Skip to Content

Building a Better Auditor: Managing Confidentiality and Objectivity

Blogs Molla Mohammad Aourongazeb, CIA, IAP, CFE Aug 25, 2025

The path to effective auditing is paved with good relationships, but these must never come at the expense of professional integrity. Internal auditors are expected to maintain ethical conduct in all aspects of their work, including protecting confidential information and making impartial judgments.

However, challenges or perceived challenges to objectivity and impartiality do occur even though the auditors involved may have the best intentions. Ignoring these situations is not a good plan. By not managing the dilemmas, negative perception can increase and create more issues for the auditor.

Fortunately, the IIA’s Global Internal Audit Standards provide both the clarity of principle and practical steps needed to navigate such situations. Here are some examples of the dilemmas internal auditors face regularly and how the Standards can help us solve the problems.

Scenario 1: Navigating Confidentiality with Stakeholder Expectations

Mr. Kamal is an internal auditor in a renowned multinational company working as a commercial auditor. Understanding the function and stakeholders is vital, hence Mr. Kamal regularly meets the different functional leads to build rapport. His objective is to understand functions and gain valuable insights on challenges and priorities, which he hopes will ultimately help achieve good audit outcomes. The functional leads also find Mr. Kamal to be cooperative, easy-going, and engaging, which they don't usually expect from auditors. Once the functional leads began engaging with Mr. Kamal and sharing insights, they grew to trust him. However, in return, they expected him to share a few confidential pieces of information, especially related to audits, investigations, or potential consequences. If Mr. Kamal becomes rigid, this could hinder collaboration and their willingness to share insights, as they treat the relationship as a “give and take.”

The Dilemma: How will Mr. Kamal protect confidential information and build a rapport with functional stakeholders?

Principal 2 of the Standards says, “Internal auditors maintain an impartial and unbiased attitude when performing internal audit services and making decisions.” Standard 5.2 Protection of Information also indicates that “Internal auditors must be aware of their responsibilities for protecting information and demonstrate respect for the confidentiality, privacy, and ownership of information acquired when performing internal audit services or as the result of professional relationships.”

Hence, Mr.  Kamal is prohibited from disclosing any information for the purpose of building rapport. While building rapport can facilitate smoother interactions, the auditor should maintain a professional distance to ensure confidentiality is not compromised and to preserve the credibility of audits.

Scenario 2: Friendships That Cloud Judgment

Mr. Sujit recently joined the internal audit team from operations, where he had worked for several years. As a homegrown talent, Mr. Sujit already had a strong rapport with various functional teams before joining internal audit. These relationships developed through interactions that went beyond formal work matters. He occasionally has lunch with people, visits colleagues’ homes, travels with them on business trips, and accepts souvenirs from his colleagues’ travel. These friendships also help Mr. Sujit in his audits and investigations.

The Dilemma: How can Mr. Sujit maintain his objectivity during the audit engagement while maintaining good relationships with stakeholders?

Standard 2.2 Safeguarding Objectivity emphasizes that “Internal auditors must recognize and avoid or mitigate actual, potential, and perceived impairments to objectivity. Internal auditors must not accept any tangible or intangible item, such as a gift, reward, or favor, that may impair or be presumed to impair objectivity.” While Mr. Sujit can maintain a good rapport with colleagues, he must refrain from taking gifts or souvenirs. Auditors should not entertain anything that could create a conflict within their own mind.

Scenario 3: When Familiarity Breeds Mistrust

Mr. Evans, an auditor, has a very good, professional relationship with one of the procurement supervisors. Mr. Evans is also responsible for procurement audits. He has visited the supervisor’s office and talked with her for extended periods of time in front of other colleagues. Mr. Evans also maintains a good relationship with her subordinates. However, one of these employees believes that his supervisor has a potentially advantageous relationship with the vendor and may be personally benefiting from undue advantage of a vendor. Though he wants to discuss this issue with Mr. Evans, he feels uncomfortable, as his perception is that manager is “close to Mr. Evans,” the auditor. Thus, he has refrained from sharing his insights with the auditor.

The Dilemma: Has Mr. Evans’ positive relationships with stakeholders led to mistrust among their subordinates?

Here again auditors must maintain objectivity (Principal 2) where the Standard suggests “Internal auditors maintain an impartial and unbiased attitude when performing internal audit services and making decisions.” Mr. Evans could demonstrate more formal etiquette, so he doesn’t appear to overtly favor the supervisor. Auditors should display professional attitudes throughout the working group to avoid negative perception among employees.

Here are additional tips on avoiding ethical dilemmas:

Establish Clear Ethical Guidelines

  • Comply with auditing standards that have been recently published and emphasize objectivity and independence.
  • Reinforce audit team's adherence to a code of ethics, particularly regarding conflict of interest, confidentiality, and professional behavior.

Ensure Risk-Based Stakeholder Engagement

  • Prioritize stakeholder engagement based on the impact and influence each has on the audit.
  • Avoid over-engagement with high-power individuals who may try to influence audit outcomes.

Understand Perceived Biasness and Act Accordingly

  • Reflect on how visible interactions may be interpreted or misinterpreted.
  • Maintain a professional distance in visible settings.

Create Psychological Safety for Disclosures

  • Potential whistleblowers may remain silent if an auditor is perceived as too close to a function. Using anonymous or whistleblowing channels for staff to raise concerns about audit objectivity is a way to counter this.
  • Clearly communicate the escalation mechanisms when stakeholders feel auditors may be compromised.

Even well-meaning auditors can face difficult choices when boundaries blur. The Global Internal Audit Standards can help auditors understand how to manage these scenarios. It is now up to internal audit leaders to embed these standards in day-to-day practice through policies, training, and culture.

The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of The Institute of Internal Auditors (The IIA). The IIA does not guarantee the accuracy or originality of the content, nor should it be considered professional advice or authoritative guidance. The content is provided for informational purposes only.

Molla Mohammad Aourongazeb, CIA, IAP, CFE

Molla Mohammad Aourongazeb is senior general manager of internal audit for Robi Axiata PLC based in Dhaka, Bangladesh.