This is an HTML version of an attachment to the Freedom of Information request 'Independent EU ethics body'.


ISSAI 130
Code of Ethics
INTOSAI Standards are issued 
by the International 
Organisation of Supreme Audit 
Institutions, INTOSAI, as part of 
the INTOSAI Framework of 
Professional Pronouncements. 
For more information visit 
INTOSAI
www.issai.org




INTOSAI
INTOSAI, 2019
1) 
Formerly known as ISSAI 30
2) 
First version adopted in 1998
3) 
Current version endorsed in 2016
4) 
With the establishment of the Intosai Framework of Professional 
Pronouncements (IFPP), relabeled as ISSAI 130 with editorial changes in 2019
ISSAI 130 is available in all INTOSAI official languages: Arabic, English, French, 
German and Spanish

link to page 4 link to page 6 link to page 6 link to page 7 link to page 8 link to page 9 link to page 10 link to page 10 link to page 11 link to page 12 link to page 12 link to page 12 link to page 15 link to page 21 link to page 24 link to page 26 TABLE OF CONTENTS
1. PREAMBLE 4
2. OVERALL APROACH TO ETHICAL BEHAVIOR 
6
Fundamental ethical values 

Risks and controls 
7
3. OVERALL RESPONSABILITIES OF SUPREME AUDIT INSTITUTIONS   8 
Code of ethics 
9
Leadership 10
Ethics guidance 
10
Ethics management and monitoring 
11
4. FUNDAMENTAL ETHICAL VALUES 
12
•  Integrity  
12 
•  Independence and objectivity 
15
•  Competence 21
•  Professional behavior 
24
•  Confidentiality and transparency 
26

1
PREAMBLE
1) 
Supreme  Audit  Institutions  (SAIs)  are  held  to  high  expectations  and  must 
earn  the  trust  of  stakeholders  (citizens,  legislative,  and  executive  bodies, 
auditees and others). Therefore, they need to act as model organisations and 
inspire confidence and credibility. As ethical behaviour is a key component in 
establishing and sustaining the needed trust and reputation, a code of ethics 
is a prerequisite for the functioning of a SAI.
2) 
The ISSAI 130 - Code of Ethics (the Code) intends to provide SAIs and the 
staff working for them with a set of values and principles on which to base 
behaviour.  Furthermore,  recognising  the  specific  environment  of  public 
sector auditing (often different from that of private sector auditing), it gives 
additional guidance on how to embed those values in daily work and in the 
particular situations of a SAI.
3) 
The Code is intended for all those who work for, or on behalf of, a SAI. This 
includes the head of the SAI, its members in the case of collegial models, 
executive management and all individuals directly employed by, or contracted 
to conduct business on behalf of, the SAI. The Code also applies to those in 
the governance structure of a SAI. All these individuals, hereafter referred to 
as staff, should adhere to the stated values in their professional activity and, 
as applicable, in their private life.
4) 
Ethical behaviour of staff is also influenced by the environment they work in. 
Accordingly the Code addresses the responsibilities of SAIs in promoting and 
safeguarding  ethics  and  ethical  values  in  every  aspect  of  the  organisation 
and its activities.
4

ISSAI 130 - CODE OF ETHICS
5) 
The Code comprises an overall approach to ethical behaviour, a description 
of the SAI’s overall responsibilities and the five fundamental values that guide 
ethical conduct.
The descriptions of the SAI overall responsibilities and of the values include:
a) 
requirements that SAIs and their staff should comply with;
b) 
application guidance to help SAIs and their staff meet the requirements 
– this includes the meaning of the requirements, underlying concepts, 
suggested  procedures  for  implementing  the  requirements,  and 
examples of good practices.
6) 
No  code  can  address  all  ethical  circumstances  that  will  arise  in  practice. 
Accordingly, the Code is written at a principle level. SAIs and their staff should 
apply their professional judgement to the circumstances they encounter and 
follow the relevant requirements set out in this Code.
7) 
To satisfy the diversity of culture, and legal and social systems (such as specific 
rules applying to SAIs of judicial nature), each SAI is encouraged to develop or 
adopt a code of ethics and an appropriate ethics control system to implement 
it. This Code constitutes the foundation for each SAI’s code, which should be 
at least as stringent as the INTOSAI Code. 
5

2
OVERALL APROACH TO 
ETHICAL BEHAVIOR
FUNDAMENTAL ETHICAL VALUES
8) 
For the purpose of this Code:
a) 
Ethical values are the concepts of what is important and therefore 
should drive SAIs and SAIs’ staff decisions.
b) 
Ethical principles guide how these values should be carried out in 
practice and, therefore, what should be appropriate behaviour.
9) 
This  Code  is  based  on  five  fundamental  values.  These  values,  and  the 
respective summarised guiding principles, follow:
a) 
Integrity – to act honestly, reliably, in good faith and in the public 
interest;
b) 
Independence  and  objectivity  –  to  be  free  from  circumstances  or 
influences  that  compromise,  or  may  be  seen  as  compromising, 
professional  judgement,  and  to  act  in  an  impartial  and  unbiased 
manner;
c) 
Competence – to acquire and maintain knowledge and skills 
appropriate for the role, and to act in accordance with applicable 
standards, and with due care;
d) 
Professional behaviour – to comply with applicable laws, regulations 
and conventions, and to avoid any conduct that may discredit the SAI;
6

ISSAI 130 - CODE OF ETHICS
e) 
Confidentiality and transparency – to appropriately protect information, 
balancing this with the need for transparency and accountability.
RISKS AND CONTROLS
10)  Risks (often also referred to as “threats” or “vulnerabilities”) of non-compliance 
with the above values can be influenced by a number of risk factors. These 
include, but are not limited to:
a) 
political influence and external pressure from auditees or other parties;
b) 
personal interests;
c) 
inappropriate bias from previous judgements made by the SAI or SAI 
staff;
d) 
advocating the interests of auditees or other parties;
e) 
long or close relationships.
These risks can be either real or perceived.
11)  Where risks are identified that threaten any of the five fundamental values, 
the significance of such threats is evaluated and appropriate controls (often 
also referred to as “safeguards”) need to be put in place to reduce the risk of 
unethical behaviour to an acceptable level. These controls can be put in place 
by legislation, regulation or a SAI. 
7

OVERALL RESPONSABILITIES 
3
OF SUPREME AUDIT 
INSTITUTIONS 
12.  REQUIREMENTS
a)  The SAI shall adopt and implement a code of ethics consistent with this 
standard and shall make it public.
b)  The SAI shall emphasise the importance of ethics and promote an ethical 
culture in the organisation.
c) 
The SAI’s leadership shall set the tone at the top by its actions and example, 
acting consistently with the ethical values.
d)  The SAI shall require all staff to always engage in conduct consistent with the 
values and principles expressed in the code of ethics, and shall provide guidance 
and support to facilitate their understanding. The SAI shall require that any party it 
contracts to carry out work on its behalf commit to the SAI’s ethical requirements.
e)  The SAI shall implement an ethics control system to identify and analyse 
ethical risks, to mitigate them, to support ethical behaviour, and to address any 
breach  of  ethical  values,  including  protection  of  those  who  report  suspected 
wrongdoing.
f) 
The SAI shall establish procedures to address identified conflicts between 
its ethical requirements and the standards of professional bodies that the SAI 
staff may be a member of.
8

ISSAI 130 - CODE OF ETHICS
APPLICATION GUIDANCE
13)  To promote and safeguard ethics in every aspect of the organisation and its 
activities, a SAI implements an ethics control system that includes appropriate 
specific  strategies,  policies  and  procedures  to  guide,  manage  and  control 
ethical behaviour. This ethics control system can be designed as a separate set 
of controls or integrated within the SAI’s overall internal control system.
14)  The  main  components  of  the  ethics  control  system  are:  code  of  ethics, 
leadership and tone at the top, ethics guidance, and ethics management and 
monitoring.
CODE OF ETHICS
15)  A code of ethics or a code of conduct sets out ethical values and principles, 
and  the  way  a  SAI  expects  its  staff  to  behave,  therefore  guiding  individual 
behaviour. It is critical that a SAI’s code supports an environment conducive to 
behaviour consistent with the values and principles expressed in this standard. 
This includes fostering an understanding that compliance with the SAI’s code 
means abiding by the spirit and not just the letter of the code.
16)  Each SAI sets its code, and policies and procedures in accordance with 
its culture, and legal and social systems. The level of detail of the code is 
determined by context and organisational culture. The SAI’s code of ethics may 
be in a variety of forms or formats. Elements to be considered are: statements 
about the values that guide conduct, descriptions of the associated expected 
behaviours,  specific  examples  of  ethical  dilemmas  and  sensitive  situations, 
ethical  conflict  resolution,  whistle-blowing  procedures,  and  provisions  for 
dealing with misconduct.
17)  Staff are more likely to follow the code if it has been developed in an inclusive 
and transparent manner.
9

ISSAI 130 - CODE OF ETHICS
LEADERSHIP
18)  Building an ethical culture in an organisation starts with its leadership. Leaders 
demonstrate the tone at the top by:
a) 
setting ethics as an explicit priority;
b) 
reinforcing this priority by clear, consistent and regular messages;
c) 
implementing strategies, policies and procedures to promote ethics;
d) 
leading by example;
e) 
maintaining high standards of professionalism, accountability and 
transparency in decision making;
f) 
encouraging an open and mutual learning environment, where difficult 
and sensitive questions can be raised and discussed;
g) 
providing  an  environment  in  which  staff  experience  fairness  of 
treatment conducive to good relationships among colleagues;
h) 
recognising good ethical behaviour, while addressing misconduct;
i) 
ensuring that ethics, policies and procedures are applied consistently 
and fairly.
ETHICS GUIDANCE
19)  Clear  communication  is  necessary  to  increase  staff’s  awareness  and 
understanding  of  the  code  of  ethics.  This  can  include  educating  staff  on 
promoting  the  SAI’s  values  and  addressing  ethical  dilemmas,  by  offering 
workshops  and  training,  leadership  engagement,  and  disseminating  ethics 
topics and good practices.
20)  Although  ethical  behaviour  is  primarily  the  responsibility  of  staff,  SAIs  can 
support  staff  by  assigning  responsibilities  to  ethics  advisors  (in  some  cases 
operating  as  ethics  committees,  integrity  coordinators,  ethics  officers,  or 
10

ISSAI 130 - CODE OF ETHICS
counsellors)  to  give advice  on  specific  issues.  Confidentiality  and  a  defined 
due process are critical elements for the effective use of this assistance.
ETHICS MANAGEMENT AND MONITORING
21)  Incorporating  ethics  in  daily  management  is  essential  to  reinforce  values. 
This includes recognising ethics as a criterion in recruitment, performance 
appraisal and professional development. It also implies recognising good 
ethical  behaviour  and  applying  safeguards  to  specific  risks,  such  as  those 
arising from conflicts of interests or confidentiality issues.
22)  Monitoring controls help the SAI mitigate ethics risks. The SAI may apply the 
following monitoring controls:
a) 
maintaining registers to track interests, gifts and hospitality;
b) 
conducting self-assessment, internal and external reviews that can be 
used  regularly,  as  monitoring  tools,  as  a  way  to  identify  and  analyse 
vulnerabilities  and  recommend  measures  for  improving  ethics 
management, and/or as a routine to ensure accountability. Evaluations 
will  have  to  consider  that  many  ethical  requirements  refer  to  soft 
controls,  which  require  the  use  of  specific  appropriate  assessment 
methods. Tools available for these assessments include IntoSAINT1,  peer 
review guidelines, surveys, interviews and feedback questionnaires;
c) 
establishing  and  implementing  policies  on  ethical  misconduct  and 
whistle-blowing  –  these  include  procedures  for  reporting  cases  of 
misconduct and for timely and adequate response, investigation and 
sanctioning.
23)  Information  gathered  from  the  procedures  above  can  be  used  to  regularly 
evaluate, update and improve ethics policies. A SAI may report to relevant 
stakeholders  on  these  evaluations  (for  example  in  its  annual  performance 
report). 

 IntoSAINT is a dedicated self-assessment instrument for members of INTOSAI to assess integrity vulnerabilities 
and controls.
11

4
FUNDAMENTAL
ETHICAL VALUES
INTEGRITY 
24.  Requirements at the level of SAI
a)  The SAI shall emphasise, demonstrate, support and promote integrity.
b)  The SAI shall ensure that the internal environment is conducive for staff to 
raise ethical breaches.
c) 
The  SAI  shall  respond  to  integrity  breaches  in  a  timely  and  adequate 
manner.
12

ISSAI 130 - CODE OF ETHICS
25.  Requirements at the level of SAI staff
a)  The SAI’s leadership shall lead by example.
b)  SAI staff shall set a good example by acting honestly, reliably, in good faith 
and in the public interest. In the course of their work they shall be trustworthy. 
They shall comply with the policies and standards set by the organisation.
c) 
SAI  staff  shall  take  care  to  exercise  responsibilities  and  use  the  powers, 
information and resources at their disposal solely for the benefit of the public 
interest. They shall not use their position to obtain favours or personal benefits 
for them or for third parties.
d)  SAI staff shall be aware of integrity vulnerabilities and approaches to mitigate 
them, and shall act accordingly.
APPLICATION GUIDANCE 
APPLICATION GUIDANCE AT THE LEVEL OF SAI
26)  To promote integrity, a SAI implements and maintains an ethics control 
system,  consisting  of  a  well-balanced  set  of  measures  and  controls.  The 
“Overall  responsibilities  of  Supreme  Audit  Institutions”  section  of  this 
standard describes the main components that are relevant to the SAI at the 
organisational level.
APPLICATION GUIDANCE AT THE LEVEL OF SAI STAFF
27)  In order to sustain public trust, SAI staff are expected to act above reproach, 
not engaging in any improper activity.
 
» Integrity vulnerabilities
28)  At  the  individual  level,  staff  need  to  be  alert  to  circumstances  that  might 
expose them to integrity vulnerabilities related to working for the SAI and in 
13

ISSAI 130 - CODE OF ETHICS
the public sector environment, and avoid or disclose them as appropriate. 
These circumstances may relate to:
a) 
personal, financial or other interests or relationships that conflict with 
the SAI’s interests;
b) 
acceptance of gifts or gratuities;
c) 
abusing power for personal gains;
d) 
involvement  in  political  activities,  participation  in  pressure  groups, 
lobbying, etc.;
e) 
access to sensitive and/or confidential information;
f) 
access to, and use of, valuable resources of the SAI.
29)  Circumstances related to the private lives of SAI staff may also threaten their 
integrity, such as their own financial situation or personal relationships.
Staff responsabilities towards SAI’s integrity
30)  Staff  need  to  acquaint  themselves  with  the  SAI’s  policies,  regulations  and 
rules related to integrity and are responsible for supporting and complying 
with  them.  Complying  with  the  SAI’s  policies,  regulations  and  rules  is  not 
just a formal process, but also takes into account the goal of these policies, 
regulations and rules.
31)  Staff  need  to  know  whom  to  consult  with  issues  related  to  integrity,  for 
example for advice or to report concerns or suspicions of integrity violations.
32)  To ensure that integrity controls remain current, it is important that the SAI’s 
leadership  and  staff  participate  in  regular  training,  meetings  and  events  to 
promote a culture of integrity and to learn about new risks and specific cases.
33)  If staff feel that integrity control weaknesses exist within the SAI, they bring 
these to the attention of ethics advisors or the SAI’s management.
14

ISSAI 130 - CODE OF ETHICS
INDEPENDENCE AND OBJECTIVITY
34.  Requirements at the level of SAI
a)  The SAI shall be independent as regards its status, mandate, reporting, and 
management autonomy. The SAI shall have full discretion in the discharge of its 
functions. This independence shall be prescribed by an appropriate and effective 
constitutional, legal and regulatory framework. The SAI shall adopt policies for its 
independent and objective functioning.
b)  The SAI shall establish a framework to enable the identification of significant 
threats  to  independence  and  objectivity,  and  the  application  of  controls  to 
mitigate them, as well as provide guidance and direction for staff in this respect.
c) 
The  SAI  shall  adopt  policies  to  ensure  that  audit  staff,  particularly  at 
senior level, do not develop relationships to audited entities that may put their 
independence or objectivity at risk.
d)  The SAI shall not provide advisory or other non-audit services to an auditee, 
where such services would include assuming management responsibilities.
15

ISSAI 130 - CODE OF ETHICS
35.  Requirements at the level of SAI staff
a)  SAI  staff  shall  be  free  of  impairments  to  independence  and  objectivity, 
whether  real  or  perceived,  that  result  from  political  bias,  participation  in 
management,  self-review,  financial  or  other  personal  interest,  or  relationships 
with, or undue influence from, others. For this purpose SAI staff shall:
I. maintain independence from political influence and be free from political 
bias;
II. not be involved in the auditee management’s decision-making;
III. not audit their own work;
IV.  avoid  auditing  entities  in  which  they  have  recently  been  employed, 
without appropriate safeguards;
V.  avoid  circumstances  where  personal  interests  could  impact  decision-
making;
VI.  avoid  circumstances  where  relationships  with  the  management  or 
personnel of the auditee or other entities could impact decision-making;
VII.  refuse  gifts,  gratuities  or  preferential  treatment  that  could  impair 
independence or objectivity.
b)  SAI  staff  shall  identify  possible  threats  and  situations  in  which  their 
independence or objectivity may be impaired.
c) 
SAI  staff  shall  inform  the  management  about  any  pre-existing  relevant 
relationships  and  situations  that  may  present  a  threat  to  independence  or 
objectivity.
APPLICATION GUIDANCE
36)  Independence comprises independence in fact and independence in 
appearance. Independence in fact is a situation where individuals are able to 
perform activities without being affected by relationships that can influence 
and compromise professional judgement, allowing them to act with integrity 
16

ISSAI 130 - CODE OF ETHICS
and  exercise  objectivity  and  professional  scepticism.  Independence  in 
appearance is the absence of circumstances that would cause a reasonable 
and  informed  third  party,  having  knowledge  of  relevant  information,  to 
reasonably doubt the integrity, objectivity or professional scepticism of the 
auditor(s), or conclude that they have been compromised.
37)  Objectivity  is  the  mental  attitude  where  individuals  are  able  to  act  in  an 
impartial and unbiased manner, presenting or assessing things on the basis of 
facts rather than own feelings and interests, without subordinating judgement 
to others.
APPLICATION GUIDANCE AT THE LEVEL OF SAI
38)  The  core  principles  of  a  SAI’s  independence  are  described  in  INTOSAI-P  10 
-Mexico Declaration on SAI Independence. 
39)  As an important part of the ethics control system mentioned in the “Overall 
responsibilities of Supreme Audit Institutions” section of this standard, the 
SAI  is  responsible  for  implementing  independence  and  objectivity  related 
controls such as:
a) 
declarations of interests and conflicts of interest to help identify and 
mitigate threats to independence;
b) 
measures to help senior staff supervise and review work according to 
professional criteria designed to exclude outside influences that could 
impact on the SAI and its staff’s independence or objectivity;
c) 
provisions  on  how  to  act  in  cases  where  a  SAI  has  an  obligation  to 
provide non-audit services to an auditee or concerning audited areas, 
such as public procurement;
d) 
policies and procedures to address threats, such as removing an 
individual with a conflict of interest from the audit team, or reviewing 
any significant judgements made by that individual while on the team;
e) 
policies  and  procedures  to  identify  and  address  situations  where  an 
audit staff member has recently been an employee of the auditee or 
has audited the same subject matter under a different organisation;
17

ISSAI 130 - CODE OF ETHICS
f) 
policies  for  periodic  rotation  of  staff  or  equivalent  measures  where 
rotation is not feasible;
g) 
facilitating an environment where objective professional judgement is 
not affected by previous work done by the SAI.
40)  In accordance with its mandate, a SAI may be unable to refuse to engage in 
or continue with an audit. If no controls are effective to eliminate or reduce 
a threat to independence or objectivity to an acceptable level, SAI leadership 
may consider reporting the threat.
APPLICATION GUIDANCE AT THE LEVEL OF SAI STAFF
41)  Common  situations  where  threats  to  independence  and  objectivity  may 
appear are described below.
42)  SAIs and staff need to be aware that the significance of those threats needs to 
be assessed in each particular case. Decision should be taken according to the 
SAI’s framework, considering the specific circumstances of the case, possible 
consequences, and ensuring consistency with the values and principles at stake.
 
» Political neutrality
43)  Notwithstanding the organisational safeguards in place to minimise political 
pressure, a SAI’s leadership and staff are responsible for identifying situations 
where personal political views may impair their independence or objectivity, 
and where their political views and activities may put the reputation of the 
SAI and the credibility of its work at risk.
44)  Involvement in political activities may impact the ability of a SAI’s leadership 
or staff to discharge their professional duties impartially. Even where they are 
allowed to be affiliated with and to participate in such activities, they need to be 
aware that these situations may lead to professional conflicts. Independence 
in appearance is as important as independence in fact: participation in public 
political activities, public expression of political views or candidacy for election 
18

ISSAI 130 - CODE OF ETHICS
to public office may be perceived by stakeholders as having an impact on a 
SAI’s ability to form unbiased judgements.
 
» Participation in auditee’s management
45)  Management  responsibilities  involve  leading,  directing  and  controlling  an 
entity,  including  making  decisions  regarding  the  acquisition,  deployment 
and  control  of  human,  financial,  physical  and  intangible  resources.  These 
responsibilities need to remain firmly with the management of the auditee. The 
following are examples of circumstances related to an auditee’s management 
that may impair the independence or objectivity of SAI staff:
a) 
a member of an audit team who is, or recently was, a principal or senior 
manager at the auditee;
b) 
a  SAI  staff  member  who  serves  as  a  voting  member  of  an  auditee’s 
management committee or board of directors, making policy decisions 
that affect the future direction and operation of the entity’s programmes, 
supervising  the  entity’s  employees,  developing  or  approving  policy, 
authorising  the  entity’s  transactions,  or  maintaining  custody  of  the 
entity’s assets;
c) 
a SAI staff member who recommends a single individual for a specific 
position that is key to the auditee, or otherwise ranking or influencing 
the management’s selection of the candidate;
d) 
a SAI staff member who prepares an auditee’s corrective action plan to 
address deficiencies identified in the audit.
 
» Auditing own work
46)  Circumstances related to staff members’ previous work that may impair their 
independence or objectivity are, among others:
a) 
having been personally involved in the specific activity becoming the 
subject matter of the audit;
19

ISSAI 130 - CODE OF ETHICS
b) 
having recently been an employee of the auditee;
c) 
having recently audited the same subject matter when working for a 
different audit organisation.
 
» Personal interests
47)  Examples  of  circumstances  under  which  personal  interests  may  impair 
independence or objectivity are staff:
a) 
entering  into  employment  negotiations  with  the  auditee  or  another 
entity that the SAI has a contractual or other relationship with;
b) 
being responsible for audit engagements or opinions, the outcome of 
which can have an impact on the financial or other interests of that 
individual;
c) 
engaging in outside business or other non-audit activity with respect 
to an auditee or another entity that the SAI has a contractual or other 
relationship with, the outcome of which can have an impact on their 
financial or other interests;
d) 
having a direct financial interest in the auditee or in another entity that 
the SAI has a contractual or other relationship with.
 
» Relationships with management or personnel of an auditee or another 
entity that the SAI has a contractual or other relationship with
48)  Close private or professional relationships with an auditee or another entity 
that a SAI has a contractual or other relationship with, or relationships that 
can result in undue influence on the part of someone outside the SAI, may 
impair the independence or objectivity of staff. This may occur, for example, 
when a SAI staff member:
a) 
has a close or long personal or professional association with managers 
or staff who have an influential position in an auditee or another entity 
20

ISSAI 130 - CODE OF ETHICS
that the SAI has a contractual or another relationship with;
b) 
has a close family member or friend who is a manager or employee 
with an influential position in an auditee or another entity that the SAI 
has a contractual or another relationship with;
c) 
accepts  gifts,  gratuities  or  preferential  treatment  from  managers  or 
employees of an auditee or another entity that the SAI has a contractual 
or another relationship.
49)  Staff are expected to prevent or avoid threats to independence or objectivity. 
When any uncertainty exists about an independence or objectivity issue, or the 
way to resolve it, and before reporting on that, SAI staff are advised to consult 
with the ethics advisor or other appropriate parties to help them assess the 
significance of the threat and determine an appropriate means of mitigation.
COMPETENCE
50.  Requirements at the level of SAI
a)  The SAI shall adopt policies to ensure that tasks required by its mandate are 
performed by staff that have the appropriate knowledge and skills to complete 
them successfully, including:
I.  putting  in  place  competence-based  recruitment  and  human  resources 
policies;
II. assigning work teams that collectively possess the needed expertise for 
each assignment;
III. providing staff with appropriate training, support and supervision;
IV.  providing  tools  to  enhance  knowledge  and  information  sharing,  and 
encourage staff to use these tools;
V. addressing challenges arising from changes in the public sector 
environment.
21

ISSAI 130 - CODE OF ETHICS
51.  Requirements at the level of SAI staff
a)         SAI staff shall perform their job in accordance with applicable standards 
and with due care.
b)         SAI staff shall act in accordance with the requirements of the assignment, 
carefully, thoroughly and on a timely basis.
c)         SAI staff shall maintain and develop their knowledge and skills to keep up 
with the developments in their professional environment in order to perform 
their job optimally.
APPLICATION GUIDANCE
APPLICATION GUIDANCE AT THE LEVEL OF SAI
52)  Stakeholders’ trust in a SAI’s judgements, and the credibility of those 
judgements, rely on work being performed competently. Thus, a SAI must 
assemble the appropriate competences needed as well as provide support to 
continuing professional development.
 
» Assembling the appropriate competences
53)  In order to ensure that tasks are performed by competent staff, that resources 
are  managed  in  an  efficient  and  effective  way,  and  that  staff  work  on 
assignments for which they are competent, the SAI:
a) 
identifies the adequate knowledge and skills needed to perform each 
type of engagement required by its mandate; this may include setting up 
multidisciplinary teams that collectively have the required knowledge 
and team-working skills;
b) 
assigns staff to specific tasks according to their identified capabilities 
and according to their capacities.
22

ISSAI 130 - CODE OF ETHICS
54)  Some tasks, for example performance audits and special investigations, may 
require specialised techniques, methods or skills from disciplines not available 
within a SAI. In such cases, external experts may be used to provide knowledge 
or carry out specific tasks.
 
» Continuing professional development
55)  Maintaining and developing professional competence is a key way to keep 
up with technical, professional and business developments, to respond to a 
changing environment and increased stakeholders’ expectations. Examples of 
fields where the SAI may need to invest time and resources to remain current 
include  information  technologies,  and  evolving  public  sector  management 
and accounting frameworks.
56)  A continuous learning environment to support staff in applying and developing 
their competence is implemented by:
a) 
initial and continuous training strategies and programmes in key areas 
for the SAI’s performance;
b) 
development and updating of manuals and written guidance;
c) 
coaching, supervision and feedback mechanisms;
d) 
personal development plans;
e) 
knowledge-sharing tools, such as Intranet and databases.
APPLICATION GUIDANCE AT THE LEVEL OF SAI STAFF
57)  In meeting the requirements, SAI staff:
a) 
understand the role and tasks to be performed;
b) 
know the applicable technical, professional and ethical standards to be 
followed;
c) 
are able to work in a variety of contexts and situations, depending on 
the requirements of the job or task;
23

ISSAI 130 - CODE OF ETHICS
d) 
acquire new knowledge and abilities, updating and improving skills as 
needed.
58)  In case their expertise is not appropriate or sufficient to perform a specific 
task, SAI staff raise this with their superiors or the responsible management. 
PROFESSIONAL BEHAVIOR
59.  Requirements at the level of SAI
a)  The SAI shall be aware of the standard of professional behaviour expected 
by its stakeholders, as defined by the laws, regulations and conventions of the 
society in which they operate, and conduct their business accordingly and in line 
with their mandate.
b)  The SAI shall assist staff in adhering to that standard
60.  Requirements at the level of SAI staff
a)  SAI  staff  shall  comply  with  the  laws,  regulations  and  conventions  of  the 
society in which they operate, as well as with the guidance for their behaviour 
established by the SAI.
b)  SAI staff shall not engage in conduct that may discredit the SAI.
c) 
SAI staff shall inform their superiors about any arising conflicts between the 
SAI’s and their profession’s ethical requirements.
24

ISSAI 130 - CODE OF ETHICS
APPLICATION GUIDANCE
61)  Conduct consistent with the values of professional behaviour includes 
acting in a manner that would cause a reasonable and informed third party, 
having knowledge of relevant information, to conclude that the work meets 
applicable standards.
APPLICATION GUIDANCE AT THE LEVEL OF SAI
62)  To  promote  the  highest  standard  of  professional  behaviour  and  to  identify 
activities that are inconsistent with that standard, the SAI provides guidance 
on  expected  behaviour  and  implements  controls  to  monitor,  identify  and 
resolve inconsistencies. Key policies and controls are included in the ethics 
control  system  described  in  the  “Overall  responsibilities  of  Supreme  Audit 
Institutions” section of this Code.
63)  The leadership of a SAI promotes professional behaviour by adhering to the 
policies and procedures in place and setting an example.
APPLICATION GUIDANCE AT THE LEVEL OF SAI STAFF
64)  Staff  need  to  be  aware  of  the  SAI’s  policies  and  procedures  relating  to 
professional behaviour, of the applicable professional standards and of the 
laws, regulations and conventions of the society in which they reside, all of 
which bind them within and outside the working environment.
65)  In that context, staff need to understand the impact of their actions on the 
SAI’s credibility and to consider how their behaviour, both within and outside 
the working environment, may be perceived by colleagues, family and friends, 
auditees,  the  media  and  others.  While  expectations  of  what  constitutes 
acceptable  professional  behaviour  may  differ  depending  on  whether  one 
is  inside  or  outside  the  workplace,  staff  need  to  consider  stakeholders’ 
expectations  along  with  the  SAI’s  mandate  when  determining  a  course  of 
action. A Staff member’s position within the SAI is an important part of this 
consideration.
25

ISSAI 130 - CODE OF ETHICS
66)  The  expectations  of  stakeholders  may  vary  depending  on  the  regulations 
and conventions of the society in which SAI staff reside. However, common 
expectations include acting according to ethical values, adhering to the legal 
and  regulatory  framework  in  place,  not  misusing  their  position,  applying 
diligence and care in performing their work and acting appropriately when 
dealing with others.
67)  Staff  apply  appropriate  prudence  and  care  in  order  that  their  actions  or 
opinions do not compromise or discredit the SAI and its work, for example 
when using social media.
68)  If  a  particular  course  of  action  is  legally  permitted  but  does  not  meet  the 
standard of professional behaviour, staff avoid that course of action.
69)  Staff need to cooperate by sharing relevant knowledge and information within 
the organisation.
CONFIDENTIALITY AND TRANSPARENCY
70.  Requirements at the level of SAI
a)  The SAI shall balance the confidentiality of audit-related and other 
information with the need for transparency and accountability.
b)  The SAI shall establish an adequate system for maintaining confidentiality 
as needed, especially with regard to sensitive data.
c) 
The SAI shall provide that any parties contracted to carry out work for the 
SAI are subject to appropriate confidentiality agreements.
26

ISSAI 130 - CODE OF ETHICS
71.  Requirements at the level of SAI staff
a)  SAI staff shall be aware of the legal obligations and of the SAI’s policies and 
guidelines concerning both confidentiality and transparency.
b)  SAI staff shall not disclose any information acquired as a result of 
their work without proper and specific authority, unless there is a legal or 
professional right or duty to do so.
c) 
SAI staff shall not use confidential information for personal gain or for gain 
of third parties.
d)  SAI staff shall be alert to the possibility of inadvertent disclosure to third 
parties of confidential information.
e)  SAI staff shall maintain professional confidentiality during and after 
termination of employment.
APPLICATION GUIDANCE
APPLICATION GUIDANCE AT THE LEVEL OF SAI
72)  The SAI needs to put in place policies to appropriately provide or protect 
information and apply controls to eliminate or reduce to an acceptable level 
potential risks to confidentiality infringements.
73)  Examples of controls that the SAI may use:
a) 
establishing  policies  for  communication  with  stakeholders,  including 
the media;
b) 
regularly emphasising the importance of confidentiality;
c) 
obtaining  appropriate  declarations  of  staff’s  compliance  with 
confidentiality rules;
d) 
providing  guidance  on  what  information,  documents  and  materials 
need to be treated as confidential, and the stage of work at which they 
27

ISSAI 130 - CODE OF ETHICS
need  to  be  treated  as  confidential,  which  might  include  a  system  of 
classification and labelling of confidential information;
e) 
consulting  with  regard  to  applying  confidentiality  rules  and  legal 
requirements concerning conditions of disclosure;
f) 
providing guidance and advice for cases when professional obligation 
to  maintain  confidentiality  may  be  overridden  by  other  legal 
responsibilities  regulated  by  national  laws,  and  assigning  specific 
procedures for reporting on such cases;
g) 
safe storage conditions of information in any form (paper, electronic, 
audio, etc.);
h) 
appropriate  allocation  of  access  rights  to  archives,  IT  systems  and 
physical areas;
i) 
procedures for disposing of data storage devices, either in paper or 
electronic form.
APPLICATION GUIDANCE AT THE LEVEL OF SAI STAFF
74)  Staff need to appropriately protect information and not to disclose it to third 
parties unless they have proper and specific authority, or there is a legal or 
professional right or duty to do so.
75)  Examples of controls/safeguards that may be applied at the individual level:
a) 
within the SAI, using professional judgement to respect the 
confidentiality of information; in particular, keep the confidentiality of 
information  in  mind  when  discussing  work-related  issues  with  other 
employees;
b) 
in the case of doubt whether suspected breaches of laws or regulations 
should  be  disclosed  to  appropriate  authorities  (or  parties),  consider 
obtaining legal advice available within the SAI to determine the 
appropriate course of action in the circumstances;
c) 
in  private  life,  maintaining  confidentiality  within  the  family,  social  or 
28

ISSAI 130 - CODE OF ETHICS
other environments, including social media;
d) 
securing electronic data carriers, such as laptops and portable data 
storage devices;
e) 
maintaining the confidentiality of passwords.
29

Document Outline