Skip Ribbon Commands
Skip to main content

Practice Guide: Auditing Conduct Risk
Recommended Guidance 

Practice Guide: Auditing Conduct RiskThe issue of conduct is not easily separated from an organization’s culture; rather, it is a distinct segment of culture as a whole.

Internal auditors can add value by assessing and reporting on their organization’s conduct risk management. The internal audit activity can help drive strong internal control risk management frameworks (including conduct risk) that align with stakeholder expectations, supporting boards, audit committees, and executive management in their oversight roles.

This guidance will enable internal auditors to understand:

  • The business significance of conduct risk in an organization’s control environment.
  • The key components of conduct risk.
  • Key stakeholder (including regulator) concerns and expectations related to conduct risk.
  • Internal audit’s role in assessing and reporting on organizational culture and management of conduct risk.
  • An approach to assess and report on an organization’s culture and management of conduct risk.

Downloads and Links

Practice Guides are restricted to IIA members only.

Non-members may purchase this Practice Guide from the IIA Bookstore.


An updated edition of the International Professional Practices Framework (IPPF) guide, more commonly known as the Red Book, is now available. Visit the IIA Bookstore for more information.