible ethical dilemma that these employees who knew the audit firms’ procedures from the inside could easily find ways to hide their misstatements and other unethical behaviors.

Fixing Some Possible Ethical Issues:

When Sarbanes-Oxley came about it addressed several of these potential sources of problems.  This bill made it so that the audit committee board of directors was now responsible for selecting the independent audit firm. (Martin, 2006) This also made it so that the services that an auditing firm could provide to an auditing client other than auditing were limited.  In addition, the hiring of audit staff by a client was more controlled and the senior auditor responsible for a client had to be swapped out every number of years to keep him from becoming too familiar with the client and their way of doing things since this could lead to the hiding of unethical behavior by the client.  All these new laws and regulations that came about after Enron and others did a good job of averting fraudulent and unethical behaviors.  However, it is to be said that a criminal will always find a way so we must be ever vigilant.

The Second Perspective - The second perspective that an auditor must come into an audit with is the assessment of the clients’ ethics (Martin, 2006). This subject, not well known to the public, is equally as important as being objective and independent. This perspective is present at every stage of the audit from the planning to the auditor’s final evaluation of internal controls. First, the auditors must get to know the client’s business internal controls to plan the audit. During this part they look at the complexity of reports, the compliance with regulatory bodies' rules, and the reliability of their reporting.  A company’s internal controls are thought of as processes (Martin, 2006).  These controls include tasks, checks, and balances ethics education, among other things. The auditor looks at all these controls to assess the accuracy and reliability of management's financial statements. One major part of the second perspective is from which an auditor must view the client and respective financials.  How this is done is, however, a challenging subject.  This is newer than the traditional ways listed above.  This perspective also faces challenges such as being on the outside of the company while attempting to look in.  Another challenge is that they must still be diligent in their auditing work toward the financials while also remaining interested in the evaluation of the systems established by management. (Martin, 2006) Auditing firms consistently say that the best way to avoid fraudulent findings is to avoid working with unethical businesses.  This brings about the question of how you can know if a company is unethical, or if can you only know someone’s true colors when they are put in a certain situation. To determine the ethics of a business one must go beyond the traditional “Did anything happen and what steps were taken to rectify it” and more beyond that into the realm of “Are the current conditions adequate for the possibility of something arising in the future.  To look further into the what-if and forward the auditor must look beyond the financials into the management, ethical infrastructure, and climate of a company; both formal and informal. (Martin, 2006)

History:

The establishment, growth, and evolution of the contemporary internal auditing profession are closely intertwined with the history of The Institute of Internal Auditors (IIA), an organization founded in the United States in 1941.  In the recently released edition of 60 Years of Progress Through Sharing, chronicling the history of the IIA, internal auditing historian Dale L. Flesher notes: “The IIA’s 60-year history is illustrious and each of the highlights featured in this 10-year narration [supplementing the 50-year history of the IIA] has contributed to the organization that the IIA is today: (Ramamoorti, 2003)

1. The primary international professional association dedicated to the promotion and development of the practice of internal auditing.
2. The recognized authority, chief educator, and acknowledged leader in standards, certification, research, and technological guidance for the profession worldwide.
3. Global headquarters for 76,400 members in 141 countries.”

Considering the IIA’s rather humble origins, a small band of 24 charter members held the inaugural IIA meeting in New York City on December 9, 1941; this worldwide expansion, continuing relevance, and increasing influence and recognition of the IIA and the internal auditing profession over the last 60 years constitutes remarkable growth and progress. Indeed, the internal auditing profession certainly appears poised for continued dynamic growth and promises to become “a profession for the 21st century.”  The demand for both external and internal auditing is sourced from the need to have some means of independent verification to reduce record-keeping errors, asset misappropriation, and fraud within business and non-business organizations.  As far back as 4000 B.C., historians believe, formal record-keeping systems were first instituted by organized businesses and governments in the Near East to allay their concerns about correctly accounting for receipts and disbursements and collecting taxes. Similar developments occurred concerning the Zhao dynasty in China (1122-256 B.C.).  The need for and indications of audits can be traced back to public finance systems in Babylonia, Greece, the Roman Empire, the City States of Italy, etc., all of which developed a detailed system of checks and counterchecks.  Specifically, these governments were worried about incompetent officials prone to making bookkeeping errors and inaccuracies as well as corrupt officials who were motivated to perpetrate fraud whenever the opportunity arose.  Even the Bible (referring to the period between 1800 B.C. and A.D. 95) explains the basic rationale for instituting controls rather straightforwardly: “If employees have an opportunity to steal, they may take advantage of it.” The Bible also contains examples of internal controls such as the dangers of dual custody of assets, the need for competent and honest employees, restricted access, and segregation of duties.  Historically then, the emergence of double-entry bookkeeping circa 1494 A.D. can be directly traced to the critical need for exercising stewardship and control.  Throughout European history, for instance, fraud cases such as the South Sea bubble of the 18th century, and the tulip scandal justified exercising more control over managers. (Ramamoorti, 2003).Within a span of a couple of centuries, the European systems of bookkeeping and auditing were introduced into the United States.  As business activities grew in size, scope, and complexity, a critical need for a separate internal assurance function that would verify the (accounting) information used for decision-making by management emerged.  Management needed some means of evaluating not only the efficiency of work performed for the business but also the honesty of its employees. Around the turn of the 20th century, the establishment of a formal internal audit function to which these responsibilities could be delegated was seen as the logical answer.  In due course, the internal audit function became responsible for “careful collection and interpretive reporting of selected business facts” to enable management to keep track of significant business developments, activities, and results from diverse and voluminous transactions.  Companies in the railroad, defense, and retail industries had long recognized the value of internal audit services, going far beyond financial statement auditing, and devoted to furnishing reliable operating reports containing nonfinancial data such as “quantities of parts in short supply, adherence to schedules, and quality of the product”.  Similarly, the U.S. General Accounting Office (GAO) and numerous State Auditors’ Offices, for instance, the State of Ohio Auditors’ Office, have traditionally employed large numbers of internal auditors. (Ramamoorti, 2003).As a result of the Foreign Corrupt Practices Act of 1977, corporations are required to maintain effective internal controls to prevent fraud and bribery of foreign officials.  Internal auditors have been instrumental in providing this service as well as compliance audits to ensure meeting regulatory requirements.  Society appears to expect a professional service even though licensure has not been required nor formally granted.  The internal auditor serves as an important link in the business and financial reporting process of a corporation.  (Reynolds, 2000).

Future of Internal Auditors:

Data has shown there is a systematic approach that includes requiring an auditor’s experience during the process of public accountants achieving licensure and certification as CPAs.  This will give credibility to this point of view that significant audit judgment experience is necessary.  Internal auditors are much like the safety systems of the modern enterprise. They help close gaps, anticipate issues, and mitigate risks so that organizations can perform better and faster.  New digital technologies like the cloud and artificial intelligence (AI) are rewriting business models and operations. Regulatory pressures are constantly on the rise. The types and complexities of organizational risks are steadily increasing.  To stay relevant in this rapidly changing business landscape, internal audit must be able to innovate and re-invent itself.   (Lehmann and Thor, 2020).

Three Fundamentals to Internal Auditors Adapting to Changes:

Governance:  

 It is not easy to create a culture of innovation in a risk-averse profession, but the speed of change requires that internal auditors reduce their focus on the manual testing of risks and controls and increase their focus on key and strategic risks. In the modern, data-driven environment, that means improving the visibility and credibility of information across the organization and focusing on high-value activities, such as aligning assurance activities across all three categories and bringing in external skills and assistance as needed. (Lehmann & Thor, 2020)

Enabling Technology:

The same technologies driving the need for change are being deployed by internal audit organizations to help them rise to the challenge. From robotic process automation to predictive analytics, artificial intelligence, machine learning, advanced data analytics, and visualization, the opportunities for improved insights and efficiencies are staggering. Even if organizations are not yet employing some of these technologies within their business operations, internal audits can gain value from them and potentially demonstrate value that can be replicated throughout the organization with wider adoption. (Lehmann & Thor, 2020)

Methodology:

Good governance depends on the internal audit organization’s ability to increase audit and reporting quality through more insightful and actionable reporting, continuous monitoring, real-time risk assessment, and more streamlined and flexible audits. A dynamic risk assessment approach that adapts to emerging risks will enable an organization to identify risk trends in real time, prioritize risks using risk-based principles, and optimize assurance coverage. (Lehmann & Thor, 2020).

Conclusion:

In conclusion, it has been determined that internal auditors need auditing standards, a code of ethics, professional awareness, and reform to continue to reflect ethical behavior, trust, independence, and integrity in their line of business.  Evaluating emerging technologies. Analyzing opportunities.  Examining global issues.  Assessing risks, controls, ethics, quality, economy, and efficiency.  Assuring the controls in place are adequate to mitigate the risks. Communicating information and opinions with clarity and accuracy.  Such diversity gives internal auditors a broad perspective on the organization.  That, in turn, makes internal auditors a valuable resource to executive management and boards of directors in accomplishing overall goals and objectives, as well as in strengthening internal controls and organizational governance. (The Institute of Internal Auditors, 2021).