Foundational principles of the Global Internal Audit Standards: Understand, Act and Conform!
By 
The Global Internal Audit Standards (GIAS) are high on foundational principles… you can say so. Domain II – Ethics and Professionalism of the Global Internal Audit Standards outlines the core principles to which the Internal Auditor and Internal Audit Activity are expected to be aligned: Integrity, Objectivity, Competency, Due Professional Care and Confidentiality.
From philosophy to science
Because these six principles can come across as philosophical and elusive, oftentimes thought to be overlapping in meaning, in this article we suggest a structured approach to not only defining each principle, but also understanding what behavioral qualities (adjective) are expected from staff auditors and the CAE, what they need to do (verb) so they can effectively apply the principles, and what deliverables (noun) will demonstrate conformance with the principle in the event of an assessment.
A structured approach
For each Principle we have outlined a structured approach, and developed a conformance facilitation tool that facilitate understanding along the lines of :
- Definition (as per the IIA Glossary) of the principle.
- Underlying/related principles (adjective),
- Qualities (attitudes and behaviors) to be demonstrated by the Internal Auditor (adjective),
- Actions (by the Internal Auditor and CAE) needed to effectively apply the qualities (verb), and
- Deliverables for demonstrating conformance with the principle (noun).
Why is this important?
From one principle to another, more or less effort could be required of the internal auditor or the CAE to ensure conformance. However, understanding these principles is vital for the internal audit activity in general, for a few reasons:
- The internal auditor’s job is highly interpersonal, and more often than not, this means they will have to encounter tough personalities, conversations and situations. It is important that the internal auditor maintains the appropriate attitude and qualities even when tempted to do otherwise.
- In the event of an external assessment, conformance with the ethics and professionalism standard is more easily demonstrated if the internal audit activity had understood the principles, integrated them into actionable audit practices and adopted a systemic process for documenting conformance with the principles on the go.
- Internal audit is built on a relationship of trust; both with the audited parties and the Board in need of assurance. For their work to be relied on, Internal Auditors need to demonstrate that they are honest, courageous enough, independent, competent, well trained, diligent and base their conclusions on sufficient fact and information duly obtained and assessed in the performance of their audits.
- Internal Auditors have to be promoters of an ethical culture. Every organization’s sustainable growth hinges on its ethical culture, and internal audit has to lead by example. In this regard, Internal Auditors have a dual responsibility: they have to comply with the code of ethics of the organizations for which they work and the ethics framework of the IIA.
So, what’s behind the standards?
Before diving into our conformance facilitator tool, let’s discuss the principles. How do we define them and how relevant are they to the practice of internal audit?
- Integrity
Integrity is behavior characterized by adherence to moral and ethical principles, including demonstrating honesty and the professional courage to act based on relevant facts. In a 2020 article in Internal Auditor magazine, Aziz Fataliyev CIA argues that while all the principles carry equal importance, the integrity principle forms the basis for an effective application of the other principles.
If Internal Auditors are dishonest and lacking in courage, they can hardly be expected to base their judgements on facts or b. diligent in complying with the standards, law and regulation
- Objectivity:
Objectivity is an unbiased mental attitude that allows Internal Auditors to make professional judgments, fulfill their responsibilities, and achieve their Purpose without compromise. In between principle and practice, Internal Auditors and CAEs are expected to understand and manage conflict of interest situations.
Internal Auditors are expected to uphold a mindset that allows them to be factual in their judgements, and also be positioned in the
- Competency:
Competency is rather very briefly described in the Glossary of the IIA as ‘Knowledge, skills and abilities.’ In more explicit terms, competency could be said to be what the Internal Auditor has in his/her bag; what they know, what they can do and their character. The 2025 Pulse of Internal Audit highlights adaptability, strategic thinking and communication as the top 3 skills CAEs will be focused on over the next 10 years.
Whilst this statistic is vital for the purposes of recruiting, developing and retaining internal audit talent, it is equally vital to understand what Internal Auditors must do to demonstrate competence, and what elements would validate conformance with the competency principle.
- Due professional Care:
Due professional care is the level of skill, care and application expected from a reasonably prudent and competent professional in similar circumstances. This principle establishes the standards that would be reasonably expected from an Internal Auditor acting professionally under similar circumstances. Whilst it is the pace setter for excellence and quality in the delivery of internal audit services, it does not provide any guarantee against the infallibility of the Internal Auditor. Reasonable assurance…
In a way, this principle can be rephrased as ‘going by the books’: working in conformity with the standards and authoritative guidance, considering the specific nature of the circumstances at hand, and applying a mindset of professional skepticism in the appreciation of facts.
- Confidentiality:
By default, the job of Internal Auditors exposes them to information of a sensitive nature, not intended for public consumption. Be it information gotten from interviews, photos, transcripts, documents, data or systems, Internal Auditors are expected to use and protect such information appropriately; for the purposes of the audit, and only disclose such information if professionally or legally obligated to.
There is a very contextual element to this. Internal Auditors have to understand:
- The organization’s policy in terms of the confidentiality of information and the measures taken to secure and encrypt the company’s information.
- The legal and regulatory requirements on the protection of information gathered in the course of audits and
- Protocols and agreements guiding the collection, use and disclosure of third-party information in the practice of internal audit.
Conclusion
There is a very human element to the principles. Individual attitudes and behaviors need to be aligned to ensure that the internal audit activity builds the trust and reliance of senior management and the board. However, an enabling environment needs to be created by CAEs; providing training, adequate supervision, obtaining the appropriate tools and techniques to make sure the organization gets the most out of its Internal Auditors.
Putting theory to practice
At SG we have developed a conformance facilitator tool, in which you will find our structured approach to understanding each principle. We understand that the bridge between standards and conformance is tools.
For more, visit our Tools section for an on-demand ethics and professionalism checklist, to guide a self-assessment your internal audit activity’s conformance with the ethics and professionalism principles.
Practical solutions to aid you gauge and improve your alignment with the foundational principles.
Download:
- IIA GIAS Principles Conformance Facilitator
- Ethics and Professionalism Checklist
