1 — theiia.org
Tool Description
This tool supports internal auditors in evidencing conformance with Domain II: Ethics and Professionalism of the
Global Internal Audit StandardsTM. The document provides the principles and requirements from Domain II. Ethics
and Professionalism of the Global Internal Audit Standards and an acknowledgement page that internal auditors can
sign to demonstrate that they have read and understood Domain II and agree to conform with its requirements.
Users should consult the complete text of the Global Internal Audit Standards for additional information, including
the glossary, considerations for implementation, and examples of evidence of conformance.
Domain II: Ethics and Professionalism
The principles and standards in the Ethics and Professionalism domain of the Global Internal Audit Standards replace
The IIA’s former Code of Ethics and outline the behavioral expectations for professional internal auditors; including
chief audit executives, other individuals, and any entities that provide internal audit services. Conformance with
these principles and standards instills trust in the profession of internal auditing, creates an ethical culture within the
internal audit function, and provides the basis for reliance on internal auditors’ work and judgment.
All internal auditors are required to conform with the standards of ethics and professionalism. If internal auditors are
expected to abide by other codes of ethics, behavior, or conduct, such as those of an organization, conformance
with the principles and standards of ethics and professionalism contained herein is still expected. The fact that a
particular behavior is not mentioned in these principles and standards does not preclude it from being considered
unacceptable or discreditable.
While internal auditors are responsible for their own conformance, the chief audit executive is expected to support
and promote conformance with the principles and standards in the Ethics and Professionalism domain by providing
opportunities for training and guidance. The chief audit executive may choose to delegate certain responsibilities for
managing conformance but retains accountability for the ethics and professionalism of the internal audit function.

Domain I Domain II Domain III Domain IV Domain V
IIA Audit Tool
Global Internal Audit Standards
Ethics and Professionalism Acknowledgement
2 — theiia.org
Principle 1 Demonstrate Integrity
Internal auditors demonstrate integrity in their work and behavior.
Integrity is behavior characterized by adherence to moral and ethical principles, including demonstrating honesty
and the courage to act based on relevant facts, even when facing pressure to do otherwise, or when doing so might
create potential adverse personal or organizational consequences. In simple terms, internal auditors are expected to
tell the truth and do the right thing, even when it is uncomfortable or difficult.
Integrity is the foundation of the other principles of ethics and professionalism, including objectivity, competency,
due professional care, and confidentiality. The integrity of internal auditors is essential to establishing trust and
earning respect.
Standard 1.1 Honesty and Professional Courage
Requirements
Internal auditors must perform their work with honesty and professional courage.
Internal auditors must be truthful, accurate, clear, open, and respectful in all professional relationships and
communications, even when expressing skepticism or offering an opposing viewpoint. Internal auditors must not
make false, misleading, or deceptive statements, nor conceal or omit findings or other pertinent information from
communications. Internal auditors must disclose all material facts known to them that, if not disclosed, could affect
the organization’s ability to make well-informed decisions.
Internal auditors must exhibit professional courage by communicating truthfully and taking appropriate action, even
when confronted by dilemmas and difficult situations.
The chief audit executive must maintain a work environment where internal auditors feel supported when expressing
legitimate, evidence-based engagement results, whether favorable or unfavorable.
Standard 1.2 Organization’s Ethical Expectations
Requirements
Internal auditors must understand, respect, meet, and contribute to the legitimate and ethical expectations of the
organization and must be able to recognize conduct that is contrary to those expectations.
Internal auditors must encourage and promote an ethics-based culture in the organization. If internal auditors
identify behavior within the organization that is inconsistent with the organization’s ethical expectations, they must
report the concern according to applicable policies and procedures.
Standard 1.3 Legal and Ethical Behavior
Requirements
Internal auditors must not engage in or be a party to any activity that is illegal or discreditable to the organization or
the profession of internal auditing or that may harm the organization or its employees.
Internal auditors must understand and abide by the laws and/or regulations relevant to the industry and jurisdictions
in which the organization operates, including making disclosures as required.
If internal auditors identify legal or regulatory violations, they must report such incidents to individuals or entities
that have the authority to take appropriate action, as specified in laws, regulations, and applicable policies and
procedures.
3 — theiia.org
Principle 2 Maintain Objectivity
Internal auditors maintain an impartial and unbiased attitude when performing internal
audit services and making decisions.
Objectivity is an unbiased mental attitude that allows internal auditors to make professional judgments, fulfill their
responsibilities, and achieve the Purpose of Internal Auditing without compromise. An independently positioned
internal audit function supports internal auditors’ ability to maintain objectivity.
Standard 2.1 Individual Objectivity
Requirements
Internal auditors must maintain professional objectivity when performing all aspects of internal audit services.
Professional objectivity requires internal auditors to apply an impartial and unbiased mindset and make judgments
based on balanced assessments of all relevant circumstances. Internal auditors must be aware of and manage
potential biases.
Standard 2.2 Safeguarding Objectivity
Requirements
Internal auditors must recognize and avoid or mitigate actual, potential, and perceived impairments to objectivity.
Internal auditors must not accept any tangible or intangible item, such as a gift, reward, or favor, that may impair or
be presumed to impair objectivity.
Internal auditors must avoid conflicts of interest and must not be unduly influenced by their own interests or the
interests of others, including senior management or others in a position of authority, or by the political environment
or other aspects of their surroundings.
When performing internal audit services:
 Internal auditors must refrain from assessing specific activities for which they were previously responsible.
Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which
the internal auditor had responsibility within the previous 12 months.
 If the internal audit function is to provide assurance services where it had previously performed advisory
services, the chief audit executive must confirm that the nature of the advisory services does not impair
objectivity and must assign resources such that individual objectivity is managed. Assurance engagements for
functions over which the chief audit executive has responsibility must be overseen by an independent party
outside the internal audit function.
 If internal auditors are to provide advisory services relating to activities for which they had previous
responsibilities, they must disclose potential impairments to the party requesting the services before accepting
the engagement.
The chief audit executive must establish methodologies to address impairments to objectivity. Internal auditors
must discuss impairments and take appropriate actions according to relevant methodologies.
Standard 2.3 Disclosing Impairments to Objectivity
Requirements
If objectivity is impaired in fact or appearance, the details of the impairment must be disclosed promptly to the
appropriate parties.
If internal auditors become aware of an impairment that may affect their objectivity, they must disclose the
impairment to the chief audit executive or a designated supervisor. If the chief audit executive determines that an
4 — theiia.org
impairment is affecting an internal auditor’s ability to perform duties objectively, the chief audit executive must
discuss the impairment with the management of the activity under review, the board, and/or senior management
and determine the appropriate actions to resolve the situation.
If an impairment that affects the reliability or perceived reliability of the engagement findings, recommendations,
and/or conclusions is discovered after an engagement has been completed, the chief audit executive must discuss
the concern with the management of the activity under review, the board, senior management, and/or other
affected stakeholders and determine the appropriate actions to resolve the situation. (See also Standard 11.4 Errors
and Omissions.)
If the objectivity of the chief audit executive is impaired in fact or appearance, the chief audit executive must
disclose the impairment to the board. (See also Standard 7.1 Organizational Independence.)
Principle 3 Demonstrate Competency
Internal auditors apply the knowledge, skills, and abilities to fulfill their roles and
responsibilities successfully.
Demonstrating competency requires developing and applying the knowledge, skills, and abilities to provide internal
audit services. Because internal auditors provide a diverse array of services, the competencies needed by each
internal auditor vary. In addition to possessing or obtaining the competencies needed to perform services, internal
auditors improve the effectiveness and quality of services by pursuing professional development.
Standard 3.1 Competency
Requirements
Internal auditors must possess or obtain the competencies to perform their responsibilities successfully. The
required competencies include the knowledge, skills, and abilities suitable for one’s job position and responsibilities
commensurate with their level of experience. Internal auditors must possess or develop knowledge of The IIA’s
Global Internal Audit Standards.
Internal auditors must engage only in those services for which they have or can attain the necessary competencies.
Each internal auditor is responsible for continually developing and applying the competencies necessary to fulfill
their professional responsibilities. Additionally, the chief audit executive must ensure that the internal audit function
collectively possesses the competencies to perform the internal audit services described in the internal audit charter
or must obtain the necessary competencies. (See also Standards 7.2 Chief Audit Executive Qualifications and 10.2
Human Resources Management.)
Standard 3.2 Continuing Professional Development
Requirements
Internal auditors must maintain and continually develop their competencies to improve the effectiveness and
quality of internal audit services. Internal auditors must pursue continuing professional development including
education and training. Practicing internal auditors who have attained professional internal audit certifications must
follow the continuing professional education policies and fulfill the requirements applicable to their certifications.
5 — theiia.org
Principle 4 Exercise Due Professional Care
Internal auditors apply due professional care in planning and performing internal audit
services.
The standards that embody exercising due professional care require:
 Conformance with the Global Internal Audit Standards.
 Consideration of the nature, circumstances, and requirements of the work to be performed.
 Application of professional skepticism to critically assess and evaluate information.
Due professional care requires planning and performing internal audit services with the diligence, judgment, and
skepticism possessed by prudent and competent internal auditors. When exercising due professional care, internal
auditors perform in the best interests of those receiving internal audit services but are not expected to be infallible.
Standard 4.1 Conformance with the Global Internal Audit Standards
Requirements
Internal auditors must plan and perform internal audit services in accordance with the Global Internal Audit
Standards.
The internal audit function’s methodologies must be established, documented, and maintained in alignment with the
Standards. Internal auditors must follow the Standards and the internal audit function’s methodologies when
planning and performing internal audit services and communicating results.
If the Standards are used in conjunction with requirements issued by other authoritative bodies, internal audit
communications must also cite the use of the other requirements, as appropriate.
If laws or regulations prohibit internal auditors or the internal audit function from conforming with any part of the
Standards, conformance with all other parts of the Standards is required and appropriate disclosures must be made.
When internal auditors are unable to conform with a requirement, the chief audit executive must document and
communicate a description of the circumstance, alternative actions taken, the impact of the actions, and the
rationale. Requirements related to disclosing nonconformance with the Standards are described in Standards 8.3
Quality, 12.1 Internal Quality Assessment, and 15.1 Final Engagement Communication.
Standard 4.2 Due Professional Care
Requirements
Internal auditors must exercise due professional care by assessing the nature, circumstances, and requirements of
the services to be provided, including:
 The organization’s strategy and objectives.
 The interests of those for whom internal audit services are provided and the interests of other stakeholders.
 Adequacy and effectiveness of governance, risk management, and control processes.
 Cost relative to potential benefits of the internal audit services to be performed.
 Extent and timeliness of work needed to achieve the engagement’s objectives.
 Relative complexity, materiality, or significance of risks to the activity under review.
 Probability of significant errors, fraud, noncompliance, and other risks that might affect objectives, operations,
or resources.
 Use of appropriate techniques, tools, and technology.
6 — theiia.org
Standard 4.3 Professional Skepticism
Requirements
Internal auditors must exercise professional skepticism when planning and performing internal audit services.
To exercise professional skepticism, internal auditors must:
 Maintain an attitude that includes inquisitiveness.
 Critically assess the reliability of information.
 Be straightforward and honest when raising concerns and asking questions about inconsistent information.
 Seek additional evidence to make a judgment about information and statements that might be incomplete,
inconsistent, false, or misleading.
Principle 5 Maintain Confidentiality
Internal auditors use and protect information appropriately.
Because internal auditors have unrestricted access to the data, records, and other information necessary to fulfill
the internal audit mandate, they often receive information that is confidential, proprietary, and/or personally
identifiable. (See also Principle 6 Authorized by the Board and its standards.) This includes information in physical
and digital form as well as information derived from oral communication, such as formal or informal meeting
discussions. Internal auditors must respect the value and ownership of information they receive by using it only for
professional purposes and protecting it from unauthorized access or disclosure, internally and externally.
Standard 5.1 Use of Information
Requirements
Internal auditors must follow the relevant policies, procedures, laws, and regulations when using information. The
information must not be used for personal gain or in a manner contrary or detrimental to the organization’s
legitimate and ethical objectives.
Standard 5.2 Protection of Information
Requirements
Internal auditors must be aware of their responsibilities for protecting information and demonstrate respect for the
confidentiality, privacy, and ownership of information acquired when performing internal audit services or as the
result of professional relationships.
Internal auditors must understand and abide by the laws, regulations, policies, and procedures related to
confidentiality, information privacy, and information security that apply to the organization and internal audit
function. Considerations specifically relevant to the internal audit function include:
 Custody, retention, and disposal of engagement records.
 Release of engagement records to internal and external parties.
 Handling of, access to, or copies of confidential information when it is no longer needed.
Internal auditors must not disclose confidential information to unauthorized parties unless there is a legal or
professional responsibility to do so.
Internal auditors must manage the risk of exposing or disclosing information inadvertently.
The chief audit executive must ensure that the internal audit function and individuals assisting the internal audit
function adhere to the same protection requirements.
7 — theiia.org
Acknowledgement
I have read and agree to conform with the requirements of The IIA’s Global Internal Audit Standards, Domain II. Ethics
and Professionalism.
Name: ________________________________________________________________________________________________________________________
Signature: ___________________________________________________________________________________________________________________

About The Institute of Internal Auditors
The Institute of Internal Auditors® (The IIA®) is an international professional association that serves more than 245,000 global members and has
awarded more than 200,000 Certified Internal Auditor® (CIA®) certifications worldwide. Established in 1941, The IIA is recognized throughout the
world as the internal audit profession’s leader in standards, certifications, education, research, and technical guidance.
For more information, visit www.theiia.org.
Disclaimer
The IIA publishes this document for informational and educational purposes. This material is not intended to provide definitive answers to
specific individual circumstances and as such is only intended to be used as a guide. The IIA recommends seeking independent expert advice
relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material.
Copyright
Copyright © 2024 The IIA retains sole copyright to the IIA materials in any form. Permission to use is granted exclusively or: (i) an individual user’s
internal use or (ii) an organization’s internal user. Insubstantial portions of materials may be used by the individual organization internally only for
inclusion in its internal audit documentation, systems, training materials, and other related documents. IIA materials may be included in any
individual file only to the extent that such storage is not further limited or prohibited by supplemental terms for the specific materials. For any
other use, permission or license may be required; for questions, contact mailto: permissions@theiia.org.