Online Exclusive

Auditing an organization's governance and ethics

We have no universally accepted definition of the word “governance.” The Institute of Internal Auditors (IIA) defines corporate governance as “the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.” While many organizations throughout the world follow this definition, others apply it differently.  For instance, the Geneva Court of Accounts (Cour des comptes, Geneva Switzerland) follows the IIA’s interpretation of governance, but a chief audit executive (CAE) might use a different application for audit purposes when the organization has adopted a different framework or model.

According to the ACFE’s Fraud Examiners Manual, corporate governance is broadly used to describe the oversight responsibilities of different parties for an organization’s direction, operations and performance.

More specifically, the Organisation for Economic Co-operation and Development (OECD) defines corporate governance as: “[The] procedures and processes according to which an organisation is directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organization — such as the board, managers, shareholders and other stakeholders—and lays down the rules and procedures for decision-making. (See the OECD’s Glossary of Statistical Terms, July 2005.)

Even though definitions vary, it’s widely accepted that an organization’s ethics is an important part of its governance.

A detailed description of what constitutes the “ethical dimension” in an organization’s governance is beyond the scope of this article. Put simply, the ethical dimension can be defined as an organization’s code of conduct and acceptable employee behavior.

An internal auditor usually analyzes an organization’s ethics when it has an important impact on other key governance aspects, such as risk management, compliance, strategy and how it conducts its business. Strong ethics helps an organization perform better.

Here are some practical difficulties that auditors might face when auditing an organization’s governance (not an exhaustive list):

Code of silence

During an audit of an organization’s governance, executives and employees might be tempted to describe the ethical climate as ideal. And the organization’s documentation often corroborates the interviews. However, this ideal picture doesn’t always correspond with the real situation. Much unethical behavior doesn’t necessarily leave any paper trail! For example, the Cour des comptes’ 2015 and 2016 audits determined that certain employees omitted important elements during the interviews.

The audit showed employees were performing personal tasks during office hours or using company resources outside the office. These included plumbing work and a gate repair at executives’ homes, selling personal items during office hours and intervening in a bid to favor one company over another.

Proper training

Verifying the accuracy of the received information is a paramount task. Often, the only way to do this is by cross-checking the information and detecting the discrepancies during the interviews. Auditors should be very careful when conducting interviews. Applying proper interviewing techniques like those taught by the ACFE helps to identify deceitful statements about the ethical climate.

The common PEACE interviewing method focuses on information gathering instead of obtaining a confession: planning and preparation, engage and explain, account, closure and evaluation.

Auditors who conduct interviews also should be proficient notetakers. They sometimes must handwrite an interview’s proceedings that the interviewee will sign at the end of the interview. This can be particularly helpful when executives or employees are being deceitful or fear retaliation from management. The prospect of signed handwritten interview notes can impede employees from willfully lying about facts that the interviewer has established or confirmed during the interview.

External pressures

Even though it’s rare, an organization’s executives or employees might try to exert pressure on the auditors conducting the interviews. For example, during the Cour des comptes audit mentioned earlier, an employee said, “One word from this person and your audit will be shut down immediately!” (Of course this didn’t happen.)

Auditors might feel even more pressure when they encounter unethical behaviors that don’t constitute criminal offenses.


Auditors also might place undue pressure on themselves. They might fear for their future professional careers, so they’ll attempt to please their organizations. An organization’s management must support its auditors and create an environment that promotes strong ethical values for them.

Organizations must understand that auditors don’t necessarily have the proper training to audit governance and ethics, or they simply have no desire to obtain it. Organizations also must realize certain auditors simply don’t wish to be enmeshed in potential conflicts.

The atmosphere during an ethics examination can be heavy, especially if the ethical dimension isn’t adequate. Some executives and employees might be hostile against the ongoing audit. Others might have a hard time accepting the unethical climate on a personal level and break down during interviews (in several interviews I’ve conducted, executives and employees started crying during the interview).

Sometimes, the governing body fails to promote ethical values and might wish to minimize the facts. So the auditor might be tempted to also minimize the findings, such as treating each occurrence as a separate, non-related event rather than knitting them together into a whole picture.

Possible solutions

Here are some ways to conduct successful governance and ethics audits:

  • Carefully select the auditors who’ll participate and devise the order in which they’ll interview the employees. (It might be necessary for them to interview the same employee several times.) Include top-level executives as well as regular employees. The interviews’ order might change during the audit depending on the findings. Evaluate what the auditors learned through their interviews and analysis and adjust the auditing strategy accordingly.
  • Create a setting in which the organization‘s executives and employees feel free to talk. Show the interviewees that the interviews will remain confidential and they don’t need to fear retaliation. Sometimes you ease their by conducting the interviews outside their offices in a less threatening environment. (See Creating a climate of trust: Effective interviewing during audits can lead to tips, by Nikola Blagojevic, CFE, October 2015,
  • Create an internal setting in which the auditors feel free to report any pressures and can discuss moral dilemmas that might arise during the audit.
  • When possible, interview those — such as suppliers and consultants — who don’t work directly at the organization but have dealings with it.
  • Record the minutes during interviews so interviewees can easily read and sign them immediately following the interviews.

Auditing governance goes beyond analyzing risk management and the strategical objectives of the entity. It requires understanding ethics to diminish the audit risk to an acceptable level.

Nikola Blagojevic, Msc, CFE, CISA, is an audit director at the Cour des Comptes in Geneva, Switzerland. His email address is: