Code of conduct
The quality of the performance of the activities of a Registered IT Auditor (RE) is guaranteed, among other things, because an RE adheres to NOREA’s Code of Ethics for IT auditors. This code of conduct prescribes the manner in which an IT auditor may accept an assignment and which regulations must be observed when carrying out an assignment. In case of non-compliance with the code of conduct, an RE may be held accountable before the Disciplinary Board.
From Noordbeek, all assignments are carried out under the supervision of a senior employee.
Impartiality
Impartiality is central to investigations and consultancy assignments. Noordbeek Certification together with Noordbeek B.V. always make a choice whether one of them goes to a client for an implementation assignment, or for an attestation function. A combination of these two at a client is not permitted.
Noordbeek Certification ensures financial independence from an individual client by diversifying the portfolio. We try to serve as many clients as possible in different markets and industries in order to avoid vulnerability and dependence on a dominant client.
Noordbeek Certification ensures that it has the right competencies for every assignment. If they are not available internally, they are hired from colleagues who endorse the ethical standards and values of Noordbeek Certification. If such colleagues are not available, the assignment will be refused.
Employees of Noordbeek Certification are not allowed to perform additional functions, unless they have been registered and approved by the director. This involves examining to what extent these ancillary positions pose risks to impartiality and independence in the formation of judgements, and whether they conflict with the status of the profession.
Employees must report significant (financial) interests in an organization where they have been assigned an assignment to the director of Noordbeek Certification. The director will decide whether the employee will be assigned to the assignment in question. Noordbeek Certification works with teams and completed work is assessed by the entire team.
Responsibility
The certified client, and not Noordbeek Certification, is responsible for consistently achieving the intended results of implementation of the management system standard and conformity with the requirements for certification.
Noordbeek Certification has the responsibility to assess sufficient objective evidence on which to base a certification decision. Based on audit conclusions, the Certification Committee makes a decision to grant certification if there is sufficient evidence of conformity, or not to grant certification if there is insufficient evidence of conformity.
Note: Each audit is based on sampling within an organization's management system. Therefore there is no guarantee of 100% compliance with the requirements.
Openness
Noordbeek Certification provides public access to, or discloses, appropriate and timely information about its auditing and certification process, and about certification status (namely, granting, maintaining certification, expanding or reducing the scope of certification, renewing, suspending or restoring or revoking certification) of an organization, to gain confidence in the integrity and credibility of certification. Openness is a principle of access to or disclosure of appropriate information.
In order to gain or maintain confidence in certification, Noordbeek Certification provides appropriate access to, or disclosure of, non-confidential information about the conclusions of specific audits (e.g. audits following complaints) to specific interested parties.
Independence and objectivity
Noordbeek Certification and its auditors follow the Code of Ethics of IFAC, NOREA and ISACA. This states that they may not have any interest in the organizations where they conduct research, even to prevent the appearance of a conflict of interest.
Investigations are conducted independently and objectively. As soon as an employee of Noordbeek Certification has the impression that management or an employee of one of the parties involved is trying to steer the investigation or judgment in an undesirable direction, the director of Noordbeek Certification must be informed.
To guarantee internal independence, all certificates to be delivered are issued after approval by the Certification Committee.
Noordbeek Certification wants to exude confidence and operate as a trusted and impartial partner in the market. Conflicts of interest and implications of partiality must therefore be avoided. Before commencing an assignment, all employees must therefore inform the director of any interests in a party to be audited or certified.