3.1 Ethics and Professionalism Overview
Key Takeaways
- Ethics and Professionalism is Section B of the CIA Part 1 blueprint, weighted about 20% (roughly 25 of 125 questions).
- The Ethics and Professionalism material rests on five principles: Demonstrate Integrity, Maintain Objectivity, Demonstrate Competency, Exercise Due Professional Care, and Maintain Confidentiality.
- Independence is an attribute of the internal audit function; objectivity is an attribute of the individual auditor.
- Objectivity is presumed impaired if an auditor provides assurance over an activity they were responsible for within the previous 12 months.
- The quality assurance and improvement program requires ongoing internal monitoring, periodic self-assessment, and an external assessment at least every five years.
What Section B covers
Ethics and Professionalism is Section B of the CIA Part 1: Essentials of Internal Auditing exam blueprint, weighted at approximately 20% — roughly 25 of the 125 items. The Part 1 blueprint has four sections: A Foundations of Internal Auditing (35%), B Ethics and Professionalism (20%), C Governance, Risk Management, and Control (30%), and D Fraud Risks (15%). Foundations is the largest section; the older topic blocks on independence, objectivity, proficiency, and the quality program were folded into Sections A and B.
Section B rests on the ethics requirements of The IIA's 2024 Global Internal Audit Standards (effective 9 January 2025), which replaced the old separate "Code of Ethics" and the International Standards for the Professional Practice of Internal Auditing with a single framework. The ethics requirements are grouped under five principles, each supported by standards stating requirements, considerations for implementation, and examples of evidence of conformance:
| Principle | Name | Core idea |
|---|---|---|
| Principle 1 | Demonstrate Integrity | Honesty, professional courage, lawful and ethical behavior |
| Principle 2 | Maintain Objectivity | An impartial, unbiased mental attitude |
| Principle 3 | Demonstrate Competency | Possess or obtain the knowledge, skills, and abilities |
| Principle 4 | Exercise Due Professional Care | Diligence, judgment, professional skepticism |
| Principle 5 | Maintain Confidentiality | Use and protect information appropriately |
Independence versus objectivity
The single most-tested distinction in this chapter: independence is an attribute of the internal audit function; objectivity is an attribute of the individual auditor.
- Independence is the freedom from conditions that impair the ability of the internal audit function to carry out its responsibilities in an unbiased manner. It is achieved through organizational positioning — the chief audit executive (CAE) reporting functionally to the board. This is governed by Standard 7.1 Organizational Independence.
- Objectivity is an unbiased mental attitude that allows internal auditors to make professional judgments without compromise. It lives in the auditor's head and is governed by the Maintain Objectivity principle and its standards (2.1 Individual Objectivity, 2.2 Safeguarding Objectivity, 2.3 Disclosing Impairments to Objectivity).
A function can be perfectly positioned (independent) yet staffed by an auditor with a personal conflict of interest (not objective) — and vice versa. The exam frequently builds a scenario, then asks whether the problem is one of independence or objectivity. Read for the cue: a reporting-line or structural problem is independence; a personal relationship, gift, or self-review problem is objectivity.
Where the related governing content lives
Because the Part 1 blueprint folded the old independence, proficiency, and quality-program topics into broader sections, this chapter also pulls in two governing requirements that sit outside the five ethics principles: Standard 7.1 Organizational Independence and the quality assurance and improvement program (QAIP) of Standards 8.3, 8.4, and 12.1. Treat these as the structural scaffolding that lets the function demonstrate it conforms with the Standards.
How Section B is tested
CIA Part 1 is 125 multiple-choice questions in 2.5 hours (150 minutes), delivered through Pearson VUE (test center or remote OnVUE), scored on a 250–750 scale with 600 to pass and no penalty for guessing. Section B questions are overwhelmingly applied judgment, not pure recall. A typical stem describes a situation — an auditor offered a gift, a CAE asked to run a non-audit project, a planned acquisition learned during fieldwork — and asks for the most appropriate next action.
Use a five-part reading model on every Section B item:
- Cue — what triggered the question (a gift, a relationship, a scope limit, a competency gap, a quality finding)?
- Authority — which principle or standard governs (2.2 safeguarding objectivity, 3.1 competency, 4.2 due professional care, 7.1 independence, 8.4 external assessment)?
- Action — what does the standard require next (disclose, decline, obtain competent advice, reassign, escalate to the board)?
- Who — many answers turn on who must act or be informed: the auditor, the CAE, senior management, or the board.
- Risk — what goes wrong if you choose the convenient shortcut (a presumed objectivity impairment, an undisclosed conflict, a nonconformance with the Standards)?
High-yield facts to lock in
- The 12-month rule: objectivity is presumed impaired if an auditor performs assurance over an activity they were responsible for within the previous 12 months.
- Disclosure first: when objectivity is impaired "in fact or appearance," the details must be disclosed to appropriate parties.
- External assessment of the QAIP at least once every five years, by a qualified, independent assessor, at least one of whom holds an active CIA designation.
- The CAE confirms the function's organizational independence to the board at least annually.
Why ethics sits at the center of internal auditing
Internal auditing exists to give the board and senior management objective assurance and advice they can rely on. That reliance is only justified if the auditors are demonstrably honest, unbiased, competent, careful, and discreet — which is exactly what the five ethics principles codify. The IIA frames internal auditing's value around three words the exam echoes constantly: independent, objective, and risk-based. Strip away independence and objectivity and the work is just management's opinion of itself.
Principle 1 Demonstrate Integrity anchors the rest. Its Standard 1.1 Honesty and Professional Courage requires auditors to be honest and to have the courage to report unfavorable findings. Standard 1.2 Organization's Ethical Expectations asks auditors to support the organization's ethical culture, and Standard 1.3 Legal and Ethical Behavior requires conformance with laws and avoidance of activity that discredits the profession. Integrity is the principle that makes the other four believable.
How the five principles interlock
Think of the five ethics principles as a chain. Integrity is the willingness to do the right thing. Objectivity is the unbiased mindset that lets you see the right thing. Competency is the skill to know the right thing. Due professional care is the diligence to find the right thing at a reasonable cost. Confidentiality is the discretion to protect what you learn while finding it. A weakness in any link undermines the assurance the function provides — which is why the exam can attack the chapter from any of the five angles and why you should be able to name all five on demand.
An internal audit function reports functionally to the board, but the auditor assigned to a payroll audit is the spouse of the payroll manager. Which statement best describes the situation?
Under the 2024 Global Internal Audit Standards, objectivity is PRESUMED to be impaired when an internal auditor provides assurance services over an activity for which they had responsibility within the previous: