Ethics are a crucial component of every organization and are broadly defined as the values and principles that govern and shape behaviours and leadership. According to a recent study by Gallup, only 20 percent of employees surveyed strongly agreed that they trusted the leadership of their organization. Forbes estimates that Generation “Z” will constitute 27 percent of the workforce in OECD countries and one-third of the Earth’s population by the end of 2025. This generation is demanding greater ethical decisions and transparency from leaders more than any other generation before them.
The importance of ethical leadership, particularly in internal audit cannot be overstated. Organizations have moved beyond a set of simple ethics, such as: “Don’t lie” and “Don’t cheat,” to operating in a more socially responsible and sustainable manner, both for long-term success and to promote positive change within internal audit, the industry, in our communities, and the wider world.
There have been numerous cases of ethical lapses in large organizations across the world, with some leading to regulatory changes on a global scale. While ethical considerations have always existed for internal audit leaders, they are once again under the spotlight due to the emergence of new technologies, such as Artificial Intelligence (AI) and Machine Learning (ML). Organizations are eager to adopt these technologies to their advantage, both within internal audit departments and the organization at large.
Additionally, there is a continuing focus on Environmental, Social, and Governance (ESG) factors. Investors and stakeholders are now considering non-financial factors in their decisions, alongside traditional financial metrics, to assess an organization’s sustainability and ethical impact.
Changes in the Regulatory Environment
As a result of changing landscapes and emerging technologies, regulation and reporting requirements have evolved, leading to increased pressure on internal audit leaders as demand for transparency reporting has grown. In the field of ESG, there are numerous guiding principles, frameworks, rating agencies, measurement targets, and regulation, such as the Corporate Sustainability Regulation Directive (CSRD) and the European Union Deforestation Regulation (EUDR). All of these support transparency reporting and help to prevent any potential “greenwashing.”
In the field of AI, The EU AI Act was officially approved by the European Parliament in March 2024, with a staggered timeframe for its full implementation. The legislation aims to regulate AI systems and establish baseline standards for high-risk AI systems. Additionally, there are other pending legislations under development across the world, including in Japan, Brazil, and Canada. Compliance with such regulation allows organizations to demonstrate to investors, employees, and customers that they are acting in the best interests of society.
Leadership Challenges in Today’s Environment
Over the past 20 years, many organizations ranging from banking, aviation, and telecommunications to professional services firms, have suffered significant consequences due to ethical lapses by their leaders. These lapses can stem from various drivers, including deliberate intentions driven by personal gain, regulatory complexity, client pressures, cultural issues, conflict of interest, insufficient knowledge or training (especially in new and complex areas), and profitability, cost, or time pressures.
The rapid evolution of global regulatory compliance requirements in areas such as AI, privacy, and ESG has introduced significant complexity. This has forced internal audit leaders to make quicker decisions, often in unfamiliar and developing areas. The increased pressures and ambiguity associated with complying with these regulations cannot be understated.
Innate human Behaviors
Daniel Kahneman, in his book “Thinking. Fast and Slow,” explains how humans have two modes of decision-making. System One is our intuitive system, which is fast, automatic, effortless, and emotional. System Two is our more deliberative thinking, which is slower, conscious, effortful, and logical. Most humans make the majority of their decisions using System One. This suggests that internal leaders may have an innate cognitive barrier that prevents them from being as ethical as they wish to be. This barrier is often more unintentional than deliberate.
Monitoring Ethical Challenges
While there has been an increase in ethical standards and codes of conduct across all professional bodies—including the new Institute of Internal Auditor’s Global Internal Audit Standards, the International Code of Ethics for Professional Accountants (IESBA), and the National Institute of Standards and Technology (NIST) Code of Ethical Conduct—there is no universally agreed-upon method to measure them. For example, how does an organization determine if a leader is acting and behaving ethically?
Many organizations create and implement ethics programs to set and monitor compliance with broader enterprise goals. However, these goals can differ within the enterprise, large departments, and even within teams in the same department. Without regular assessment of basic, expected fair behaviours and a culture of leadership, unjust practices and unethical or unprofessional acts can be encouraged, causing extensive damage to the organization. As history has shown, this can lead to significant reputational damage and even the downfall of the organization.
Top 10 Ways to Enhance Ethical Practices in Internal Audit and Across the Organization
Internal audit leaders can create more value by shaping the environment in which they operate. These include:
1. Setting the “Tone from the Top”
The U.S. Sarbanes-Oxley Act of 2002 popularised the phrase “tone at the top,” which means that employees take their cues from the leadership team. Promoting ethical decision-making at all levels of leadership and ensure ethical governance structures are in place is crucial for fostering a culture of integrity and accountability.
2. Creation of a “Speak up Policy”
A clearly communicated policy to assist employees in reporting instances of ethical lapses.
3. Formation of Ethics Committees & Champions
Reporting on ethical dilemmas and regularly evaluate mechanisms for reporting unethical behaviour. Ethics committees can also support ethics champions who are strategically embedded within internal audit and business lines as a resource when leaders are at risk of ethical fatigue or unintended ethical lapses. These ethics champions are also best placed to provide regular ethics training and promote ethics checklists to help internal audit leaders identify ethical threats.
4. Design Cross-Functional Teams
Developing and promoting cross-functional teams allows all key stakeholders to be involved in the ethical decision-making process. This approach ensure appropriate oversight and approvals at key stage gates, especially where ethics may be under greater scrutiny.
5. Combine Process Controls with Strategy
Build in process controls at the same time the strategy is developed to reduce the risk of unintended ethical consequences.
6. Build Knowledge of Emerging Technologies and Regulation
A sound understanding of emerging technologies and associated regulation is critical to reducing risk of compromising professional competence and due care. Business leaders, and second and third line of defence assurance providers must be able to identify, interpret, and evaluate the risks associated with emerging technologies to be able to recommend appropriate mitigations.
7. Continuous Learning
Continuous learning on ethics topics and case studies is essential to stay updated with the latest standards, regulations, and best practices.
8. Mental Health and Wellbeing Programs
Creating and implementing support structures to promote mental health awareness can significantly reduce pressures and scenarios where ethical fatigue may increase.
9. Role of Assurance Functions
Assurance providers, such as Internal Audit, play a crucial role in evaluating factors related to organizational ethics and culture, including conducting culture and strategy audits. These functions should also conduct audits of emerging technologies and areas impacted by new regulations, such as those related to ESG or AI, to protect against misuse of technology or “greenwashing” by auditing key ESG metrics.
10. Enhance Data Visibility
Using data to “tell the story” can assist internal audit in identifying gaps and tracking performance metrics against key goals. This includes sharing data with relevant teams and stakeholders to ensure transparency and accountability.
Promoting Transparency in Ethical Processes
Internal audit leaders play a crucial role in ensuring that technologies are designed and deployed ethically, adding value to organizations and society, and driving profits. To behave ethically and earn trust in an evolving digital age, internal audit and organizational leaders must quickly learn and digest new information, applying their judgement to situations they may not have encountered before.
Many organizations struggle with how to respond when their leaders reject Kahneman’s “system two thinking” and even truth itself. Promoting transparency in ethical processes, establishing standard practices, and ensuring appropriate oversight and stakeholder involvement are critical. Assurance functions have been a crucial step in ensuring that organizations adhere to their core processes and regulatory requirements. These functions can reveal how well or poorly organizations align with expected standards, ensuring confidence in the organization’s solutions and ethical approach.
Jasdeep Gill, CISA, CISM, CIA, CFE, is a Senior Internal Audit Manager at a FTSE top 10 information and analytics company, based in London. Her experience spans more than 20 years and covers internal audit, risk management, information security, compliance, corporate governance, and emerging technologies.