Auditing is a field that requires significant ongoing education in professional disciplines. Auditors
plan to complete at least 40 hours annually of continuing relevant education and training in order to
current in their discipline. Continuing professional training should include topics such as, audit methodology, assessment of internal controls, principles of management, computer information systems management, statistical sampling methodology, evaluation design, and data analysis.
Following are some important characteristics to consider when selecting candidates as auditors:
The auditor determines when decisions can be made and exercises authority sparingly. She shares appropriate information with the correct people in a
fashion. She exercises correct judgment and maintains a professional demeanor at all times. She understands the limits of her knowledge and knows when to call others seeking their expertise. In other words, she does not think she
She builds trust by demonstrating honest and direct behavior yet is acutely aware of sensitive issues. Auditors do not compromise their ethics, nor will they
a compromise of ethics by others. This may seem a bit rigid, but considering that auditors must prize their credibility highly, it is not unreasonable. It is important to note that auditors in essence are not ever off-duty. They are aware that their off-duty conduct affects their on-duty credibility. Auditors are professionals that understand that if they engage in activities that call their personal judgment into question, their professional judgment may be called into question on the assessments they make on the job.
They consistently develop comprehensive plans to accomplish their goals and take the initiative to meet or exceed deadlines in anticipation of
. They are adept at multitasking and handle multiple tasks
prioritizing work by focusing on significant problems.
Auditors take an active role in preparation of presentations delivering oral and written presentations that are grammatically correct, logical, clear,
, and relevant. They
business and personal experiences in the communication of ideas to others. An auditor is thoroughly knowledgeable in emerging and current trends
to her tasking as well as her profession. She possesses
negotiation and persuasion skills and is adept at exercising various types of negotiation styles. She
her point of view yet is sensitive and adept at leading herself and others to win/win conclusions. She discusses matters in a factual, professional fashion yet delivers her point of view in a
and persuasive manner. She effectively and
She knows her profession and is
and well trained in her craft. Auditors routinely provide advice to senior managers on the assertions that need to be provided regarding systems' confidentiality, availability, and integrity. She leads the audit team in drafting the audit management plan, program, and final report and determines the requirements of any postmortem actions. She effectively and efficiently collects evidence regarding assertions and
criteria. When appropriate, she will direct the evidence collection efforts of others.
Code of Ethics and Conduct
Auditors must subscribe to a
, universal code of ethics. For example, a code of ethics for holders of the Certified Information Systems Auditor (CISA) certification has been established by the Information Systems Audit and Control Association (ISACA).
Codes of ethics are usually required by professional organizations and typically address the following areas of auditor conduct:
Establishment and compliance with information systems controls, standards, and procedures
Trustworthy service and reporting to stakeholders throughout the audit process
Avoidance of participating in improper acts
and collected audit evidence
Professional competence through participation in continuing professional development
Due diligence when conducting
and documentation of sufficient evidence supporting conclusions and recommendations
Communication of audit results to appropriate stakeholders
Education of stakeholders in the audit process to enhance understanding of systems and the audit process
Free and Independent
External auditing is often called independent auditing as qualified individuals outside the organization being
do the audit. External auditors represent the interests of third-party stakeholders such as creditors, government agencies, and
as independent appraisers established within an organization examining and evaluating activities as a service to the organization itself. Internal auditors perform a wide variety of tasks including assessing compliance with legal obligations, assessing operational efficiency, detecting and pursuing fraud and system vulnerabilities. External auditors are distinguished from internal auditors in that they represent outside constituents, while internal auditors represent the interests of the organization. Their efforts are not necessarily exclusive, internal auditors often cooperate and assist external auditors in performing audits achieving efficiency and reducing audit fees. External auditors depend on the independence and competence of internal auditors in relying on their work. Independent internal auditors add value to business processes. Internal auditors often collect evidence throughout the fiscal period that can be used at year end to conduct more-efficient, less-costly external audits.
In auditing and all
matters, auditors must be free from personal and external impairments to their independence. Auditors must be organizationally independent and should maintain an independent attitude and appearance.
Auditors must be mindful of engagements where they anticipate an offer of employment or other career-altering event while they are completing an audit. More than one auditor has been
employment or promotion before their audit engagement was completed.
Auditors must consider not only if they are independent with their attitudes and beliefs, but also whether there is anything about their situation that might lead others to question their independence. All situations must be
, as it is essential that auditors consider
to be impartial and that knowledgeable third parties consider them to be independent.
For auditors, there are
three very general types of impairments to independence: organizational, personal, and external. If any of these impairments affect their ability to do their work and report their findings impartially, the auditors must decline the engagement.
Internal auditors may be affected by their job-placement within the structure of the business entity where they are employed. Auditors must be sufficiently removed from
, political, and organizational pressures ensuring that they can conduct their audits independently and report their findings,
, recommendations, and conclusions objectively. In the case of external auditors, they may be
to be independent of the audited entity if there are no personal, external, or organizational impairments.
There may be factors external to the auditor interfering with an auditor's ability to form objective and independent opinions, recommendations, and conclusions. There may be interference or undo influence that improperly limits or modifies the scope or methodology of an audit.
Regrettably, there are circumstances in which auditors may not be impartial or perceived by knowledgeable third parties as being impartial. It is important for an auditing unit to have policies and procedures in place to determine if auditors have any personal
affecting their ability to conduct audits. Although the responsibility rests on the shoulders of the individual auditors, audit managers and executives need to be alert for impairments
the judgment and performance of their audit staff. Auditors must be responsible for
the appropriate official about any personal impairment. Personal impairments include, but are not limited to the following:
Official, professional, financial, or personal relationships that might cause the auditor to limit the methodology, extent of the audit inquiry, limit disclosure, or minimize or slant the audit findings in any way.
An auditor was engaged to perform an audit and, after arriving to conduct his work,
the target of the audit was his brother's former
officer. This was the same person who had delivered a career-devastating performance appraisal to his brother. The auditor asked to be removed from the audit for personal impairment reasons.
Preconceived ideas toward the audit or the organization on which the audit is going to be performed; any feelings that the auditor has that could
audit results require that the auditor is removed from the audit engagement
Previous responsibility for decision making or management authority that would affect current operations of the entity to be audited is considered biasing
Personal biases (including business, political, religious, or social convictions) resulting from employment or loyalty to a particular
Direct or indirect financial interest in the audited entity
ISACA's code of ethics may be found at www.isaca.org.