The Information Systems Audit and Control Association (ISACA) set forth a code governing the professional conduct and ethics of all certified IS auditors and members of the association. As a CISA, you are bound to uphold this code. The following eight points represent the true spirit and intent of this code:
- You agree to support the implementation of appropriate policies, standards, guidelines, and procedures for information systems. You will also encourage compliance with this objective.
- You agree to serve the interests of stakeholders in an honest and lawful manner that reflects a credible image upon your profession. The public expects and trusts auditors to conduct their work in an ethical and honest manner.
- You promise to maintain privacy and confidentiality of information obtained during your audit except for required disclosure to legal authorities. Information you obtain during the audit will not be used for personal benefit.
- You agree to undertake only those activities in which you are professionally competent and will strive to improve your competency. Your effectiveness in auditing depends on how evidence is gathered, analyzed, and reported.
- You promise to disclose accurate results of all work and significant facts to the appropriate parties.
- You agree to support ongoing professional education to help stakeholders enhance their understanding of information systems security and control.
- The failure of a CISA to comply with this code of professional ethics may result in an investigation with possible sanctions or disciplinary measures.
Ethics statements are necessary to demonstrate the level of honesty and professionalism expected of every auditor. Overall, your profession requires you to be honest and fair in all representations you make. The goal is to build trust with clients. Your behavior should reflect a positive image on your profession. All IS auditors are depending on you to help maintain the high quality and integrity that clients expect from a CISA.
Every CISA should have a strong understanding of these objectives and how each would apply to different audit situations.