Internal Auditing

Mission Statement

Internal Auditing's mission is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

Internal Auditing Information

Code of Ethics

HCC's Internal Audit Department operates under The Institute of Internal Auditors (The Institute) Code of Ethics that states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, and behavioral expectations rather than specific activities.

Introduction to the Code of Ethics

The purpose of The Institute's Code of Ethics is to promote an ethical culture in the profession of internal auditing.

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about governance, risk management, and control.

The Institute's Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components:

  1. Principles that are relevant to the profession and practice of internal auditing.
  2. Rules of Conduct that describe behavior norms expected of internal auditors. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors.

"Internal auditors" refers to Institute members, recipients of or candidates for IIA professional certifications, and those who perform internal audit services within the Definition of Internal Auditing.

Applicability and Enforcement of the Code of Ethics

This Code of Ethics applies to both entities and individuals that perform internal audit services.

For IIA members and recipients of or candidates for IIA professional certifications, breaches of the Code of Ethics will be evaluated and administered according to The Institute's Bylaws and Administrative Directives. The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, the member, certification holder, or candidate can be liable for disciplinary action.

Code of Ethics — Principles

Internal auditors are expected to apply and uphold the following principles:

  1. Integrity
    The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.
  2. Objectivity
    Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
  3. Confidentiality
    Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
  4. Competency
    Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Rules of Conduct

1. Integrity

Internal auditors:

1.1.Shall perform their work with honesty, diligence, and responsibility.

1.2.Shall observe the law and make disclosures expected by the law and the profession.

1.3.Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

2. Objectivity

Internal auditors: 

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization. 

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

3. Confidentiality

Internal auditors:

3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

4. Competency

Internal auditors:

4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards).

4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.


Internal Audit Standards

The Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors, Inc., generally accepted governmental auditing standards and the certified Internal Auditor Code of Professional Ethics shall serve as guidelines for Houston Community College System internal audit activities as required by the Texas Internal Auditing Act.

* Standards for the Professional Practice of Internal Auditing - issued by the Institute of Internal Auditors.

* Generally Accepted Governmental Auditing Standards - issued by the US General Accounting Office, Comptroller General.

* The Certified Internal Auditor Code of Professional Ethics - issued by the Institute of Internal Auditors.



In accordance with Board Policy, Internal Audit is responsible for assessing the various functions and control systems within HCCS and for advising management concerning their condition. The fulfillment of this accountability includes:

  • Developing a flexible risk based annual internal audit plan with input from Senior Management and the Board of Trustees as required by IIA Standard 2010. A1 and submit the audit plan to the Audit Committee for review and the Board for
  • Reviewing and adjusting the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls with Audit Committee review and Board approval.
  • Meeting regularly with the Board Audit Committee to provide updates by reviewing audits performed, audits in progress, future audits, and sufficiency of the Department resources.
  • Conducting independent and constructive audits to review effectiveness of controls, financial records, operations, or to review departmental records, the proper recording of transactions, and compliance with applicable rules, regulations, policies, and procedures, including evaluation for potential fraud and effectiveness of fraud controls.
  • Analyzing data obtained for evidence of deficiencies in controls, integrity, duplication of effort, or lack of compliance with College policies and
  • Conducting audits that examine the effectiveness of the governance, risk management, and internal control processes in promoting the achievement of strategic objectives concerning all reporting, operations, safeguarding of assets, and compliance.
  • Investigating allegations of fraud, waste, abuse and other wrongdoing as appropriate and in accordance with Board Policy, and coordinating such investigations as needed with Legal Counsel or the HCCS Police.
  • Evaluating the design, implementation, and effectiveness of HCCS ethics-related objectives, programs, and activities.
  • Assessing whether information technology governance effectively supports HCCS strategies and objectives.
  • Offering Advisory services; Internal Control or Fraud training; Control Self- Assessment (CSA) services, and other audit technique workshops as
  • Coordinating audit efforts with those of external financial auditors and acting as a liaison for other external auditors.
  • Coordinating efforts with other control monitoring functions within HCCS (risk management, compliance, security, legal, ethics, safety and environment, police, human resources, and information technology).
  • Maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter and ensure that personnel in the Department have appropriate continuing education to foster advancement of technical knowledge and

Approved by the Board of Trustees April 19, 2023


Contact Us

Internal Auditing

Compliance & Ethics »

Suite 11E13 P.O. BOX 667517, MC 1122 3100 Main Street, Houston, TX 77002