Code of Ethics

"Fast learning is a unique organizational competency.

It’s the ultimate source of long term, sustainable competitive advantage."


The purpose of The GRC Sphere’s Code of Ethics is to promote an ethical culture for members management and staff that participate or run an industry consortium structure that’s devoted to industry benchmarking and practice areas relating to Governance Risk Compliance (GRC) functions, processes and services.

Our members, management and staff are involved in work that is very similar to an internal audit function. We often take on an independent, objective assurance and consulting role designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

A code of ethics is necessary and appropriate for our industry consortium, founded as it is on the trust placed in its objective assurance about risk management, control, and governance. The GRC Sphere's Code of Ethics extends beyond the definition of GRC and internal auditing to include two essential components:

  • Principles that are relevant to the profession and practice of industry benchmarking, internal auditing and GRC practices.
  • Rules of Conduct that describe behavior norms expected of members, management and staff. These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of members, management and staff.

The Code of Ethics together with other relevant pronouncements provide guidance to members, management and staff serving others.

Applicability and Enforcement

This Code of Ethics applies to members, management and staff that are involved in industry benchmarking and GRC-related services.

The fact that a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable, and therefore, members, management and staff can be liable for disciplinary action.


  • Integrity - The integrity of members, management and staff establishes trust and thus provides the basis for reliance on their judgment.
  • Objectivity - Members, management and staff exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Members, management and staff make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
  • Confidentiality - Members, management and staff respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.
  • Competency - Members, management and staff apply the knowledge, skills, and experience needed in the performance of industry benchmarking and GRC-related services.

Members, management and staff are expected to apply and uphold the following principles:

Rules of Conduct

1. Integrity

Members, management and staff:

  • 1.1 Shall perform their work with honesty, diligence, and responsibility.
  • 1.2 Shall observe the law and make disclosures expected by the law and the profession.
  • 1.3 Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
  • 1.4 Shall respect and contribute to the legitimate and ethical objectives of the organization.
2. Objectivity

Members, management and staff:

  • 2.1 Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
  • 2.2 Shall not accept anything that may impair or be presumed to impair their professional judgment.
  • 2.3 Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.
3. Confidentiality

Members, management and staff:

  • 3.1 Shall be prudent in the use and protection of information acquired in the course of their duties.
  • 3.2 Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.
4. Competency

Members, management and staff:

  • 4.1 Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
  • 4.2 Shall perform industry benchmarking and GRC-related services in accordance with the International Standards for the Professional Practice of Internal Auditing.
  • 4.3 Shall continually improve their proficiency and the effectiveness and quality of their services.

Adopted by The GRC Board of Directors, January 1st, 2016

Copyright © 2015 by The GRC Sphere, PO Box 152 Still River, MA -1467-0152.

Who do I contact if I have questions about the Code of Ethics?

GRC Sphere Member Support: Phil Wilson

Contact Information:
Phone Number: North America and Outside North America 1.978.456.8253