Authors Joshua Bucheli,
License CC-BY-NC-ND-4.0
FORHUMANITY CERTIFIED
AUDITORS (FHCA)
CODE OF ETHICS
AUTHORED BY THE FORHUMANITY ETHICS COMMITTEE
CHAIRED BY JOSHUA BUCHELI
ForHumanity, a 501(c)(3) public Charity https://forhumanity.center CC 4.0 BY-ND-NC
Table of Contents
PREAMBLE: - Pg. 3-5
What is a Code of Ethics and what is this Code of Ethics for?
What are ForHumanity Certified Auditors?
FHCAs shall uphold, at all times, ForHumanity’s principles and values
when carrying out their work
With respect to this Code, ForHumanity shall
1. Using The Code to Make Ethical Choices - Pg. 5
1.1 Establishing a Moral Framework for ForHumanity Certified Auditors - Pg. 6
1.1.1 Who relies upon this Code of Ethics and Professional Conduct? - Pg. 6
1.1.2 Why is this Code necessary? - Pg. 7
1.1.3 Why are there risks of unethical behaviour? - Pg. 7
1.1.4 Are FHCAs under scrutiny? - Pg. 7
1.1.5 Are FHCAs subject to influence that might be against this Code? - Pg. 8
1.2 What is an Ethical Choice? - Pg. 8
1.3 Approaching Ethical Choices: SCIAR - Pg. 9
1.4 Reporting - Pg. 9
When?
How?
1.5 Reporting requirements FHCAs - Pg.10
2. General Ethical Principles/Shared Moral Framework - Pg. 11
2.1 For Humanity - Pg. 11
2.2 Trust - Pg. 12
2.3 Independence & Objectivity - Pg. 13
2.4 Confidentiality & Privacy - Pg. 14
2.5 Professionalism - Pg. 15
3. Inappropriate behaviour for FHCAs - Pg. 16
4. Relevant Legal Frameworks - Pg. 17
4.1 Human Rights - Pg. 18
4.2 Equality/Anti-Discrimination Related Laws, Frameworks, and
Regulations - Pg.19
4.3 Access to Goods and Services Related Laws, Frameworks,
and Regulations - Pg. 19
4.4 Child Related Laws, Frameworks, and Regulations - Pg. 19
4.5 Laws, Frameworks, and Regulations on the Use and Application of Artificial
Intelligence, Algorithmic, and Autonomous Systems - Pg. 19
ForHumanity, a 501(c)(3) public Charity 1 https://forhumanity.center CC 4.0 BY-ND-NC
4.6 Other Relevant Risks Associated With Independent Auditing - Pg. 20
4.6.1 Confidentiality/Privacy Laws, Frameworks, and Regulations - Pg. 20
4.6.2 Intellectual Property Laws, Frameworks, and Regulations - Pg. 20
4.6.3 Personal gain/bribery Laws, Frameworks, and Regulations, OFAC, Anti-
money laundering, or otherwise prohibited entity dealings - Pg. 20
4.6.4 Record and documentary evidence retention - Pg. 20
4.7 Further Resources for FHCAs (to be consulted whenever applicable): - Pg. 21
5. Compliance with the Code: - Pg. 21
5.1 Revocation: - Pg. 21
5.2 Violating the Shared Moral Framework: - Pg. 21
5.3 Violating Relevant Legal Frameworks: - Pg. 22
5.4 Your Point of Contact - ForHumanity’s Ethics Committee - Pg. 22
5.5 Sanctions available to the Ethics Committee and/or Board of Directors - Pg. 23
5.6 Auditors certified according to ForHumanity’s certification schemes
outside of ForHumanity: - Pg. 24
APPENDIX - Pg. 25
- Definitions - Pg. 25-26
- Examples of potential ethical choices that FHCAs may face: - Pg. 27-31
- Examples of Relevant Legal Frameworks
(Section 4 in the Code of Ethics): - Pg. 31-33
- (4.1) Human Rights
- (4.2) Equality/Anti-Discrimination Related Laws, Frameworks, and Regulations
- (4.3) Access to Goods and Services Related Laws, Frameworks, and Regulations
- (4.4) International Auditing Laws, Frameworks, and Regulations
- (4.5) Child Related Laws, Frameworks, and Regulations
- (4.6) Laws, Frameworks, and Regulations on the Use and Application of Artificial
Intelligence, Algorithmic, and Autonomous Systems
- (4.7) Other Relevant Risks Associated With Independent Auditing
- (4.7.1) Confidentiality/Privacy Laws, Frameworks, and Regulations
- (4.7.2) Intellectual Property Laws, Frameworks, and Regulations
- (4.7.3) Personal gain/bribery Laws, Frameworks, and Regulations, OFAC, Anti-
money laundering, or otherwise prohibited entity dealings
- (4.8) Further Resources for FHCAs (to be consulted whenever applicable):
ForHumanity, a 501(c)(3) public Charity 2 https://forhumanity.center CC 4.0 BY-ND-NC
ForHumanity Certified Auditors (FHCAs)
Code of Ethics
Preamble What is a Code of Ethics and what is this
Code of Ethics for?
The Code of Ethics* is both a commitment that For Humanity
Certified Auditors (FHCAs) must agree to and a guide that FHCAs can
and should turn to when confronted with instances of Ethical Choice
(see section 1.2).
The Code sets out ForHumanity's shared moral framework** (i.e. its
values and principles) and the associated standards of responsible and
professional conduct for FHCAs, encompassing due consideration of
Relevant Legal Frameworks (see section 4) and relevant risks to:
human rights
equality
anti-discrimination
access to goods and services
other issues associated with the independent auditing of AI,
algorithmic, and autonomous systems.
The Code is drafted and kept up to date by the ForHumanity Ethics
Committee (see section 5.4). It is a 'living' document that will be
updated annually and any comments, feedback, or constructive
criticisms are therefore welcome.
Any questions or feedback regarding this Code can be directed to
ForHumanity's Ethics Committee at
ethicscommittee@forhumanity.center
*Terms that are Capitalised and Bolded are terms with an official, agreed upon definition within ForHumanity. See the ‘Definitions’ section in the appendix.
** Terms that are bolded in lowercase are key terms with particular relevance to the Code.
ForHumanity, a 501(c)(3) public Charity 3 https://forhumanity.center CC 4.0 BY-ND-NC
Preamble What are ForHumanity Certified Auditors?
ForHumanity Certified Auditors (FHCAs) are certified
practitioners who have completed the necessary training to be
considered qualified to audit companies for compliance with
designated ForHumanity certification schemes or to provide
certification schemes for data Processors, Controllers and Joint
Controllers (Auditees). These schemes may be applied to one or
more specific Personal Data processing activities that involve AI,
algorithmic, or autonomous systems in both pre-audit compliance
preparation and final independent audit assurance.
FHCAs exist, first and foremost, to help ensure that an
infrastructure of trust surrounds the use of AI, algorithmic, and
autonomous systems - for the public. FHCAs ensure compliance
with ForHumanity audit criteria that represent government
approved certification schemes encompassing the law or human
centric, ethical audit criteria representing best practice.
Auditing is an integral part of ForHumanity’s mission, and FHCAs
must commit to upholding ForHumanity’s shared moral framework
(see section 2), as outlined in this Code of Ethics as well as the
FHCA Code of Professional Conduct.
FHCAs shall* uphold, at all times, ForHumanity’s principles
and values when carrying out their work:
1. They shall recognise and honour their duty to act in the best
interests of society, the public, and humanity
2. They shall conduct themselves in a professional and
trustworthy manner and act with integrity, objectivity, and
due consideration for privacy and confidentiality
3. They shall be knowledgeable about and abide by all Relevant
Legal Frameworks as they relate to Certification Schemes and
the professional conduct for which they are certified
including, but not limited to those laid out in this Code
* ForHumanity abides by ISO standards for the use of Shall/Should/May. Shall is the equivalent of a ‘Must’ statement and means ‘required to’
ForHumanity, a 501(c)(3) public Charity 4 https://forhumanity.center CC 4.0 BY-ND-NC
Preamble With respect to this Code, ForHumanity shall:
1. Ensure that this Code is overseen and kept up to date by the
Ethics Committee
2. Ensure that the Ethics Committee subjects this Code and the
values and practices contained herein to an annual review or
reconfirmation
3. Publish this Code in the FHCA Handbook.
4. Make this Code publicly available on its website
https://forhumanity.center/FHCAcodeofethics
5. Make newly certified FHCAs aware that the Code can be
found in the FHCA Handbook.
a. FHCAs shall annually reaffirm their commitment to the
Code of Ethics and Professional Conduct with consecutive
quarterly quizzes designed to cover the Code
6. Conduct yearly training sessions (Continuing Education) for
FHCAs on complying with this Code and on how to use it in
their daily work.
ForHumanity, a 501(c)(3) public Charity 5 https://forhumanity.center CC 4.0 BY-ND-NC
1. Using the Code to Make Ethical Choices
This Code serves as a guide for sound ethical decision-making
providing FHCAs with the boundaries within which they should
operate and the tools with which to navigate ethically pertinent
situations.
1.1 Establishing a Moral Framework for FHCAs
1.1.1 Who relies upon this Code?
There are five primary parties who rely on the Code:
1) FHCAs and their employers: FHCAs will rely on this Code and
the moral framework set out within it to guide their professional
conduct. Auditing automated systems on behalf of FH requires
adherence to the audit scheme in question and to ForHumanity’s
wider moral framework.
2) FHCAs and their employees: While under the management of
FCHAs, individuals may not themselves be held to this Code,
however, FHCAs must ensure that their employees or trainees are
abiding by it as a part of their own responsibility to this Code.
3) Auditees (receivers of the FHCA’s service): Auditees rely on
the existence of this Code in order to trust that FHCAs will behave
according to the standards contained herein.
4) ForHumanity: ForHumanity relies on the moral framework set
out in this Code in order to be satisfied that FHCAs, as its
representatives, are upholding and advancing its mission, vision,
principles, and values.
5) Humanity (Public): Humanity (sometimes referred to as “the
public”) must be able to rely on this Code in order to have trust that
certifications issued by FHCAs are compliant with the Code, and
therefore ethically applied, trustworthy, thorough, consistent,
professionally conducted, timely, and complete.
ForHumanity, a 501(c)(3) public Charity 6 https://forhumanity.center CC 4.0 BY-ND-NC
1.1.2 Why is this Code Necessary?
The Code is necessary because FHCAs will encounter people and
entities who will not share this Code of Ethics and Professional
Conduct. It serves as a reminder to the FHCA of the shared moral
framework that we collectively choose to abide by. Outwardly, we as
professionals disclose this Code of Ethics and the Code of
Professional Conduct to transparently communicate our shared
moral framework so that others can rely and count upon our
actions and responses.
1.1.3 Why are there risks of unethical behaviour?
FHCAs carry a considerable degree of responsibility. They are
granted access to sensitive information, their audit decisions have
considerable impacts on auditees and on humanity more broadly, and
their work reflects on ForHumanity. Unethical behavior on their part
can have substantial consequences for a wide range of stakeholders
in a wide variety of ways. (see appendix for examples)
Tensions exist between FHCAs and auditees. FHCAs perform
services over auditees to whom they owe a duty of care and
contractual obligation. However, the role of an independent auditor
balances that contractual obligation with a higher authority to the
public to provide fair and accurate assurance of compliance.
Natural tension is rooted in the roles, responsibilities, contractual
and moral obligations of FHCAs and may increase the risk of
coercion and misconduct. The work of FHCA’s is important and may
have far-reaching consequences that impact individuals and
organizations. This may result in a temptation to behave improperly.
It is vital that FHCAs operate strictly in accordance with the Code,
which equips them with the appropriate guidance and transparent
moral framework to contend with ethical choices (see appendix for
examples).
1.1.4 Are FHCAs under scrutiny?
The nature of the work of an FHCA is to be under scrutiny. They are
certified practitioners - that is a high standard. They are required
to uphold this Code of Ethics and the Code of Professional Conduct
- these are high standards. The work performed by an FHCA
impacts the organisations they audit, the entities who employ them,
the regulators and governments who accredit them, and the public
which relies upon their certifications.
ForHumanity, a 501(c)(3) public Charity 7 https://forhumanity.center CC 4.0 BY-ND-NC
Artificial Intelligence, algorithmic, and autonomous systems and the
processing of Personal Data have proven to have substantial impacts
on the rights and freedoms of all people. The governance,
accountability, and oversight of these systems is critical, and
asserted compliance may become available for review by many
authorities or the public.
1.1.5 Are FHCAs subject to influence that might be in
violation of this code?
Artificial Intelligence, algorithmic, and autonomous systems and the
processing of Personal Data are ubiquitous. These systems are
high-stakes operations for myriad stakeholders. Some of these
stakeholders may not share or recognise the moral framework that
FHCAs abide by, and furthermore their interests (e.g. monetary,
reputational) may be in direct conflict with the decisions rendered by
an FHCA. FHCAs must recognise that, due to the substantial fines
and risk associated with non-compliance, being certified compliant is
of considerable financial value to auditees.
Auditees may attempt to pressure auditors into making false
assertions of audit compliance. It is also conceivable that third
parties with interests counter to those of the auditee may attempt
to pressure auditors into making false assertions of non-compliance
(see appendix for further examples). An FHCA must not assert
compliance where it has not been achieved or assert non-compliance
when compliance requirements have been met. The FHCA shall report
instances of coercion and misconduct to their organisation’s
compliance team in addition to the ForHumanity Ethics
Committee.
1.2 What is an Ethical Choice?
ForHumanity defines an Ethical Choice as “awareness of a set of
options to be made [...], using a set of principles and rules concerning
moral obligations and regards for the rights of humans and for nature,
which may be specified by a given profession or group. The result,
outcome or judgment is made using a shared moral framework, or
set of moral principles based upon the entity’s Code of Ethics.”
ForHumanity, a 501(c)(3) public Charity 8 https://forhumanity.center CC 4.0 BY-ND-NC
1.3 Approaching Ethical Choices: SCIAR
When faced with an instance of ethical choice, FHCAs are advised to
follow these steps as a rule of thumb:
1. Stop: Trust your gut. If a situation makes you feel uneasy, stop.
Take the time to consider the options at hand before making a
decision.
2. Consider: Do any available options conflict with ForHumanity’s
values as they are laid out in this Code? Which of the available
options adheres most to ForHumanity’s principles and values (see
section 2)?
Don't forget 3. Inquire: Do not hesitate to consult supervisors and managers
to SCIAR! (employer or client-side), the FHCA community, this Code, the
audit criteria, or ForHumanity’s Body of Knowledge (BoK) for
guidance when faced with an ethically complicated decision.
4. Act: Once you have made a decision, act accordingly, but
thoroughly document the ethical reasoning that led you to your
decision.
5. Reflect: Reflect on your reasoning and the outcome of your
decision with hindsight so that you can factor any lessons learned
into future decisions.
1.4 Reporting
Both the ForHumanity Ethics Committee and the Ethics
Committee/Officer of the FHCAs organisation shall be made aware of
incidents that may violate or contravene the Code of Ethics or the
Code of Professional Conduct:
When?
Coercion
Conflicts of interest, e.g.;
FHCA having any financial transactions (in nature of loans,
holding of shares or other financial interest) in the entity that
they are auditing
FHCA has recently served as a director or officer, or employee
of an entity which intends to appoint FHCA as the auditor
Data breach at FHCA end resulting in exposure to data and
confidential information of the audit entity
Any other situation in which the SCIAR approach (Section 1.1)
insufficiently reassures an FHCA that their ethical choice is sound.
ForHumanity, a 501(c)(3) public Charity 9 https://forhumanity.center CC 4.0 BY-ND-NC
How?
FHCAs shall inform the Ethics Committee by using the reporting
form provided on the ForHumanity Website or by sending an email
directly to ethicscommittee@forhumanity.center with specific
details of the incident in question.
The details shall include the context, relevant information, and
ethical dilemma for which the FHCA requires input.
Audit and pre-audit entities employing FHCAs should have procedures
in place for disclosures of conflicts of interest before engagements
are initiated. Failure to disclose a conflict of interest may be
punishable by the suspension or revocation of the FHCA credential.
Conflicts of interest are subject to the Relevant Legal Frameworks.
Entities will be required to report failures to disclose conflict of
interest or other violation of the Code to ForHumanity. Audit and pre-
audit entities employing FHCAs should have a process for reporting
auditees engaging in fraud, malfeasance, intimidation or coercion.
1.5 Reporting Requirements for FHCAs
1.5.1 Depending on the jurisdiction in question, an FHCA may have a
mandatory reporting requirement to Regulatory Authorities for
intentional acts to subvert or circumvent compliance with “SHALL”
criteria in Audit Certification.
1.5.2 FHCAs shall report instances of coercion and misconduct from an
Auditee or Pre-Audit Service client to a compliance officer in their
firm.
1.5.3 FHCAs shall report instances of willful misconduct by another FHCA
providing services contractually dependent upon ForHumanity
intellectual property to the ForHumanity Ethics Committee and
their firm’s compliance officer.
1.5.4 FHCAs whose firms fail to provide adequate compliance support and
infrastructure to meet the requirements of the ForHumanity
License Agreement, the responsibilities of an FHCA or the
requirements of an Accreditation Body shall make every attempt to
rectify the situation for the firm. If reasonable efforts fail, then the
FHCA may bring the matter to the attention of the Ethics
Committee at ForHumanity and should review their responsibilities
to the Accreditation Body.
ForHumanity, a 501(c)(3) public Charity 10 https://forhumanity.center CC 4.0 BY-ND-NC
1.5.5 FHCAs shall report instances of ethical choice which they are unable
to resolve through the consultation of this Code either to
ForHumanity’s Ethics Committee directly (via email or the form
provided on the ForHumanity Website) or to the Ethics Committee
of the firm which employs them.
2. General Ethical Principles/Shared Moral
Framework
As independent auditors, FHCAs must be knowledgeable about and
act in accordance with the FH moral framework (i.e. the normative
values and principles by which all of ForHumanity’s efforts and
activities ought to be motivated). The following section outlines five
such principles which are particularly relevant to auditors certified by
ForHumanity, and the responsibilities FHCAs carry accordingly.
2.1 For Humanity
Everything that ForHumanity does, it strives to do with the interests of
humanity in mind. FHCAs shall recognise that their first and foremost
duty is to the public and to humanity more generally. FHCAs shall
therefore act in accordance with this duty and shall uphold the interests
of humanity above all else. This includes ensuring that their services as
independent auditors are made accessible to as wide a range of
stakeholders as possible.
FHCAs Responsibility
The audit process allows for precision and absolute compliance.
However, these are complex and intricate goals that are open to
occasional error despite best intentions.
Understand how the work of FHCAs impacts the interests of
humanity and its constituents
Make decisions in the interests of ForHumanity’s mission even
when these interests conflict with those of the entities being
audited
ForHumanity, a 501(c)(3) public Charity 11 https://forhumanity.center CC 4.0 BY-ND-NC
Challenge anything that you deem to be in contravention of this
duty (be it an audit decision you see someone else making, an
assertion by an audited entity, employer, or authority, or any other
action)
Welcome challenges by others as a way to potentially refine and
improve your own decision making with respect to the interests of
humanity
Promote a culture of humility, support, charity and clarity
Welcome support, critique and dialogue from others with the
principle of charity in mind (charitable interpretation).
When mistakes occur, our community aims to help and correct
constructively, assuming positive intentions until proven
otherwise.
Agree to corrections and clarity willingly and in good faith to
support and defend the interests of humanity.
Ensure fair pricing strategies to make sure that access to
independent auditing services is as widespread as possible.
Always Ask Yourself
Are the decisions you are making in the best interest of humanity?
Are you prepared to act against the interests of your
employer/client if that is what your duty demands in a situation?
Are you ready to challenge something that you feel is not in the
best interests of humanity?
Are you prepared to accept challenges by others with the patience
and due respect that you would expect from them?
Are you interpreting your challenger’s arguments in the most
rational way possible and are you considering their strongest
interpretation?
How are the audit decisions you are making going to impact
humans?
Are you doing what you can to make sure independent auditing
services are reasonably and sufficiently accessible?
2.2 Trust
As outlined in the Preamble of this Code, ForHumanity’s primary aim is
to establish an infrastructure of trust around deployment of AI,
algorithmic, and autonomous systems. Trust is a foundational principle
in ForHumanity’s shared moral framework. FHCAs play a fundamental
role in advancing this principle. As certified practitioners, FHCAs must
maintain the utmost standards of trustworthiness. FHCAs shall act with
integrity and consciously keep ForHumanity’s ethical principles and
values in mind whenever conducting their work, basing all of their
decisions and actions accordingly.
ForHumanity, a 501(c)(3) public Charity 12 https://forhumanity.center CC 4.0 BY-ND-NC
FHCAs Responsibility
Be honest and transparent in your audit decisions, assessments,
reports, and all other FHCA related matters
Represent ForHumanity and make auditing decisions accurately
Act with integrity and remain consistent in the upholding of
ForHumanity’s values, but do not neglect your own principles and
values
Be open and voice concerns about any conflicts that you feel are
arising between your own principles and those of ForHumanity or of
an entity you are auditing
Review, understand, and comply with all Relevant Legal
Frameworks pertaining to bribery, intellectual property, fraud,
collusion, material non-public information or deception (see section
4 and appendix)
Report dubious conduct and situations you deem to be unethical or
illegal to relevant authorities (e.g. supervisors, Ethics Officers,
certifying or accrediting bodies, ForHumanity’s Ethics Committee
etc. (see section 1.4))
Document and explain these judgment calls, as well as any other
decision made in an FHCA capacity when asked to do so.
Always Ask Yourself
Are you confident that you would be able to explain and defend
your audit decisions soundly?
Are you confident that your audit decisions, assessments, and
reports are accurate?
Do your own principles and values pull you in a different direction
than those of ForHumanity and are you prepared to voice such
concerns and opinions?
Are you confident in your ability to weigh up trade offs to make
decisions?
2.3 Independece & Objectivity
Independent auditing plays a crucial role in establishing and maintaining
an infrastructure of trust. The titular principle behind independent
auditing (‘independence’) is therefore one of the foundations upon
which ForHumanity is built. As the individuals entrusted with the
implementation of these audits, FHCAs shall uphold this principle of
independence at all times, maintaining the highest possible degree of
objectivity and impartiality when conducting their work.
ForHumanity, a 501(c)(3) public Charity 13 https://forhumanity.center CC 4.0 BY-ND-NC
FHCAs Responsibility
Approach audit decisions objectively - do not allow personal
sentiments, emotions, or interests to cloud your judgment
Be prepared to sacrifice business relationships, if an entity engages
in coercion or undue influence over an audit decision. Report
instances of undue influence or coercion to your entity’s compliance
officer and to ForHumanity’s Ethics Committee
Be prepared to notify relevant parties in a timely manner if personal
sentiments, emotions, or interests represent a conflict of interest
(see section 1.4)
Be prepared to prioritise the independence of an audit over your
personal financial security
Do not engage in any business activity that violates the rule of
independence. If auditing an entity, you may not provide any pre-
audit services of any kind to the same entity. If providing pre-audit
service, you may not be the auditor for the same entity in the same
12- month period
See also the Code of Professional Conduct for examples of how
mergers, acquisitions and other corporate actions might affect
Independence
Always Ask Yourself
Is this decision being influenced by my personal
sentiments/emotions (whether positive or negative) about the
entity being audited?
Is this decision being influenced by personal relationships that
constitute a conflict of interest?
Is this decision being influenced by your own financial situation?
Are you receiving any gifts, hospitality, or other extra
compensation from the entity being audited that could affect the
independence of your auditing work?
2.4 Confidentiality & Privacy
Confidentiality and Privacy, like independence and objectivity, are
foundational principles underpinning the infrastructure of trust that
ForHumanity is trying to establish. If entities cannot trust that FHCAs
will handle their information with due care, then ForHumanity’s mission
and a societal infrastructure of trust is jeopardised. FHCAs must
recognise that, in doing their work, they will often be entrusted with
proprietary and private information. They shall respect the privacy of
the entities that they audit and the confidentiality of their documents
and disclosures and will take the utmost precautions to maintain the
security of these documents, insofar as doing so does not conflict with
their professional and ethical responsibilities as laid out in this Code.
ForHumanity, a 501(c)(3) public Charity 14 https://forhumanity.center CC 4.0 BY-ND-NC
FHCAs Responsibility
Do not make any confidential information available to third parties
unless mandated by auditing procedures and the Relevant Legal
Frameworks upon which they are built (see section 4)
Know when and how audit guidelines require you to reveal
confidential information including abiding by Relevant Legal
Frameworks or mandatory reporting requirements
Be familiar with and adhere to relevant data protection regulations
and frameworks (see section 4)
Be familiar with and adhere to relevant intellectual property
regulations and frameworks (see section 4)
Be familiar with and implement best practices when it comes to the
responsible and secure handling of electronic files in the workplace
Be familiar with and implement best practices when it comes to the
responsible and secure handling of physical documents in the
workplace.
Always Ask Yourself
Are you accessing or discussing confidential information for
purposes that are legitimate as per auditing guidelines?
Do you feel confident that you know when you have a responsibility
to disclose otherwise confidential information to authorities?
Are you keeping your work/FHCA related data separate from your
Personal Data (e.g. are you passing data between your personal
email or phone and your work email or phone)?
Does the manner in which you are handling the data of an audited
entity or ForHumanity put it at risk?
2.5 Professionalism
While FHCAs have a primary duty to the public and humanity, they also
have responsibilities toward their employers, the entities that they
audit, fellow auditors, and ForHumanity. FHCAs shall behave in a
professional manner whenever conducting their duties and refrain from
behaviour that would discredit or otherwise harm the integrity or
reputation of ForHumanity’s mission or that of the independent
auditing profession.
FHCAs Responsibility
Be dutiful and conscientious in your conduct whenever acting in an
FHCA capacity
Ensure your professional knowledge is kept up to date on all
relevant auditing schemes and guidelines and associated Relevant
Legal Frameworks
ForHumanity, a 501(c)(3) public Charity 15 https://forhumanity.center CC 4.0 BY-ND-NC
Keep accurate records of all auditing related activities and work
Make honest assessments of your workload and agree upon
reasonable deadlines
Maintain agreed-upon deadlines and, where this is not possible,
notify the relevant party of the delay in a timely manner
Stand by your decisions, be prepared to explain them, and approach
challenges courteously
Never use confidential or proprietary information for the purpose
of personal gain
Be knowledgeable about the requirements of disclosure and
transparency and ensure all requirements are met
Remain current with your education and professional training and
certification requirements.
Always Ask Yourself
Could the decision you are about to make impact the reputation of
ForHummanity, its mission, or the independent auditing profession?
Are you respectful to all those you work with, regardless of their
ethnic, sexual, political, economic, religious, or other Protected
Category status?
Are your records up to date and organised in such a way that you
are able to find information should the need arise?
Are the deadlines you are agreeing to feasible?
Have you notified relevant parties that you will not be able to meet
a deadline?
Are you using information which your status as an FHCA grants you
access to for personal gain?
3. Inappropriate Behaviour For FHCAs
FHCAs shall comply with the standards set out above as well as with
the general principle of professional behaviour, which requires that
FHCAs respect all Relevant Legal Frameworks (see section 4)
refraining from any behaviour that discredits the independent
auditing profession or the ForHumanity Center. Any such behaviour
is in direct contravention of the fundamental principles laid down in
this Code (see section 2).
ForHumanity, a 501(c)(3) public Charity 16 https://forhumanity.center CC 4.0 BY-ND-NC
Inappropriate behaviour when acting in a professional FHCA
capacity includes but is not limited to (listed in approximate
order of severity):
Making false or misleading assertions of compliance (or non-compliance)
Bribery or extortion
Any action that is considered illegal in the relevant jurisdiction of FHCA’s operation
Being found guilty/convicted of any fraud or deception-related offence
Having a close or dependant family member who is a director or officer of an
audited entity
Acting in contravention of ForHumanity’s License Agreement
Acting on behalf of the entity audited in a capacity of advocate in litigation with
third parties
Providing a referral fee to a third party or fellow professional for gaining an entity
for audit services
Failure to abide by a contract
Lobbying for any legislation on behalf of the auditee
Accepting audit work on a contingent fees model, wherein the fee is dependent on
unqualified opinion.
Acting in contravention to the provisions set out in ForHumanity’s Anti-
Discrimination Policy
Slurs of gender, ability, race, sexual orientation, national affiliation, or any other
identity or Protected Category
Inappropriate or offensive language or images
Failure to be respectful – anyone found to be mocking or demeaning to entities
being audited, employees of ForHumanity, Fellows, or Contributors.
Failure to act in good faith and abide by the principle of charity (charitable
interpretation) when considering the views and arguments of other parties (e.g.
entities being audited, employees of ForHumanity, Fellows, or Contributors)
Failure to deliver on a promised action in a timely manner
4. Relevant Legal Frameworks
FHCAs will comply with all Relevant Legal Frameworks (including
but not limited to those laid out in this Code) and shall respect the
principles and values that underpin them. They must take into
consideration any risks to said legal frameworks in the carrying out
of their respective duties.
ForHumanity, a 501(c)(3) public Charity 17 https://forhumanity.center CC 4.0 BY-ND-NC
What are Relevant Legal Frameworks?: Relevant Legal
Frameworks are any laws, regulations, or standards, which pertain
to or are in some way related to the activities of FHCAs. These can
include human rights, equalities, anti-discrimination, access to goods
and services laws and other laws associated with the independent
auditing of AI, algorithmic, and autonomous systems.
Furthermore, an FHCA is subject to the laws of fraud, deception, fair
dealing, and implied duty of good faith. It is the responsibility of the
FHCA to familiarise themselves with the specific applications of the
jurisdiction within which they operate, especially when that
jurisdiction is not their home or common jurisdiction.
FHCAs shall be aware that different legal frameworks will be
considered relevant depending on the jurisdiction and the audit
scheme under which they are certified and under which they are
carrying out audits. It is their responsibility to familiarise themselves
with what these frameworks are on a case by case basis. FHCAs and
their employers should take care to specify the Relevant Legal
Framework in service contracts, however, the FHCA should also be
aware of the legal impact on data and audits as it relates to Data
Subjects and extraterritoriality.
Below are examples of the most common regulatory frameworks that
FHCAs should be familiar with. FHCAs must keep in mind that the
following list of relevant frameworks is not exhaustive and includes
guidelines and regulations that are not always considered ‘law’ in a
strict sense.
4.1 Human Rights
In keeping with ForHumanity’s commitment to acting in the best
interest of humanity, FHCAs should familiarise themselves with major
bodies of international human rights laws to better understand the
ways in which their work may impact these rights. (see appendix for
examples)
ForHumanity, a 501(c)(3) public Charity 18 https://forhumanity.center CC 4.0 BY-ND-NC
4.2 Equality/Anti-Discrimination Laws
Frameworks and Regulations
Measures aimed at increasing equality and decreasing discrimination
are important not only when buidling algorithms, but also when acting
as an independent auditor. As stipulated in section 2.3 of this Code, the
principle of independence demands a standard of objectivity and
impartiality from FHCAs. Implicit in this objectivity and impartiality,
and explicit in ForHumanity’s Anti-Discrimination and Diversity policies
is the expectation that FHCAs will refrain from any discriminatory
behaviour and respect at all times any relevant legal or regulatory
frameworks that define impermissible conduct with respect to
discrimination. (see appendix for examples)
4.3 Access to Goods and Services Related Laws
Frameworks and Regulations
FHCAs will do their utmost to ensure that, in the spirit of their duty to
the public, access to their auditing services are as widely accessible as
possible. They will strive to remain knowledgeable about and abide by all
applicable international and local legal regulations pertaining to fair
access to goods and services when offering their own independent
auditing services. (see appendix for examples)
4.4 Child Related Laws Frameworks and
Regulations
ForHumanity auditors must recognise that the rights and interests of
the child/ children differ from those of adults and are addressed by a
separate set of legal standards. Auditors must take into consideration
the ways in which the activities of the audited entity in question impact
the rights and interests of children. (see appendix for examples)
4.5 Laws Frameworks and Regulations on the
Use and Application of AI, Algorithmic, and
Autnomous Systems
As integral contributors to ForHumanity’s mission to establish an
infrastructure of trust for AI, algorithmic, and autonomous systems,
FHCAs should familiarise themselves with the general principles and
content of international and local regulations and frameworks on AI.
This builds an understanding of the relation between independent
auditing, the development and implementation of AI systems, and the
people they affect. (see appendix for examples)
ForHumanity, a 501(c)(3) public Charity 19 https://forhumanity.center CC 4.0 BY-ND-NC
4.6 Other Relevant Risks Associated With
Independent Auditing
4.6.1 Confidentiality/Privacy Laws, Frameworks, and Regulations:
In their capacity as independent auditors, FHCAs will gain access to
otherwise private, confidential, sensitive, or proprietary information.
They must respect all relevant data protection laws and regulations
dictating proper conduct when interacting with private information.
(see appendix for examples)
General Data Protection Regulation 2016/679 (GDPR)
The GDPR is currently the most comprehensive body of
international law governing the protection of data and privacy
in the EU and the EEA. It is relevant to all auditors, who have
a responsibility to uphold the principles of privacy (2.4) and
professionalism (2.5) when handling the data of entities being
audited.
FHCAs shall stay up to date with all provisions and amendments
made therein.
4.6.2 Intellectual Property Laws, Frameworks, and Regulations:
The access FHCAs are granted to proprietary information demands
they be knowledgeable about and respect international and domestic
regulations concerning the rights and protections afforded to owners
of intellectual property. (see also 4.1.7.1) (see appendix for examples)
4.6.3 Personal gain/bribery Laws, Frameworks, and Regulations,
OFAC, Anti-money laundering, or otherwise prohibited entity
dealings:
It is imperative that FHCAs be knowledgeable about and understand
the consequences mandated by international and domestic
regulations on bribery and corruption. (see appendix for examples)
4.6.4 Record and documentary evidence retention:
An FHCA and their firm shall maintain good and orderly records
related to Certification Plans, Certification Reports and all related
documentary evidence associated with audit criteria compliance. The
length of time these records must be kept will be informed by the
accreditation service, the ForHumanity License Agreement and
the Relevant Legal Framework.
ForHumanity, a 501(c)(3) public Charity 20 https://forhumanity.center CC 4.0 BY-ND-NC
4.7 Further Resources for FHCAs (to be
consulted whenever applicable):
ForHumanity’s Body of Knowledge Repository
ForHumanity’s Diversity Policy
ForHumanity’s Anti-Discrimination Policy
The ethical requirements of the state in which the audited entity
resides, the states in which relevant Data Subjects reside, and of
relevant authoritative regulatory bodies such as state board(s) of
auditors.
5. Compliance with the Code
Any FHCA may be excluded or stripped of status as a certified
practitioner for violations of this Code, subject to appeal to
ForHumanity’s Executive Director and/or Board of Directors, see
section 6.4 and section 6.5 for the process of review by the Ethics
Committee and possible sanctions.
5.1 Revocation
FHCAs are governed by the rules contained within the FHCA Code of
Ethics and the Code of Professional Conduct and risk revocation of
their FHCA certification if they violate either of these codes.
5.2 Violating the Shared Moral Framework
FHCAs are bound by this Code and any and all violations of the
normative provisions, principles, and values outlined herein (see
section 2) represent grounds for disciplinary action. The nature of such
disciplinary action (ranging from verbal warnings to expulsion from
ForHumanity and loss of certified practitioner status), will depend
on the severity, frequency, motivation, and adverse consequences of
the infraction in question. These factors will be ascertained by
ForHumanity’s Ethics Committee and potentially referred to its
Board of Directors.
ForHumanity, a 501(c)(3) public Charity 21 https://forhumanity.center CC 4.0 BY-ND-NC
5.3 Violating Relevant Legal Frameworks
Any violation of Relevant Legal Frameworks (see section 4) will be
subject to the consequences laid out in said legal frameworks as well as
to ForHumanity’s disciplinary processes as they are outlined in this
Code (section 5.2 and 5.5) and in the Code of Professional Conduct.
5.4 Your Point of Contact - ForHumanity’s
Ethics Committee
5.4.1 The Ethics Committee is responsible for maintaining this document,
issuing changes and calling for reviewing and community wide
consultation.
5.4.2 The Ethics Committee reports to the Board of Directors and will
consist of no less than two (2) Board Members who are NOT the
Executive Director. The Executive Director shall not be a member of
the Ethics Committee. There shall be no less than five (5) members
on the Ethics Committee.
5.4.3 The Ethics Committee shall be responsible for processing all reports
from FHCAs (see section 1.4), licensed entities, accreditation bodies,
regulatory authorities or the public regarding any suggested violation
of this Code of Ethics and the Code of Professional Conduct
5.4.4 The Ethics Committee shall maintain strict confidentiality amongst
its proceedings and investigations. Both reports from FHCAs and the
Ethics Committee shall be made available to the Board of Directors
when required.
5.4.5 The Ethics Committee shall operate with due process and may call
for evidence, interviews, and witnesses consistent with the License
Agreement, this Code of Ethics and the Code of Professional
Conduct, the rules or by-laws associated with accreditation or other
regulatory approval of audit certification schemes or any other legal
responsibility of ForHumanity.
5.4.6 The Ethics Committee shall in its processing of reports determine if
and when the Board of Directors shall be consulted or had the matter
referred to it.
5.4.7 The findings of the Ethics Committee will be final if issued from the
Ethics Committee or, if required by internal procedure, referred to
the Board of Directors for their approval and dissemination.
ForHumanity, a 501(c)(3) public Charity 22 https://forhumanity.center CC 4.0 BY-ND-NC
5.4.8 Decisions from the Ethics Committee will be rendered by majority
rule and a quorum of standing members must vote in person or
electronically.
5.4.9 The Ethics Committee will conduct its due process in a timely
manner and all FHCAs will also respond in a timely manner.
5.5 Sanctions available to the Ethics
Committee and/or Board of Directors
5.5.1 Sanctions may be applied to an individual or licensed entity as noted
below. This does not represent a mandatory step function. The
Ethics Committee and/or Board of Directors may levy any sanction
from the list below commensurate with the severity of the
misconduct. Any sanction rising to the level of permanence will be
referred to the boar for confirmation. History, character witnesses,
and intent may all be considered by the Ethics Committee and/or
Board of Directors. Sanctions will be made public through the
ForHumanity website and similar database where an individual or
licensed entity may be recognised as an FHCA or duly licensed
entity. Sanctions may also be made public via press release. These
sanctions do replace or otherwise provide relief from damages
associated with the ForHumanity License Agreement and any
breaches thereof.
5.5.2 Verbal and/or written warning outlining the misconduct (individual or
entity)
5.5.3 Public Censure with remediation plan (individual or entity)
5.5.4 Temporary suspension of FHCA accreditation - automatic
reinstatement, supported by educational remediation (individual)
5.5.5 Temporary suspension of ForHumanity License Agreement -
automatic reinstatement supported by educational and or
institutional remediation (entity)
5.5.6 Suspension of FHCA accreditation or ForHumanity License
Agreement - application for reinstatement required (individual or
entity)
5.5.7 Permanent Bar of FHCA credentials (individual)
ForHumanity, a 501(c)(3) public Charity 23 https://forhumanity.center CC 4.0 BY-ND-NC
5.5.8 Permanent Bar of ForHumanity License Agreement by entity
Officers and Directors, applicable to all directors and the barred legal
entity. No barred Officer or Director may sit in an officer or director
position at any licensed entity.
5.5.9 All sanctions may be eligible for an appeals process and the Ethics
Committee and/or Board of Directors will inform the individual or
entity if they are eligible for an appeals process and how that process
will be conducted.
5.6 Auditors certified according to
ForHumanity’s certification schemes
outside of ForHumanity
ForHumanity may license its audit rules and standards to auditors and
other entities engaged in the business of satisfying audit compliance
through independent auditing. These entities and the auditors that
they certify will agree to adhere to all provisions made in
ForHumanity’s Code of Ethics and the Code of Professional Conduct
for Auditors as part of the Licence Agreement.
ForHumanity, a 501(c)(3) public Charity 24 https://forhumanity.center CC 4.0 BY-ND-NC
FHCAs Code of Ethics
Appendix
Definitions
The Body of Knowledge and its specific Knowledge
Stores are guidance notes for Auditors, to be applied
when examining items of compliance sufficiency and
maturity. They do not represent normative criteria.
Instead they reflect measures, tools and thresholds that
help an Auditor understand if the documentary evidence
Body of
is sufficient or sometimes even reaching a mature level
Knowledge of compliance. Further, the knowledge stores will often
highlight frequent insufficiencies related to
documentary compliance evidence designed to draw
attention to common mistakes with sufficiency. The
Body of Knowledge - Knowledge Stores can be found
HERE.
A Code of Ethics (CoE) is a publicly disclosed set of
principles and rules concerning moral obligations and
regards for the rights of humans and nature, which may
be specified by a given profession or group. The
Code of Ethics document is drafted and kept up to date by an entity’s
Ethics Committee and outlines said entity’s shared
moral framework within the Relevant Legal
Frameworks, providing context to instances of Ethical
Choice.
A group of persons trained in Algorithm Ethics and
Ethical Choice, guided by the Code of Ethics and Code of
Data Ethics, which they create and maintain on behalf of
Ethics
the organisation. The Ethics Committee is responsible
Committee for all instance of Ethical Choice related to AI,
algorithmic and autonomous systems and producing the
Ethical Risk Analysis (See Section 5.4).
*Terms that are Capitalised and Bolded are terms with an official, agreed upon definition within ForHumanity. See the ‘Definitions’ section in the appendix.
** Terms that are bolded in lowercase are key terms with particular relevance to the Code.
ForHumanity, a 501(c)(3) public Charity 25 https://forhumanity.center CC 4.0 BY-ND-NC
Definitions
Awareness of a set of options [...], using a set of
principles and rules concerning moral obligations and
regards for the rights of humans and for nature, which
Ethical Choice may be specified by a given profession or group. The
result/outcome/judgment is made using a shared moral
framework - set of moral principles based upon the
entity’s Code of Ethics.
certified practitioners who have completed the
ForHumanity necessary training to be considered qualified to audit
companies for compliance with designated ForHumanity
Certified certification schemes or to provide certification schemes
Auditor (FHCA) for data Processors, Controllers and Joint Controllers
(Auditees)
any information relating to an identified or identifiable
natural person (‘Data Subject’); an identifiable person is
one who can be identified, directly or indirectly, in
particular by reference to an identification number or to
Personal Data one or more factors specific to their physical,
physiological, mental, economic, cultural or social
identity. Personal Data may be a collective term
encompassing specialized terms such as Inferences,
Proxy Variables, PII, and Special Category Data
law, as it applies to Data Subjects, specific to the
jurisdiction of Data Subject being included in the data
processing for the audit or certification. These shall
include consideration for human rights, equalities and
anti-discrimination law, access to goods and services
Relevant Legal (having due regard to who is included/excluded from
such goods and services), children's law and laws with
Frameworks regard to the platform and/or laws with regard to the
sector in and through which the AI (and data processing)
is being provided, amongst other risks (Governance and
Accountability 1)
ForHumanity, a 501(c)(3) public Charity 26 https://forhumanity.center CC 4.0 BY-ND-NC
Examples of Potential Ethical Choices that
FHCAs May Face
The SCIAR framework outlined in section 1.3 and the principles, values, and
shared moral framework outlined in section 2 of this Code are the primary
tools upon which FHCAs will need to rely when contending with instances
of ethical choice. However, there are certain ethically pertinent situations
that may come up more often than others. The following outlines some of
these situations, offering details on the appropriate course of action in
each case. These scenarios and their respective recommended courses of
action can also be used by FHCAs to guide their decision-making and
behaviour in other situations.
Fellow auditors are engaging in behaviour that violates ForHumanity’s shared
moral framework:
Description of Scenario:
Scenario 1: An FHCA hears rumors about a fellow auditor who is engaging in
behaviour that violates the shared moral framework set out in this Code, or the
standards set out in the Code of Professional Conduct.
Scenario 2: An FHCA directly observes a fellow auditor engaging in behaviour that
violates the shared moral framework set out in this Code, or the standards set
out in the Code of Professional Conduct.
Scenario 3: An FHCA feels that he or she has engaged in behaviour that violates
the shared moral framework set out in this Code, or the standards set out in the
Code of Professional Conduct.
How to Approach the Situation:
Scenario 1:
Assess the credibility of the rumor (how likely is it to be true?)
Approach the FHCA in question in good faith and bring up your concerns.
Reassess the credibility of the rumor taking their response into consideration.
Decide whether or not the situation warrants reporting to ForHumanity’s
Ethics Committee and do so if necessary.
ForHumanity, a 501(c)(3) public Charity 27 https://forhumanity.center CC 4.0 BY-ND-NC
Scenario 2:
Point out to the FHCA in question that they are violating the Code of Ethics
(ideally pointing to specific passages in the Code).
If the action can be rectified help the FHCA in question do so.
If the action cannot be rectified, give the FHCA in question a few days to reach
out to the Ethics Committee themselves.
If the FHCA in question fails to reach out to the Ethics Committee within a
reasonable timeframe or makes it clear that they have no intention of doing so
at all, get in touch with the Ethics Committee directly.
Scenario 3:
Reach out to the Ethics Committee and explain the nature of the infraction
and any ethically impermissible consequences which resulted.
Recuse yourself from further auditing work until notified otherwise by the
Ethics Committee.
Refrain from engaging in the behaviour in question in future.
Responding to Critiques and Criticisms
Description of Scenario:
Scenario 1 A fellow FHCA has concerns about your conduct and confronts you.
Scenario 2: An auditee disagrees with one of your auditing decisions or practices
and confronts you.
Scenario 3: Someone from within or outside of ForHumanity criticises its mission,
processes, or values.
How to Approach the Situation:
Scenario 1:
Act in good faith and according to the principle of charitable interpretation
when considering critiques by fellow FHCAs.
Do not take the criticism personally.
Consider whether there is any substance to your fellow FHCA’s concern and
consult this Code.
If there is:
Notify ForHumanity’s Ethics Committee.
Notify the auditee where relevant and inform them that you are waiting on
word from the Ethics Committee regarding how to proceed.
ForHumanity, a 501(c)(3) public Charity 28 https://forhumanity.center CC 4.0 BY-ND-NC
Scenario 2:
Act in good faith and according to the principle of charitable interpretation
when considering critiques by auditees.
Explain the reason for your decision or behaviour and refer the auditee to the
relevant sections in the audit criteria or in this Code.
If the criticism is valid: Acknowledge that the point was valid and, depending on
the severity of the issue in question, rectify your decision/behaviour
accordingly or report the situation to the Ethics Committee.
Scenario 3:
Determine whether it is worth engaging or not depending on the nature of the
criticism.
Act in good faith and according to the principle of charitable interpretation
when engaging with critiques by third parties.
Remain courteous and forthright in your conversations.
Bring up any concerns about ForHumanity’s mission, processes, or values that
you find to be valid to the Ethics Committee.
Auditing an Entity towards whom an FHCA holds personal opinions
Description of Scenario:
Scenario 1: An FHCA is auditing an entity which he or she personally dislikes.
Scenario 2: An FHCA is auditing an entity which he or she personally admires.
How to Approach the Situation:
Both Scenarios:
Remain objective
Do not allow your personal opinions, allegiances, political or moral views to
influence the rigour with which you apply the audit criteria.
Auditing entities when any one of the following five threats to auditor
independence is present:
Description of Scenario:
Scenario 1 - Self Interest: the FHCA holds a direct interest, financial or otherwise,
in the entity being audited.
Scenario 2 - Self Review: the FHCA was involved in the creation of the work being
audited.
ForHumanity, a 501(c)(3) public Charity 29 https://forhumanity.center CC 4.0 BY-ND-NC
Scenario 3 - Advocacy: the FHCA is involved in the promotion of the entity being
audited.
Scenario 4 - Familiarity: the FHCA is personally close to employees, managers,
officers, or directors of the entity being audited.
Scenario 5 - Intimidation: the FHCA feels intimidated by the directors or
management of an entity being audited to the point of no longer being able to
carry out the audit objectively.
How to Approach the Situation:
All scenarios:
Recuse yourself from auditing the auditee in question any time you feel that
circumstances preclude you from performing your work in an objective manner.
Report the matter to the Ethics Committee.
Refrain from further auditing of said auditee until notified otherwise by the
Ethics Committee.
If an FHCA feels that an auditee has found loopholes in the audit:
Description of Scenario:
The entity being audited has found a loophole in the audit, managing to implement
practices that ‘tick the boxes’ of an audit scheme while still doing the damage that the
audit was intended to help avoid. An entity has found a way to be compliant with the
audit while still behaving in a manner that contravenes the very point of the scheme in
question.
How to Approach the Situation:
The auditee is compliant and the audit report must report as much. However, the
auditee should also report such situations to the Ethics Committee so that the audit
scheme in question might be amended in the future so as to close any such loopholes.
Entities that are non-compliant with certain audit rules through no fault of
their own:
Description of Scenario:
Data or privacy breach or bias arises in a third-party system used by the client.
The client conducted an audit of the third party system at the time of onboarding,
however, there have been some changes/patches provided by the third party which
have not been audited.
ForHumanity, a 501(c)(3) public Charity 30 https://forhumanity.center CC 4.0 BY-ND-NC
Bias arises out of third-party licensed cloud tools. The licensing agreement does
not provide access for the client to conduct an audit of the system.
Systemic attack of a client’s AI system via adversarial attacks and poisoning
techniques by an unidentified attacker
How to approach the situation:
Auditing is not about who is at fault, but whether or not someone is compliant.
Whether or not a company is at fault for their non-compliance is not relevant to
whether or not they are compliant.
Document the scenario and the relevant facts and qualify the audit report based on
these facts.
Disclose and highlight systemic controls or management review approaches that
are not operating effectively, which in turn resulted in non-compliance.
Examples of Relevant Legal Frameworks
(Section 4 in the Code of Ethics):
This section sets out examples of the sorts of Relevant Legal
Frameworks implied by section 4 of the Code of Ethics - please note that
the presence of these examples neither implies nor endorses these laws as
a function of any audit criteria because that is the domain of governments
and regulators - we supply these as examples of principles of human
rights generically.
(4.1) Human Rights
Examples of such bodies of law include but are not limited to
UN Guiding Principles on Business and Human Rights
International Bill of Human Rights
Charter of Fundamental Rights of the European Union
(4.2) Equality/Anti-Discrimination Related Laws,
Frameworks, and Regulations
Examples of such bodies of law include but are not limited to
OHCHRC International Convention on the Elimination of All
Forms of Racial Discrimination
OHCHRC Convention on the Elimination of All Forms of
Discrimination against Women
OHCHRC Convention on the Rights of Persons with Disabilities
ForHumanity’s Anti-Discrimination Policy
ForHumanity’s Diversity Policy
ForHumanity, a 501(c)(3) public Charity 31 https://forhumanity.center CC 4.0 BY-ND-NC
(4.3) Access to Goods and Services Related Laws,
Frameworks, and Regulations
(tbd)
(4.4) Child Related Laws, Frameworks, and
Regulations
Examples of such bodies of law include but are not limited to
UN Convention on the Rights of the Child
(4.5) Laws, Frameworks, and Regulations on the
Use and Application of Artificial
Intelligence, Algorithmic, and Autonomous
Systems
Examples of such bodies of law include but are not limited to
EU AI Regulations
OECD Principles on AI
(4.6) Other Relevant Risks Associated With
Independent Auditing
(4.6.1) Confidentiality/Privacy Laws, Frameworks, and Regulations
General Data Protection Regulation 2016/679 (GDPR)
The GDPR is currently the most comprehensive body of
international law governing the protection of data and privacy
in the EU and the EEA. It is therefore relevant to more than
simply auditors who are certified in GDPR compliance as all
FHCAs have a responsibility to uphold the principles of
privacy (2.4) and professionalism (2.5) when handling the data
of entities being audited.
They shall stay up to date with all provisions and amendments
made therein in order to ensure that their work maintains
alignment with ForHumanity’s shared moral framework.
Other examples include but are not limited to:
The Global Network Initiative’s Principles on Freedom of
Expression and Privacy
OECD Privacy Principles
ForHumanity Privacy Policy
ForHumanity, a 501(c)(3) public Charity 32 https://forhumanity.center CC 4.0 BY-ND-NC
(4.6.2) Intellectual Property Laws, Frameworks, and Regulations
Examples include but are not limited to:
Treaties Administered by the World Intellectual Property
Organization (WIPO)
(4.6.3) Personal gain/bribery Laws, Frameworks, and Regulations,
OFAC, Anti-money laundering, or otherwise prohibited entity
dealings
Examples include but are not limited to:
The 2003 UN Convention Against Corruption
Transparency International’s Business Principles for
Countering Bribery
The ICC Rules on Combating Corruption
OECD Convention on Combating Bribery of Public Officials
The Institute of Business Ethics’ List of Anti-Bribery and
Corruption Standards and Frameworks
(4.7) Further Resources for FHCAs (to be
consulted whenever applicable):
ForHumanity’s Body of Knowledge Repository
ForHumanity’s Diversity Policy
ForHumanity’s Anti-Discrimination Policy
The ethical requirements of the state in which the
audited entity resides, the states in which relevant
Data Subjects reside, and of relevant authoritative
regulatory bodies such as state board(s) of auditors.
ForHumanity, a 501(c)(3) public Charity 33 https://forhumanity.center CC 4.0 BY-ND-NC