I. Preamble

The Institute for Internal Controls is an association of professionals committed to performing at the highest level of ethical conduct. Members of the Association pledge themselves to act with integrity and to perform their work in a professional manner. Members have a professional responsibility to their employers, clients, to the public interest and each other; a responsibility that requires subordinating self-interest to the interests of those served. These standards express basic principles of ethical behaviour to guide members in the fulfilling of their duties and obligations. By following these standards, all members of The Institute for Internal Controls shall be expected to demonstrate their commitment to excellence in service and professional conduct.

II. Applicability of Code The Code of Professional Standards shall apply to all members, regardless of type of membership. III. Standards of Professional Conduct

A. Integrity and Objectivity Members shall conduct themselves with the highest level of integrity. Members shall not sacrifice integrity for any reason. Prior to entering into any engagement, members shall investigate for potential conflicts of interest. Members shall disclose any potential conflicts of interest to all parties involved in the engagement. Members shall maintain objectivity in discharging their professional responsibilities within the scope of the engagement. Members shall not commit any discreditable acts, and shall always conduct themselves in the best interests of the reputation of the profession. Members shall not knowingly make any false statements or withhold any information that is vital to the engagement Members shall not commit criminal acts or knowingly induce others to do so.

B. Professional Competence Members shall be competent and shall not accept assignments where this competence is lacking. Members shall maintain the minimum program of continuing professional education required by The Institute for Internal Controls. All members holding the professional certification designation of Certified Internal Controls Auditor or Certified Controls Specialist must agree to embrace a commitment to professionalism combining education and experience. Members shall continually strive to increase the competence and effectiveness of their professional services.

C. Due Professional Care Members shall exercise due professional care in the performance of their services. Due professional care requires diligence, critical analysis and professional scepticism in discharging professional responsibilities. Conclusions shall be supported with evidence that is relevant, competent and sufficient. Members’ professional services shall be adequately planned. Planning controls the performance of any engagement from inception through completion and involves developing strategies and objectives for performing the services.

D. Understanding with Employers, Clients, & Auditees At the beginning of an engagement, members shall reach an understanding with those involved in the engagement about the scope and limitations of the engagement and the responsibilities of all parties involved. Whenever the scope or limitations of the engagement change significantly, a new understanding shall be reached with the parties involved in the engagement.

E. Communication with Parties Involved Members shall communicate to all parties involved in the engagement all significant findings made during the normal course of the engagement.

F. Confidentiality Members shall not disclose confidential or privileged information obtained during the course of the engagement without the express permission of proper authority or order of a court. This requirement does not preclude professional practice or investigative body reviews as long as the reviewing organization agrees to abide by the confidentiality restrictions.

IV. Standards of Engagement

A. Engagements All engagements shall be conducted in a professional, legal and thorough manner. The auditor’s or specialist’s objective shall be to obtain information and all supporting documentation that is complete, reliable and relevant. Members shall endeavour to establish effective control and management procedures for work papers and supporting documents. This is extended to all audit programs and work plans,

V. Standards of Reporting

A. General Members’ reports may be written or oral, as agreed in the engagement letter or similar document. There is no single structure or format that is prescribed for a member’s report; however, the report should not be misleading.

B. Report Content Members’ reports shall contain only information based on data that are sufficient and relevant to support the facts, conclusions, opinions and/or recommendations related to the engagement. The report shall be confined to subject matter, principles and methodologies within the member’s area of knowledge, skill, experience, training or education. All opinions, findings and recommendations must be supported in the work papers for auditing type engagements, or documentation in design or implementation projects.