2 Ethics and Professionalism (20%) Flashcards
6 areas (25 cards)
1
Demonstrate integrity
Integrity
May include but is not limited to:
a. Describe how to apply honesty and professional courage when confronted with ethical dilemmas or difficult situations
- Honesty & Professional Courage
- Organization’s Ethical Expectations
✅ Be truthful, accurate, clear, open, and respectful in all professional communication
📢 Disclose all material facts that could affect decision-making
🛡️ Professional courage = communicate truthfully and take appropriate action, even when situations are difficult
🙋♀️ Discuss with a supervisor when facing situation needing honesty / professional courage
🏢 Support the organization’s ethical expectations by:
– 🧭 Understanding the company’s code of ethics or values
– ⚠️ Promote ethics culture and report behavior that inconsistent with ethics
– 📋 If IA find behaviour inconsistently with ethical behaviour, communicate the issues based on CAE’s methodology.
🤝 Promote an ethics-based organizatoinal culture by report behaviour inconsistent with ethical expectations
👨🏫 Enhance honesty & professional courage through ethics training, mentoring, and supervision
📚* Source:
Ethics & Professionalism > Integrity, pg. 2-3
1
Demonstrate integrity
Integrity
May include but is not limited to:
b. Describe how to practice legal and professional behavior in all situations
- Legal & Ethical Behaviour
🚫 Refrain from participating in any action that is unlawful or could tarnish the reputation of the organization or the internal audit
✅ Familiar with laws and regulations relavant to your organization’s industry and location
📢 Report legal or regulatory violations to authorities able to take action, as required by laws and policies
🛑 Avoid discreditable acts, such as:
– 💢* Bullying, harassment, or discrimination*
– ❌ Lying or misrepresenting qualifications (e.g., fake certifications)
– 📝 Issuing false reports or omitting important findings
– 👀 Overlooking illegal activities tolerated by the organization
– 🔐 Sharing confidential info without authorization
– 🚫 Performing audit work while impaired (objectivity or independence)
– 📣 Falsely claiming the audit function follows the Standards
– 🙅♂️ Not accepting responsibility for mistakes
🛡️ If no policy exists, the CAE must apply a proper methodology to respond and validate actions
👨🏫 Internal auditors must be properly supervised, conform the Standards, and adhere to ethical values
📚* Source:
Ethics & Professionalism > Integrity, pg. 4
2
Assess whether an individual internal auditor has any impairments to objectivity
Objectivity
May include but is not limited to:
a. Evaluate the impact of self-review and familiarity bias on engagements
- Individual Objectivity
🪞 Self-review bias = “Lack of critical perspective on one’s own work”
😌 Auditor may overlook flaws when auditing own past tasks
👨👩👧👦 Familiarity bias = “Making assumptions based on past experience that compromise professional skepticism”
🤝 Auditor trusts people/processes too much based on history
⚠️ Impact = “Impair fair judgment, reduce professional skepticism, and result in overlooking errors or misconduct”
❌ Leads to missed findings or unchallenged risks
✅ Auditors must stay neutral, skeptical, and independent
📚 Source:
“Self-review bias is a lack of critical perspective on one’s own work.”
“Familiarity bias is making assumptions based on past experience that compromise professional skepticism.”
“Internal auditors must recognize and manage any potential biases.” – SU5 Standard 2.1CIA_CIA1_BookOnline_SU5… page 5
2
Assess whether an individual internal auditor has any impairments to objectivity
Objectivity
May include but is not limited to:
b. Analyze situations where conflicts of interest may arise
- Safeguarding Objectivity
🎁 Quote: “Internal auditors should not accept any physical or non-physical benefits, such as gifts or favors, that could affect their impartiality or be presumed to affect it.”
📌 Meaning: Even small gifts (e.g., hampers, meals) may make the auditor look biased or feel obligated.
👨👩👧👦 Quote: “Conflicts of interest arise when being unduly influenced by personal relationships.”
📌 Meaning: Auditing friends or ex-colleagues can affect fairness — you may avoid reporting their mistakes.
💼 Quote: “If internal auditors intend to offer advice on activities they previously managed, they need to inform the requesting party about any potential conflict of interest.”
📌 Meaning: You can’t audit your own past work without disclosing — it’s self-review bias and conflict.
🚫 Quote: “Internal auditors must recognize and avoid or mitigate actual, potential, and perceived impairments of objectivity.”
📌 Meaning: Even if you’re unbiased, it’s a problem if others think you’re not.
🛠️ Quote: “The CAE must have methods in place that address issues affecting objectivity…”
📌 Meaning: CAE must have policies like disclosure forms, reassignment, and review to fix the conflict.
“A conflict of interest is a situation, activity, or relationship that may influence, or appear to influence, an internal auditor’s ability to make objective professional judgments…”
– SU5, Standard 2.2 page 7
3
Analyze policies that promote objectivity and potential options to mitigate impairments
Safeguarding Objectivity
May include but is not limited to:
a. Assess situations where reassigning internal auditors may be warranted
📌 “Reassigning auditors to replace the impaired auditor on the task”
🔁 Reassignment is a direct solution when objectivity is at risk.
📌 “Auditors must not assess specific activities for which they were previously responsible.”
📅 If they worked in the area within the last 12 months → must be reassigned (self-review bias).
📌 “The auditor may need to inform the requesting party about any potential conflict of interest.”
📣 Disclosure is step one — if the conflict is serious, reassignment protects independence.
📌 “Internal auditors must recognize and avoid or mitigate actual, potential, and perceived impairments of objectivity.”
🚫 Even if there’s no actual bias, appearance of bias → reassignment may still be needed.
📌 “The CAE must have methods to address issues affecting objectivity...”
🛠️ CAE policies should include reassignment, especially in high-risk or conflicted situations.
📚 Source (SU5 – Standard 2.2):
“They must allocate resources so that individual objectivity is managed.”
“Objectivity is impaired when situations, activities, or relationships may influence judgments…”
– CIA_CIA1_BookOnline_SU5_Outline page 6
3
Analyze policies that promote objectivity and potential options to mitigate impairments
May include but is not limited to:
b. Assess situations where it would be appropriate to outsource the performance or supervision of an engagement
📜 Quote 1:
“Board approval. Before engaging in advisory services, the CAE ensures that the board of directors understands and approves these services.”
🧾 Explanation:
✅ When advisory services are involved, prior board approval ensures alignment and legitimacy. This lays the foundation for safeguarding independence. 🧑⚖️📋
📜 Quote 2:
“Amend charter and policies. The internal audit charter… is amended to include those for advisory services.”
🧾 Explanation:
✅ If advisory services are not clearly included in the charter, updating it ensures transparency. Otherwise, outsourcing is appropriate to avoid overstepping authority. 📝✅
📜 Quote 3:
“Cooling off period. Independence and objectivity may be impaired if assurance services are provided within 1 year after a formal advisory engagement.”
🧾 Explanation:
❄️ If internal auditors give advice, they should not audit the same area for at least 12 months. If an audit is needed sooner, it should be outsourced. 🔁🛡️
📜 Quote 4:
“An independent third party is brought in to provide assurance for those areas for at least 12 months afterward.”
🧾 Explanation:
👥 Outsourcing is appropriate to avoid real or perceived bias after advisory work. This keeps assurance work independent and credible. ✅🔐
📚 Source (SU5 – Standard 2.2):
“If the internal audit team wants to offer assurance services after having provided advisory services… the CAE needs to ensure that these advisory roles do not compromise objectivity… Any assurance work related to matters for which the CAE is responsible should be supervised by someone independent of the internal audit team.”
– CIA_CIA1_BookOnline_SU5_Outline pg. 6
3
Analyze policies that promote objectivity and potential options to mitigate impairments
May include but is not limited to:
c. Determine when it is necessary to disclose impairments
📜 Quote 1:
“If objectivity is impaired in fact or appearance, the details of the impairment must be disclosed promptly to the appropriate parties.”
(Standard 2.3, SU5 – Ethics and Professionalism)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
✅ Disclosure is mandatory when an impairment exists or appears to exist. Transparency helps protect the credibility of internal audit findings. 🛡️👁️
📜 Quote 2:
“If internal auditors become aware of an impairment… they must disclose the impairment to the chief audit executive or a designated supervisor.”
(Standard 2.3)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🧑💼 Auditors must self-report any objectivity concerns immediately to the CAE. Early reporting enables timely action such as reassignment or rescoping. 🕒📤
📜 Quote 3:
“If an impairment… is discovered after an engagement has been completed, the CAE must discuss the concern with… stakeholders and determine the appropriate actions.”
(Standard 2.3)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🔍 Even after an audit, impairments must be addressed if they cast doubt on the reliability of the findings. Post-engagement disclosure is critical for integrity. ✅📘
📜 Quote 4:
“If the objectivity of the chief audit executive is impaired in fact or appearance, the CAE must disclose the impairment to the board.”
(Standard 2.3)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
📢 CAEs must be held to the same standard—if their own objectivity is compromised, they must inform the highest authority: the board. 🔐👨⚖️
💡 Summary:
Disclosure is required:
As soon as an impairment is known (🕒)
Even if it’s just perceived (👁️)
Even after the audit is done (📆)
And even if it involves the CAE (🧑💼)
These actions uphold transparency, accountability, and trust in the internal audit function. 🔍💬✅
3
Analyze policies that promote objectivity and potential options to mitigate impairments
May include but is not limited to:
d. Recognize situations where it is inappropriate to accept a gift, reward, or favor
📜 Quote 1:
“Internal auditors must not accept any physical or non-physical benefits, such as gifts or favors, that could affect their impartiality or be presumed to affect it.”
(SU5: Ethics and Professionalism – Standard 2.2)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
❌ Even if a gift does not actually affect judgment, if it appears to, it’s inappropriate. Public perception matters as much as actual bias. 👀⚖️
📜 Quote 2:
“Internal auditors should avoid conflicts of interest and refrain from being unduly influenced by their personal interests; the interests of others… or by environmental factors.”
(SU5: Ethics and Professionalism – Standard 2.2)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🚫 Gifts can introduce a conflict of interest—creating loyalty to a person instead of the organization. Internal auditors must stay neutral and independent. 🧑⚖️🧠
📜 Quote 3:
“Methodologies should specify the expectations and requirements for auditors related to: * Receiving gifts, rewards, and favors.”
(SU5: Ethics and Professionalism – Implementation Guidance)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
📋 Audit teams must have clear rules in place. If there’s any doubt, it’s safer to refuse the gift. Written policies protect both the auditor and the audit function. 🛡️✍️
📜 Quote 4:
“Objectivity is impaired when situations… may influence judgments and decisions… even in appearance.”
(SU5: Ethics and Professionalism – Standard 2.2)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🎯 A gift doesn’t need to change the outcome to be a problem. If others believe it could, then credibility is lost, and disclosure or refusal is necessary. 🚫👁️
💡 Summary:
Gifts, favors, or rewards should never be accepted when they:
Impact judgment 😕
Cause a conflict of interest 🔁
Create a perception of bias 👀
Undermine trust in audit outcomes 🔍🧑⚖️
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
a. Apply written and verbal communication skills to deliver effective messages, reports, meetings, and presentations
📜 Quote 1:
“Internal auditors must be truthful, accurate, clear, open, and respectful in all professional relationships and communications.”
(SU5 – Standard 1.1: Honesty and Professional Courage)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
✅ Communication must be honest and respectful, ensuring clarity and building trust with stakeholders. Lies or vagueness damage credibility. 📢🧑⚖️
📜 Quote 2:
“They must disclose all material facts that could affect the organization’s ability to make well-informed decisions.”
(SU5 – Standard 1.1)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
📊 Reports and presentations should be** complete and transparent.** Leaving out key info (even unintentionally) can mislead and harm decision-making. 🧾🚫
📜 Quote 3:
“The CAE should provide education and training and arrange for discussions of hypothetical and actual situations that require ethical choices.”
(SU5 – Standard 1.1 Implementation)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🧑🏫 Training in real-life communication scenarios helps auditors develop the tone, clarity, and confidence needed to present difficult messages effectively. 🎓💬
📜 Quote 4:
“Effective management includes supervision and reviews of auditors’ performance.”
(SU5 – Standard 1.1 Implementation)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🔁 Managers should coach and review how auditors communicate. Feedback improves verbal and written delivery in meetings and reports. ✍️🧑💼
✅ Summary:
To deliver effective audit communication, internal auditors must:
✔️ Be honest and clear 🧠
✔️ Shareall material facts 📣
✔️ Use respectful tone 🤝
✔️ Practice through training and feedback 🧑🏫🔁
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
b. Apply critical thinking and problem-solving skills to address complex issues and identify innovative solutions
📜 Quote 1:
“All internal auditors should consistently work to improve and use the skills required to meet job responsibilities…
The CAE must determine that the internal audit team has the skills needed to perform the services outlined in the internal audit charter or must acquire those skills.”
(SU5 – Competency)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
✅ Internal auditors must continuously sharpen critical thinking to tackle evolving risks and problems. This includes staying adaptable and learning how to approach unfamiliar issues effectively. 💡🧩
📜 Quote 2:
“Internal auditors should acquire certain skills, including…
● Using tools to collect, analyze, and assess information
● Recognizing the risks and results of various economic, environmental, legal, political, and social factors”
(SU5 – Implementation under Competency)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🔍 Solving complex issues requires analytical abilities—knowing how to gather and evaluate data and interpret results across a variety of business and risk environments. 📊🌐
📜 Quote 3:
“To develop and demonstrate competencies, internal auditors may…
● Seek training not only in internal audit methodologies but also in relevant business activities…
● Identify opportunities for improvement and competencies that need development”
(SU5 – Implementation under Competency)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🎓 Critical thinkers continuously reflect on their own skill gaps and pursue self-improvement and innovation. New ideas and creative problem-solving grow through exposure to diverse topics. 🔄💭
📜 Quote 4:
“Enhancing such competencies as critical thinking and managing change”
(SU5 – Competency)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
💥 Critical thinking and change management go hand-in-hand: both are essential to navigate complex problems and propose forward-looking solutions that make a real impact. 🔧🚀
✅ Summary:
To apply critical thinking and problem-solving skills, internal auditors must:
✔️ Analyze and evaluate data effectively 🔎
✔️ Understand diverse business and risk environments 🌍
✔️ Develop innovative solutions to improve outcomes 💡
✔️ Pursue continual learning and adaptability 🧠📘
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
c. Apply research skills to collect information from a variety of resources and expand knowledge on various topics
📜 Quote 1:
“Internal auditors should acquire certain skills, including…
● Using tools to collect, analyze, and assess information”
(SU5 – Competency)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🧠 This highlights the importance of data-gathering tools—research skills help auditors understand complex topics and risks. Collecting reliable info is step one in solving problems. 📊🔍
📜 Quote 2:
“Being up to date on trends and new challenges that affect the organization and the field of internal auditing”
(SU5 – Competency)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
📚 Research is not just technical—it’s about staying informed. Auditors should actively seek updates on risks, tech, and industry trends to remain effective and relevant. 🌐📈
📜 Quote 3:
“CPD may include (1) self-study, (2) on-the-job training, (3) special assignments… (4) mentorship, (5) supervisory feedback, and (6) education.”
(SU5 – Continuing Professional Development)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
🎓 Research and learning happen in many ways. Seeking knowledge from diverse sources—like reading, mentoring, or new assignments—is how auditors **expand their skill set. **📘🧭
📜 Quote 4:
“Subscriptions to news services, participation in webinars, and attendance at professional events offer auditors a way to be informed…”
(SU5 – CPD Implementation)CIA_CIA1_BookOnline_SU5…
🧾 Explanation:
📡 External sources—like news or conferences—keep auditors sharp. These channels are valuable for gathering timely insights that affect the profession and the organization. 🧑💼📰
✅ Summary:
To apply strong research skills, internal auditors must:
✔️ Use tools to gather and assess data 🔧🔍
✔️ Stay current with trends and risks 📊🌍
✔️ Engage in continuous learning 🎓📘
✔️ Draw from internal and external sources 📡📚
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
d. Apply persuasion and negotiation skills to manage conflicts and collaborate effectively with teammates and stakeholders
🔹 **Apply persuasion skills **🗣️
Quote:
“Effective communication and teamwork”
✅ You can’t persuade without clear, respectful communication. This quote shows auditors must learn how to speak and write in ways that influence others while maintaining professionalism.
🔹 Apply negotiation skills 🤝
Quote:
“Developing skills in supervision and leadership”
✅ Leaders regularly negotiate solutions, mediate differences, and influence outcomes. This quote implies auditors are expected to grow in exactly those areas through competency development.
🔹 Manage conflicts ⚖️
Quote:
“Enhancing such competencies as critical thinking and managing change”
✅ Conflict often comes from disagreement during change. Critical thinking + change management = the core tools for conflict resolution.
🔹 Collaborate effectively with teammates 👥
Quote:
“Participate in individual performance reviews”
✅ Collaboration includes giving and receiving feedback. Reviews are structured ways to practice reflection, understanding others’ views, and aligning on goals.
🔹 Collaborate with stakeholders 🌐
Quote:
“Identify opportunities for improvement and competencies that need development based on feedback from stakeholders, supervisors, etc.”
✅ Stakeholder feedback is essential for collaboration. This quote shows auditors are expected to listen, reflect, and adjust — a vital skill for working across departments.
✅ Summary Emoji Style:
Persuasion 🗣️ = Communication
Negotiation 🤝 = Leadership
Conflict ⚖️ = Critical thinking + change
Teamwork 👥 = Reviews
Stakeholders 🌐 = Feedback + improvement
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
e. Apply relationship-building skills to establish trust and credibility
💬 Exact Quotes + Meaning
🗣️ “Effective communication and teamwork”
→ Strong communication is the heart of building trust and maintaining relationships.
👥 “Developing skills in supervision and leadership”
→ Leaders inspire trust and credibility by guiding teams ethically and competently.
🧠 “Enhancing such competencies as critical thinking and managing change”
→ Navigating complex situations calmly builds credibility with others.
💬 “Identify opportunities for improvement… based on feedback from stakeholders, supervisors, etc.”
→ Being open to feedback strengthens mutual trust and respect.
📈 “Participate in individual performance reviews”
→ Willingness to self-reflect and improve builds confidence in your integrity.
💡 “Encourage intellectual curiosity and invest in training…”
→ A curious learner earns trust through growth and adaptability.
🏅 “Obtain appropriate professional credentials… (e.g., CIA®)”
→ Recognized qualifications enhance professional credibility.
🏢 “Seek training… in relevant business activities”
→ Understanding business operations builds rapport with stakeholders.
🛡️ “The CAE should support their efforts.”
→ Feeling supported helps build trust within the audit team.
🎯 “The CAE may establish expectations and encourage qualifications.”
→ Setting standards ensures credibility of the audit function.
✅ Summary with Emojis
🤝 Relationship = Communication + Feedback
🛡️ Trust = Leadership + Support
🧠 Credibility = Certification + Curiosity + Business fluency
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
f. Apply change management skills to thrive in evolving environments
💬 Exact Quotes + Meaning
🌀 “Enhancing such competencies as critical thinking and managing change”
→ This directly mentions “managing change” — auditors must adapt thoughtfully in dynamic conditions. ✅
💡 “Encourage intellectual curiosity and invest in training and other opportunities to improve performance”
→ Curiosity and learning agility are essential to embrace and thrive through change. 🔄
🏢 “Seek training not only in internal audit methodologies but also in relevant business activities”
→ Understanding broader operations helps auditors adjust to new business demands. 🧭
📈 “Participate in individual performance reviews”
→ Reviews encourage reflection and adaptability — key to managing personal change. 🔍
📚 “Identify opportunities for improvement and competencies that need development based on feedback”
→ Adapting based on feedback is a core change management behavior. 🔧
👥 “Developing skills in supervision and leadership”
→ Leaders must guide others through change; building this skill helps auditors influence transitions. 🗺️
✅ Summary with Emojis
🌀 Change management = Critical thinking + Managing change
💡 Adaptability = Curiosity + Continuous learning
🧭 Thrive = Understand business + Seek feedback + Lead others
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
g. Demonstrate curiosity to uncover new information and foster continuous
learning
💬 Exact Quotes + Meaning
💡“Encourage intellectual curiosity and invest in training and other opportunities to improve performance”
→ This directly states the importance of curiosity and shows how it fuels ongoing development. 🧠✨
📚“Obtain appropriate professional credentials, such as the Certified Internal Auditor (CIA)® designation.”
→ Pursuing certifications reflects a desire to learn and expand professional knowledge. 📈📖
🧭“Seek training not only in internal audit methodologies but also in relevant business activities.”
→ Exploring areas outside audit shows a curious mindset and builds versatile knowledge. 🧩
🔍 “Identify opportunities for improvement and competencies that need development based on feedback from stakeholders, supervisors, etc.”
→ Actively seeking feedback is a sign of intellectual curiosity and openness to new insights. 📥🔄
📈 “Participate in individual performance reviews”
→ Reviews provide learning opportunities; curious professionals use them to grow. 🚀
👥 “Internal auditors are responsible for their individual professional development and may assess their skills and opportunities.”
→ Self-assessment and goal-setting show initiative to learn and evolve. 🎯
✅ Summary with Emojis
💡 Curiosity = Ask, explore, and question
📚 Continuous learning = Training + Certification + Feedback
🔄 Growth = Self-assessment + Development plans + Broader exposure
4
Apply the knowledge, skills, and competencies required (whether developed or procured) to fulfill the responsibilities of the internal audit function
May include but is not limited to:
h. Evaluate situations that demonstrate a need for an internal auditor to
pursue continuing professional development
💬 Exact Quotes + Meaning
📚“Internal auditors are responsible for their individual professional development and may assess their skills and opportunities.”
→ Auditors must recognize when their current knowledge or skills are insufficient and take action. 🧠📈
🔍 “Identify opportunities for improvement and competencies that need development based on feedback from stakeholders, supervisors, etc.”
→ Feedback highlights gaps or weaknesses—triggers for CPD. 📥
📈“Participate in individual performance reviews”
→ Reviews help auditors discover skill deficiencies that require development. 🧾📊
💡 “Encourage intellectual curiosity and invest in training and other opportunities to improve performance”
→ Curiosity reveals blind spots and prompts new learning paths. 🔍✨
🏢 “Seek training not only in internal audit methodologies but also in relevant business activities.”
→ When audits involve unfamiliar industries or systems, auditors must upskill accordingly. 🧭
🎯“The CAE also may establish minimum expectations and should encourage the pursuit of professional qualifications.”
→ When internal auditors don’t meet minimum expectations, CPD is needed to fill the gap. ✅
✅ Summary with Emojis
🧠 When to pursue CPD = After feedback, during reviews, or when skills fall short
📈 CPD triggers = Gaps in knowledge, evolving environments, rising expectations
📚 CPD actions = Training, credentials, curiosity-driven learning
5
Demonstrate due professional care
May include but is not limited to:
a. Recognize that due professional care involves assessment of the organization’s strategy and objectives
📘 “Due professional care involves examining the specific conditions and risk factors that the CAE needs to consider when determining the risks that will shape the internal audit plan.”
🔍 CAEs must align audit plans with strategic risk factors.
📘“Important elements are the organization’s strategy and goals and how well its governance, risk management, and control systems are functioning.”
🎯 Strategy and system effectiveness shape audit focus.
📘“The complexity, materiality, and significance of risks evaluated is relative.”
⚖️ Risk assessment depends on strategic relevance.
📘“Internal auditors seek to provide the most benefit for the organization’s investment in internal audit services.”
💡 Maximize value by supporting strategic outcomes.
📘“Thorough planning requires considering the means, extent, and timeliness of work needed to efficiently meet engagement objectives.”
⏱️ Strategy drives audit scope and timing.
📘“They begin by understanding the charter, the audit plan, and the factors that determine which engagements are included in the plan.”
🧭 Strategic audit planning starts with the charter.
📘“Internal auditors also consider the interests of stakeholders (including the public).”
👥 Stakeholder needs are linked to strategic direction.
📘 “Such interests include expectations (e.g., fair business), needs (e.g., safety), and risks not obviously related to strategy.”
🕵️♀️ Hidden risks can still impact strategy.
📘 “Exercising due professional care also requires comparing costs of services with benefits.”
💰 Align resources to areas of strategic value.
📘 “Supervising engagements and developing a program for quality ensure that professionals maintain the necessary standards of care.”
✅ Quality supports strategic accountability
5
Demonstrate due professional care
May include but is not limited to:
b. Recognize that due professional care involves assessment of the adequacy and effectiveness of governance, risk management, and control processes
📘“Important elements are the organization’s strategy and goals and how well its governance, risk management, and control systems are functioning.”
🔍 Assess GRC systems to support strategic objectives.
📘“Internal auditors must understand the Purpose of Internal Auditing and the nature of internal audit services.”
🧭 Knowing the audit’s role ensures proper GRC evaluation.
📘“They begin by understanding the charter, the audit plan, and the factors that determine which engagements are included in the plan.”
📅 Audit planning reflects GRC system performance.
📘“Internal auditors also consider the interests of stakeholders (including the public) affected by the organization’s actions.”
👥 Stakeholder-focused auditing checks how governance protects interests.
📘 “Such interests include expectations (fair practices), needs (safety), and potential exposure to risks.”
🕵️♀️ Ensures GRC systems cover both visible and hidden risks.
📘 “The use of suitable methods, tools, and technology.”
🛠️ Auditors assess whether tools help achieve effective control and risk management.
📘“Thorough planning requires… the means, extent, and timeliness of work.”
⏱️ Well-functioning GRC allows efficient audits.
📘 “Supervising engagements and developing a program for quality…“
📊 Monitoring audit quality reflects governance strength.
5
Demonstrate due professional care
May include but is not limited to:
c. Recognize that due professional care involves assessment of the costs relative to potential benefits of an engagement
1️⃣ “Exercising due professional care also requires comparing costs (such as resource requirements) of services with the benefits.”
💰🆚📈 → Always consider whether the effort is worth it!
2️⃣ “If controls are not adequately designed, the benefits of full evaluation are not likely to be worth the costs.”
⚙️❌ = 🛑 Don’t waste time evaluating bad controls deeply.
3️⃣ “Internal auditors seek to provide the most benefit for the organization’s investment in internal audit services.”
📊🔍🎯 → Aim to give high ROI (Return on Internal Audit)!
4️⃣ “Thorough planning requires internal auditors to consider the means, extent, and timeliness of work needed to efficiently meet the engagement objectives.”
⏱️📋🧠 → Smart use of time = higher value at lower cost.
5️⃣ “Internal auditors must carefully consider the implications of the services they will offer.”
🤔💼 → Is the engagement impactful enough?
6️⃣ “The amount and duration of work required to attain the goals of the audit.”
⏳⚒️ = 🧾 Cost component!
7️⃣ “The likelihood of serious errors, fraud, noncompliance…”
🚨 = More risk ➡️ more justifiable cost!
8️⃣ “The use of suitable methods, tools, and technology.”
🛠️💻 = Boost efficiency and reduce audit cost!
9️⃣ “Due professional care involves examining the specific conditions and risk factors…”
🧩🕵️♀️ = Helps identify where cost-effective audits make sense.
📘 SU5 QUOTES (Due Professional Care, pp. 13–16):
5
Demonstrate due professional care
May include but is not limited to:
d. Recognize that due professional care involves assessment of the probability of significant errors, fraud, noncompliance, and other risks
📘 “Internal auditors must carefully consider the implications of the services they will offer. They include evaluating the likelihood of serious errors, fraud, noncompliance, and other risks that may have a negative influence on objectives, operations, or resources.”
🔍📊🛑 — Always consider how likely and how harmful the risk is before diving in.
✅ Source: SU5, p.15CIA_CIA1_BookOnline_SU5…
📘 “This assessment includes the probability of significant errors, fraud, noncompliance, and other risks that might affect objectives…”
⚠️💥🧾 — Plan deeper audits in areas where high-impact risks are more probable.
✅ Source: SU10, p.13CIA_CIA1_BookOnline_SU1…
📘 “Internal auditors must exercise due professional care… including probability of significant errors, fraud, noncompliance…”
🧠💡💣 — Due care = smart risk judgment!
✅ Source: GIAS 2024, Standard 4.2globalinternalauditstan…
📘 “Internal auditors should be alert to opportunities for fraud, such as control deficiencies.”
🕵️♂️🚨❌ — Weak controls = higher risk of fraud happening!
✅ Source: SU10, p.13–14CIA_CIA1_BookOnline_SU1…
📘 “To determine the significance of the risk, internal auditors must consider the likelihood of the risk occurring and the impact it may have…”
📉📈⚖️ — Risk = Likelihood × Impact = Audit focus!
✅ Source: GIAS 2024, Standard 14.3globalinternalauditstan…
🧩 KEY FORMULA:
🎯 Due Professional Care = Evaluate (Likelihood 🧠 × Impact💣)
🔍 Don’t just spot risks—judge how likely and damaging they really are!
5
Demonstrate due professional care
May include but is not limited to:
e. Recognize that professional skepticism involves maintaining an unbiased mental attitude and critical assessment of the reliability of information
📘 “Internal auditors must exercise professional skepticism when planning and performing internal audit services.”
🔍 Stay alert and don’t blindly trust — question everything.
✅ GIAS 2024, Standard 4.3globalinternalauditstan…
📘“Maintain an attitude that includes inquisitiveness.”
🧠 Be naturally curious and dig deeper. Don’t accept surface-level answers.
✅ GIAS 2024, Standard 4.3
📘 “Critically assess the reliability of information.”
🧾 Ask: Is this data trustworthy? Is it complete and accurate?
✅ GIAS 2024, Standard 4.3
📘 “Be straightforward and honest when raising concerns and asking questions about inconsistent information.”
🗣️ Speak up with courage and clarity when something seems wrong.
✅ GIAS 2024, Standard 4.3
📘 “Seek additional evidence to make a judgment about information and statements that might be incomplete, inconsistent, false, or misleading.”
🕵️♂️ If something smells fishy — investigate before concluding!
✅ GIAS 2024, Standard 4.3
📘 “Professional skepticism enables objective judgments based on facts, information, and logic — not trust or belief.”
⚖️ Think like a detective, not a follower.
✅ SU5, Professional Skepticism
📘 “Internal auditors apply it when they seek evidence to support management’s statements rather than trusting that they are true.”
🔍 Trust is good — but evidence is better.
✅ SU5
📘 “Requires curiosity and the willingness to go beyond the superficial.”
🤔 Keep asking “why?” — dig beyond the obvious.
✅ SU5
📘 BONUS – “Act honestly and with professional courage…”
🛡️ Skepticism also means standing firm when pressured to ignore red flags.
✅ GIAS 2024, Standard 5.1 (Integrity)
🌟 Final Formula:
🧠 Professional Skepticism = Unbiased Attitude + Inquisitive Mind + Critical Evaluation + Evidence-Driven Decisions 🔍⚖️
6
Maintain confidentiality and use information appropriately during engagements
May include but is not limited to:
a. Apply relevant organizational policies, procedures, laws, and regulations
💬 Exact Quotes + Meaning
🧾“Internal auditors must adhere to the appropriate policies, procedures, laws, and regulations when processing information.”
→ 💯 Directly confirms compliance with all formal rules. ✅
📘 “Internal auditors must know and follow the laws, rules, policies, and procedures related to confidentiality…”
→ Applies to both the organization and internal audit function. 🏢
📄 “The organization’s policies and procedures… guide how auditors manage and use information at every stage.”
→ Ensures info handling is compliant from start to finish. 🔄
🚫 “Auditors should not share info unless required by law or obligations.”
→ Clarifies legal boundaries and authorized access only. 🔐
⚖️ “The CAE should consult with legal counsel…”
→ Recognizes laws may require interpretation and legal review. 🧑⚖️
🛡️ “Info is protected by laws, regulations, and internal policies.”
→ Data handling must align with multiple legal and procedural layers. 🧷
🟦 Reinforcing Quotes (Indirect, but Relevant)
👥 “The CAE must be certain that the team follows the same standards…”
→ Team-wide application of policies, not just individual effort. 🤝
📊 “Access can be tracked to ensure correct procedures are used.”
→ Systems should verify ongoing rule compliance. 🖥️
📈 “The CAE should regularly evaluate access needs and controls.”
→ Compliance is not one-time — it requires continuous review. 🔁
✅ Summary with Emojis
📚 Compliance = Laws + Policies + Procedures
🔐 Confidentiality = Protect + Limit + Track access
🧑⚖️ Enforcement = CAE oversight + Legal guidance
🔁 Ongoing = Continuous evaluation + team adherence
6
Maintain confidentiality and use information appropriately during engagements
May include but is not limited to:
b. Apply internal audit methodologies
💬 Quotes + Meaning(focused on methodology in context)
🧾 “Internal auditors must recognize the significance and ownership of this information. They are required to use it solely for professional tasks and to ensure that it remains protected from unauthorized access or release…”
→ Applying audit methodology = using information only for defined, audit-related purposes. 🔍
📄 “Internal auditors must manage and use this information properly.”
→ Reflects the audit methodology principle of disciplined, secure handling of evidence and audit inputs. 🧠
🔐 “Misusing or mishandling confidential… information can lead to serious consequences, including harm to the organization’s reputation…”
→ Audit methodology includes risk-aware handling of sensitive data throughout the audit process. ⚠️
📘 “Internal auditors must understand and follow the policies related to any third-party information they encounter.”
→ Methodologies involve documenting source, validating reliability, and adhering to policy on third-party data. 📂
📊 “Access to information can be tracked to ensure that the correct procedures are used.”
→ This is part of good audit practice — using systems and controls as part of methodology to protect information. 🔄
🧑💻 “To safeguard sensitive information… measures include: encrypting, using passwords, limiting access…”
→ These are applied through audit process steps, especially in electronic audit workpapers and evidence security. 💻
✅ Summary with Emojis
🔍 Methodology = Use info only for audit tasks
🧷 Process = Secure, trackable, policy-aligned access
🧠 Good practice = Follow guidance on data use
💻 Tools = Encryption, passwords, and digital controls
📂 Documentation = Audit trail for all sensitive info
6
Maintain confidentiality and use information appropriately during engagements
May include but is not limited to:
c. Demonstrate respect for privacy and ownership of information
💬 Exact Quotes + Meaning
🔐 “Internal auditors must recognize the significance and ownership of this information. They are required to use it solely for professional tasks and to ensure that it remains protected from unauthorized access or release…”
→ This directly addresses both ownership and privacy: auditors should treat information with care and use it only for its intended purpose. 🎯
👁️ “Internal auditors must know and follow the laws, rules, policies, and procedures related to confidentiality, privacy of information, and information security…”
→ Respecting privacy means complying with privacy-specific laws and org rules. 📘
🧑💼 “Internal auditors should not share confidential information with anyone who is not authorized… unless required by law or professional obligations.”
→ Ownership is respected when information is only shared with authorized parties. 🚫
🛡️ “They should show consideration for the confidentiality, privacy, and ownership of any information they gather while conducting internal audit services…”
→ This quote explicitly lists confidentiality, privacy, and ownership as guiding principles. ✅
⚠️ “Internal auditors also need to be careful to avoid accidentally revealing sensitive information.”
→ True respect includes avoiding carelessness, not just intentional violations. 💬
🧾 “Sensitive information that should not be shared may encompass personal salaries and details related to employee matters.”
→ Respecting privacy means not disclosing personal data unless truly required. 🧍♂️🧍♀️
✅ Summary with Emojis
🔐 Use info only for audit purpose = Respect ownership
👁️ Follow privacy laws & rules = Respect confidentiality
🚫 Share only with authorization = Maintain trust
💬 Avoid accidental leaks = Stay vigilant
🧍 Protect personal data = Respect individuals
