Internal Audit Standards and Code of Ethics for internal

auditors of Public Bodies of the Government of Ethiopia.

INTRODUCTION

Standard: The Standards define the way in which the Internal Audit Service should be
established and undertake its functions. The Standards cover both the attributes (characteristics)
and performance of internal audit service in public bodies.

Code of ethics: The Code of Ethics includes principles that are relevant to the professional and
practice of internal auditing and rules of conduct that describes behavioral norms expected from
internal auditors of the public bodies.

The purpose of Code of Ethics is to promote an ethical culture in the profession of internal
auditing.

ATTRIBUTE STANDARDS

100 RESPONSIBILITIES AND SCOPE OF WORK

110 Responsibilities of Head of Public Body

The Head of Public Body is responsible for establishing policies, procedures and operations for
appropriate management of risk, the reliability of internal and external reporting and
accountability processes, compliance with applicable laws and regulations, and compliance with
the behavioral and ethical standards set for the public body in order to ensure the achievement of
its objectives.

120 Responsibilities of Audit Committees

Audit committees should be formed constituting employees of the Public Body who have an
appropriate knowledge of its day to day operations and can assist the Internal Audit in
discharging its responsibilities.

130 Responsibility of Internal Audit

The Internal Audit is responsible for an independent, objective assurance and consulting activity
designed to add value and improve the public body’s operations.

140 Scope of Work for Internal Audit

Internal audit should fulfill its duty by systematic review and evaluation of risk management,
control and governance which comprises the policies, procedures and operations.

1
200 INDEPENDENCE
210 The Principles of Independence
Internal audit should be sufficiently independent of the activities, which it audits to enable
auditors to perform their duties in a manner, which facilitates impartial and effective professional
judgments and recommendations. It should have no executive responsibilities.

220 Organizational Independence

Internal audit should report directly to the Head of the Public Body and Audit Committee of the
Public Body.

230 Statuses of the Head of Internal Audit

The Head of Internal Audit should be graded with sufficient status to facilitate the effective
discussion and negotiations of the results of internal audit work with senior management in the
organization.

240 Independence of Individual Auditors

Individual auditors should have an impartial, unbiased attitude, characterized by integrity and an
objective approach to work, and should avoid conflicts of interest. They should not allow
external factors to compromise their professional judgment.

250 Declaration Of Conflict Of Interest (Impairments to Independence or

Objectivity)

Individual auditors should declare any conflicts of interest arising from audit work assigned to
them by the head of Internal Audit.
260 Proficiency and Due Professional Care
Proficiency
Internal auditors should possess the knowledge, skills, and other competencies needed to perform
their individual responsibilities.
Due Professional Care
Internal auditors should apply the care and skill expected of a reasonably prudent and competent
internal auditor. Due professional care does not imply infallibility.

300 RELATIONSHIPS WITH MANAGEMENT AND OTHER AUDITORS

310 Principles of Good Relationships

Heads of Internal Audit should co-ordinate internal audit plans and activities with the
management, other internal auditors, external auditors, and other review agencies to ensure the
most effective audit coverage is achieved and duplication of effort is minimized.

320 Relationships with Management

2
Internal Audit provides a service to management. Its strategy, planning and delivery should aim
to maximize the value added for management without jeopardizing internal audit’s
responsibilities to the management.

330 Relationships with Other Internal Auditors

Where Internal Auditors need to work with Internal Auditors of another organization, the roles
and responsibilities of each party should be agreed and endorsed by the Head of each Public
Body.

340 Relationships with External Auditors

Internal audit should seek to meet regularly with the external auditor to consult on audit plans,
discuss matters of mutual interest, discuss common understanding of audit techniques, methods
and terminology and seek opportunities to rely on their work where appropriate, provided this
does not prejudice internal audit’s independence.

400 STAFFING, TRAINING AND DEVELOPMENT

410 Principles of Staffing, Training and Development

Internal audit should be appropriately staffed in terms of numbers, grades, qualification levels
and experience, having regarded to its objectives and to these standards.

420 Qualifications of Internal Auditors

Ministry of Finance and Economic Development defines the minimum level of skill, knowledge
and experience required of an internal auditor and the Head of Internal Audit.

430 Staffing the Internal Audit Unit

The Ministry of Finance and Economic Development is responsible for ensuring that they have
access to the full range of knowledge, skills, qualifications and experience to meet the unit’s
audit objectives and these standards.

440 Continuing Professional Development

All Internal Auditors should undertake a program of continuing professional development to

maintain and develop their skills.

II PERFORMANCE STANDARDS

500 AUDIT STRATEGIES AND PLANNING

510 Developing the Internal Audit Strategy

The Head of Internal Audit should develop and maintain a strategy for providing the Head of
public body economically and efficiently, with objective evaluation of an opinion on the

3
effectiveness of the public body’s risk management, control and governance arrangements. The
internal audit activity should evaluate risk exposures relating to the public body's governance,
operations, and information systems

520 Developing the Periodic Audit Plans

Internal audit should prepare periodic work plans, designed to implement the audit strategy for
approval by the Head of the Public Body.

530 Planning Audit Assignments

For each audit assignment a detailed plan should be prepared and discussed with the Head of the
public body. These plans should establish detailed objectives for the assignment, the level of
assurance that management wishes to derive from the opinion to be delivered, resource
requirements, audit outputs and target dates.

540 Nature of Work

The internal auditors should assess and improve the public body’s risk management, control, and
governance processes.

550 Audit Program

To achieve audit objective of each assignment, it is essential to develop an audit programme,

which provides a means of monitoring the progress and completion of the audit. The audit
programme should state the objective of the audit assignment and document Internal Auditors'
procedure for collecting, analysing, interpreting and documenting information during the audit.

600 RISK ASSESSMENTS

610 Principles of Risk Assessment

The Internal Auditor should identify the different systems that exist in the public body and the
risk factors that are relevant to those systems and should assess their relative significance

620 Identification of System

The Internal Auditor should identify each system of the public body in which resources (input)
organized (processed) to provide results (out puts) in accordance with predetermined purposes
(objectives).

630 Risk Factors

The Internal Auditor should use appropriate risk factors, which will be used to assess the relative
significance, and likelihood that conditions and/or events may occur that could adversely affect
the public body to achieve its objective.

640 Risk Assessments

4
The Internal Auditor should systematically assess and integrate professional judgment about
probable adverse conditions and/or events. The risk assessments process should provide a means
of organizing and integrating professional judgment for development of a prioritized audit work
schedule.

700 AUDIT WORKING PAPERS

710 Principles of Audit Working Papers
The Internal Auditor should prepare working papers, which provide the principal evidential
supports for the audit report, and demonstrate the Internal Auditors' compliance with standard of
Internal Auditors and support or audit conclusion reached.

720 Content of Audit Working Papers

The Internal Auditor should document in the working papers the following aspects of the audit
process of:
• Planning, examination and evaluation of the effectiveness of risk management;
• Control and governance process;
• The auditing procedures performed and the conclusion reached, review, reporting and follow-
up.

730 Preparation of Working Paper

The Internal Auditor should follow standardized policies for the types of audit working paper
files maintained, stationery used, indexing and other related matters.

740 Ownership and Custody of Audit Working Papers

Audit working papers are the property of the public body being examined.
Audit working papers should remain under the control of the Internal Audit
Department and the Head of the Public Body should approve request for access to it by parties
outside the public body.

800 AUDIT EVIDENCES

810 Principles of Audit Evidences

The Internal Auditor should obtain sufficient and appropriate audit evidences to be able to draw
reasonable conclusions and recommendations regarding the risk management, control and
governance of the public body.
820 Sufficient Appropriate Audit Evidences
The Internal Auditor should use his professional judgment to assess
whether he obtained sufficient and appropriate audit evidence.

830 Procedures for Obtaining Audit Evidence

The Internal Auditor should have a sound understanding of the techniques and procedures such
as inspection, enquiry and confirmation, to collect audit evidences.

900 DETERRENCE, DETECTION, INVESTIGATION AND

5
REPORTING OF FRAUD

910 Principles of Deterrence, Detection, Investigation and Reporting of

Fraud
The Internal Auditor should examine and evaluate the adequacy and effectiveness of actions
taken by management of the public body to deter fraud, be able to identify indicators that fraud
might have been committed, investigate fraud and issue a written report at the conclusion of the
investigation phase.
920 Deterrence of Fraud
The Internal Auditor is responsible for assisting in the deterrence of fraud, by examining and
evaluating the adequacy and effectiveness of control, commensurate with the extent of the
potential exposure in the various segments of the public body's operation. The Internal Auditor
should determine:

930 Detection of Fraud

The Internal Auditor should identify indicators of fraud sufficient to warrant recommending an
investigation.
940 Investigation of Fraud
When indicators suggest that fraud has been committed, the Internal Auditor should perform
extended procedures necessary to determine whether the fraud, as suggested by the indicators,
has been committed.

950 Reporting of Fraud

A written report should be issued to the head of the public body at the conclusion of the
investigation phase. It should include all findings, conclusions and recommendations for
corrective action to be taken.

1000 AUDITING COMPLIANCE WITH POLICIES, PLANS, PROCEDURES,

LAWS AND REGULATIONS

1010 Principles of Auditing Compliance with Policies, Plans, Procedures,

Laws and Regulations
Internal Auditors should review the systems established to ensure compliance with applicable
policies, plans, procedures, laws and regulations and should determine whether the public body
is in compliance.

1010 Principles of Auditing Compliance with Policies, Plans, Procedures,

Laws and Regulations
Internal Auditors should review the systems established to ensure compliance with applicable
policies, plans, procedures, laws and regulations and should determine whether the public body
is in compliance.
1020 Responsibility of Head of the Public Body
The Head of the public body is responsible for establishing the systems designed to ensure
compliance with such requirements as policies, plans, procedures, applicable laws and
regulations.
1030 Responsibility of Internal Auditors

6
Internal Auditors are responsible for establishing objectives that include planning and
performing a scope of work which provides a reasonable basis for reporting on the extent of
public body compliance with policies, plans, procedures, laws and regulations

1100 QUALITY ASSURANCE

1110 Principles of Quality Assurance

The Head of Internal Audit should design a quality assurance programme to provide reasonable
assurance that audit assignments conform to all applicable standards and guidelines.

1120 Supervision of Internal Audit Assignments

Supervision of internal audit works should be carried out continually to ensure conformance with
internal auditing standards, public body directives and audit programmes.
1130 Internal Review of Audit Assignments
Internal reviews should be performed periodically by experienced members of the internal
auditing staff to appraise the quality of the audit assignment performed
1140 External Review of Audit Assignments
Ministry of Finance and Economic Development should coordinate an external review of the
internal auditing department by persons who are independent of the public body to appraise the
quality of the audit assignment. Experienced internal auditor of other public body may carry out
external review as a peer-review.

1200 REPORTING

1210 Principles of Reporting

After the audit examination is completed, the Internal Auditor should discuss conclusions and
recommendations at appropriate levels of management and issue a signed, objective, clear,
concise, constructive and timely written report with appropriate format (content).

1220 Objective, Clear, Concise, Constructive and Timely Reports

Internal audit reports should be objective. Objective reports are factual, unbiased and free from
distortion

1230 Content and Format of Audit Reports

Audit reports should present the purpose, scope and results of the audit and where appropriate,
reports should also contain an expression of the auditor's opinion.

1300 FOLLOW-UP ON REPORTED AUDIT FINDINGS AND

RECOMMENDATIONS

Principles of Follow-up on Reported Audit Findings

The Internal Auditor should determine the adequacy, effectiveness and timeliness of action taken
by management of the public body on reported findings.

Nature, Timing and Extent of Follow-up

7
The Internal Auditor should determine appropriate follow-up procedures depending upon the
significance of the reported findings; risks that may occur should the corrective action fail and
the complexity of the corrective action. The Internal Auditor should also consider the degree of
effort, the time period involved and the cost needed to correct the reported condition.

CODE OF ETHICS
Internal auditors are expected to apply and uphold the following principles:
Integrity
Integrity is the core valve of a Code of Ethics. Internal auditors have a duty to adhere to a high
standard of behavior (e.g. honesty and candidness) in the course of their work.
Objectives
Objectivity is a state of mind that has regard to all considerations relevant to the activity or
process being examined without being unduly influenced by personal interest or the views of
others.
Confidentiality
Members of the internal audit team should safeguard the information they receive in carrying out
their duties.
Competency
Members of the internal audit team should apply the knowledge, skills and experience needed in
the performance of their duties.

RULES OF CONDUCT

1. Integrity
Internal Auditors:
1.1 shall perform their work with honesty, diligence, and responsibility;
1.2 shall observe the law and make disclosures expected by the law and the profession;
1.3 shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization;
1.4 shall respect and contribute to the legitimate and ethical objectives of the organization.
2. Objectivity
Internal Auditors:
2.1 shall not participate in any activity or relationship that may impair or be presumed to
impair their unbiased assessment. This participation includes those activities or relationships that
may be in conflict with the interests of the organization.
2.2 Shall not accept anything that may impair or be presumed to impair their professional
judgment.
2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the
reporting of the activities under review.
3. Confidentiality
Internal Auditors:
3.1 shall be prudent in the use and protection of information acquired in the course of their
duties.
3.2 Shall not use information for any personal gain or in any manner that would be contrary
to the law or detrimental to the legitimate and ethical objectives of the organization.

8
 4. Competency
Internal Auditors:
4.1 Shall engage only in those services for which they have the necessary knowledge, skills
and experience.
4.2 Shall perform internal auditing services in accordance with the Internal
Audit Standards of Public Bodies of Government of Ethiopia.
4.3 Shall continually improve their proficiency and the effectiveness and quality of their
services

9
10