APPENDIX A

Ethics and Standards for the IS Auditor1

ISACA CODE OF PROFESSIONAL ETHICS

The Information Systems Audit and Control Association®, Inc. (ISACA) sets forth this Code of Professional Ethics, including standards, guidelines, and procedures, to guide the professional and personal conduct of members of the Association and/or its certification holders.

Members and ISACA Certification holders shall:

  • Support the implementation of, and encourage compliance with, appropriate standards and procedures for the effective governance and management of enterprise information systems and technology, including: audit, control, security, and risk management.
  • Perform their duties with due diligence and professional care, in accordance with professional standards.
  • Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not discrediting the profession or the Association.
  • Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.
  • Maintain competency in their respective fields and agree to undertake only those activities that they can reasonably expect to complete with professional competence.
  • Inform appropriate parties of the results of work performed; revealing all significant facts known to them.
  • Support the professional education of stakeholders ...

Get Auditor's Guide to IT Auditing, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.