Code and Standards: of Professional Conduct
Code and Standards: of Professional Conduct
Code and Standards: of Professional Conduct
OF PROFESSIONAL CONDUCT
CODE AND STANDARDS
OF PROFESSIONAL CONDUCT
APSCA aims to increase the value and effectiveness of independent social compliance audits
by enhancing the professionalism, consistency and credibility of individuals and organizations
performing them.
Labor rights and workplace conditions are a central focus for many organizations, due to expanding global
supply chains, public perceptions related to social responsibility, and legislation. Independent social
compliance services are an important tool in advancing labor rights and workplace conditions for workers
globally. APSCA aims to raise the value, quality and effectiveness of social compliance services and support
Member Auditors and Member Firms who are performing them.
APSCA expects Members to demonstrate a high standard of ethics and Member Firms to promote a culture
of honesty and integrity in day to day operations and support the fair treatment and appropriate workplace
conditions for their Member Auditors.
The principles outlined in the Code of Professional Conduct (the Code) - presented herein as the first
element of each section in bold - have been developed to support APSCA’s values and are intended to
provide guidance around the transparent and accountable manner in which individual Member Auditors and
Member Firms are expected to operate. The Code serves as a foundation for establishing credible, ethical and
consistent professional behaviors by Members.
The related Standards of Professional Conduct (the Standards) presented herein as the subsections under
each element in bold provide Members with clarification and more detailed requirements related to the
obligations under the Code.
By becoming a Member of APSCA, both auditors and audit firms are committing to uphold the principles
outlined in the Code and the related Standards in the conduct of all social compliance services. It is also
intended that Member Firms will ensure that the provisions of this Code will be followed by all personnel
working on their social compliance services.
In the event the Code or the Standards conflict with applicable law, such that compliance with both is not
possible, Members shall comply with applicable law.
The Code and the Standards are not intended to be, nor should they be interpreted as, a full or exhaustive
list of the situations, circumstances or conditions which may comprise compliance and non-compliance.
Professional judgment will be required to decide what is adequate, sufficient, and competent according to
the situations and circumstances of each audit.
Member Firms are independent businesses; however, the actions of Members can be attributed to APSCA,
affecting the reputation and level of trust APSCA has earned as well as impacting the reputation of the
industry as a whole. Members are expected to conduct themselves with consideration of this reality.
Note: In the Code and Standards, “Members” refers to individual Member Auditors and Member Firms. Member
Firms are those organizations that have been accepted for membership into APSCA. Member Auditors
includes both Certified Social Compliance Auditors (CSCA) that have been certified by APSCA, and Associate
Social Compliance Auditors (ASCA) that have been approved by their Member Firm and have been enrolled
with APSCA. During the initial period, Registered Level Auditors have the rights, responsibilities and
obligations of a CSCA.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 2 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
1.0 COMPLIANCE
1.1 Accountability: Members shall comply with all relevant legislation and comply with the Code
and the Standards.
1.1.1 Members shall obtain and maintain all statutory consents, licenses and permissions required
to perform social compliance services in all jurisdictions in which services are performed.
1.1.2 Members shall make reasonable efforts to ensure that their agents, directors, employees,
officers and sub-contractors:
1.1.2.1 not engage in any form of bribery, corruption, extortion or embezzlement, or any
other unlawful conduct;
1.1.2.2 comply with all applicable laws, regulations, codes and sanctions, including those
relating to anti-bribery and anti-corruption.
1.1.3 Members, in the operation of their social compliance business, shall observe all labor laws,
including those regarding working hours, wages and benefits, providing at a minimum, one
(1) day off every seven (7) days with any overtime being voluntary.
1.1.4 Members, in the operation of their social compliance business, shall observe all health and
safety rules and regulations and any other applicable security requirements which apply to
their own operations.
1.1.5 Members shall have a procedure to report illegal conduct to the local authorities, if such
reporting is mandated by local laws.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 3 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
2.2.4 Members shall not accept gifts, whether goods or services, from any party directly or
indirectly related to a social compliance service.
2.3 Integrity Management: Member Firms shall have a system in place to identify risks and
manage compliance relating to ethics and integrity.
2.3.1 Members shall implement and maintain an Integrity Management System to address audit
integrity and bribery risks that may exist before, during and after each social compliance
service. The Integrity Management System shall be applicable to all audit firm personnel and
shall, at a minimum, include the following components:
2.3.1.1 Clear policies, guidelines and processes including specific policies to:
2.3.1.1.1 Identify what constitutes unethical practices, mechanisms for all personnel to
distance themselves from unethical practices, and the process for identifying
and reporting such practices whenever they occur.
2.3.1.1.2 Disallow use of any routes or channels for provision of benefits to, or receipt
of a benefit from clients, auditors, sub-contractors, suppliers, employees or
government officials.
2.3.1.1.3 Prohibit the billing or reporting of work not in alignment with contractual
services.
2.3.1.1.4 Prohibit the offering or acceptance of gifts or hospitality.
2.3.1.1.5 Establish zero tolerance – termination of employment – of any audit firm
personnel found to have offered, solicited or accepted any form of bribe or
incentive.
2.3.1.1.6 Require prompt reporting to their integrity investigations function of all
allegations of non-compliance with integrity policies and any bribery
attempts.
2.3.1.1.7 Prohibit any form of retaliation or retribution for individuals who in good faith
report integrity issues or suspected issues.
2.3.1.2 Risk assessment process as appropriate for the industry.
2.3.1.3 Pre-employment screening for all audit firm personnel.
2.3.1.4 Code of Ethics Agreement outlining auditee expectations in connection with the
performance of all social compliance services.
2.3.1.5 Periodic ethics training for all audit firm personnel.
2.3.1.6 Audit results tracking to identify unusual patterns in results for specific auditors.
2.3.1.7 An Audit-the-Auditor program.
2.3.1.8 Publicly available confidential mechanism for reporting allegations of ethics or
integrity violations.
2.3.1.9 Integrity investigation process including:
2.3.1.9.1 Integrity investigations mechanism that:
is independent of the management of social compliance services.
conducts investigations consistent with the guidelines in Section 5.2.2.3.
investigates all allegations received taking into account the nature and
specificity of the allegation.
records all allegations, including the results of investigative activities.
2.3.1.9.2 Required reporting to APSCA of the results of any investigation where
disciplinary action is taken in response to a violation of the Code or Standards.
3.0 COMPETENCE
3.1 Personnel: Member Firms shall only deploy social compliance auditors (whether direct
employees or independent contractors) who demonstrate, at a minimum, the relevant
knowledge, skills and attributes outlined in the APSCA Competency Framework, and agree to
act in accordance with the Code and the Standards.
3.1.1 Member Firms shall ensure auditors meet the expectations as outlined in the Competency
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 4 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
Framework prior to being identified to APSCA as an ASCA.
3.1.2 Member Firms shall ensure that only CSCAs and ASCAs are assigned to any Social
Compliance Audit.
3.1.3 Prior to final scheduling of any Social Compliance Audit, Member Firms must confirm that the
assigned CSCA has appropriate skills and competencies – consistent with the Competency
Framework – to perform the Social Compliance Audit including the following:
3.1.3.1 Knowledge of applicable laws and regulations relevant for the facility to be audited.
3.1.3.2 To the extent the assigned CSCA does not have the appropriate language skills to
conduct interviews in the language of workers and management in the facility, the
Member Firm must ensure that an independent translator will be utilized during the
audit.
3.1.3.3 Industry-specific knowledge to the extent the facility to be audited has specific
industry specific requirements or considerations.
3.1.4 Member Firms shall have a mechanism to provide training and education for auditors.
Training and education processes shall include, at a minimum:
3.1.4.1 Qualified trainer(s).
3.1.4.2 Written training materials that include experiential exercises and case studies.
3.1.4.3 Documented evaluation of trainee comprehension and command of the materials.
3.1.4.4 Training feedback survey.
3.1.4.5 Training and education records to be included in the personnel files of the auditor and
including, at a minimum:
Date of training
Training topics
Trainer(s)
Training outcomes
3.1.5 CSCAs shall complete continuous professional development to maintain professional
knowledge and skills at the level required to execute audits in compliance with the
requirements in the Competency Framework.
3.1.6 Member Firms shall evaluate the performance and competency of CSCAs and ASCAs.
Performance and competency evaluation processes shall include, at a minimum:
3.1.6.1 Formal and documented annual review of performance for each auditor.
3.1.6.2 Onsite evaluation by a qualified evaluator at least once per year.
3.1.6.3 Ongoing review of audit files, audit reports, and any feedback received to identify
opportunities to enhance performance.
3.1.6.4 Development and tracking of auditor performance metrics with refresher training,
feedback and remediation provided, as needed.
3.1.6.5 Policies and procedures to manage underperformance or misconduct by auditors.
These policies and procedures must be clearly communicated to all auditors.
3.2 Supervision: Member Firms shall ensure auditors are adequately supervised to ensure all work
is performed as directed and supports the conclusions reached.
3.2.1 Members shall create a communication channel that provides a mechanism for auditors to
engage more experienced resources during the execution of an audit to address unique
issues and circumstances.
3.2.2 Where an audit team includes an ASCA, the CSCA shall ensure that the ASCA is only
involved in audit elements consistent with the individual’s skills, competencies and
experience. Additionally, the CSCA shall ensure all assigned work is properly completed and
performed consistent with client or collaborative program requirements.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 5 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
3.2.3 To the extent an auditor – whether ASCA or CSCA – is requested to perform work that in the
opinion of the auditor is beyond the auditor’s competency or for which the auditor has not
been properly trained, the auditor shall communicate the concerns to appropriate Member
Firm management or APSCA.
4.0 EXECUTION, REPORTING AND RECORDS
4.1 Audit Team: Each audit team shall have a minimum of one CSCA. Audit teams may include
ASCA(s) who support the audit under supervision of the CSCA.
4.1.1 In assigning auditors to perform a Social Compliance Audit, Member Firms shall ensure
sufficient resources are deployed to complete all work required for the client or scheme for
whom the audit is to be performed.
4.1.1.1 To the extent the audit team includes an ASCA(s), the Member Firm shall ensure
assigned resources are sufficient to provide for appropriate supervision by the
assigned CSCA.
4.1.2 Member Auditors shall record all work performed (See Section 4.4.1.3) and shall not report
conclusions where work has not been completely performed.
4.1.3 A CSCA shall only include the designation as a CSCA and their APSCA member number after
having fully completed an independent Social Compliance Audit on behalf of a Member Firm.
4.1.3.1 A CSCA shall include reference to CSCA status and / or their APSCA member number
only where the scope of work is a Social Compliance Audit and where the work is
performed on behalf of a Member Firm.
4.1.3.2 To the extent a CSCA performs an audit that includes consideration of elements
beyond the elements in the Competency Framework, the associated audit report must
conspicuously include the following disclaimer if the CSCA’s APSCA number is to be
included in the audit report:
This audit includes elements beyond the scope of a Social Compliance Audit as
defined by the APSCA Competency Framework. The association of the auditor’s
APSCA number with this report is limited to those elements outlined in the APSCA
Competency Framework. APSCA makes no representations with respect to the
auditor’s competency to professionally evaluate compliance with any other audit
elements.
4.2 Confidentiality: Members shall maintain confidentiality with respect to information gathered
in connection with a social compliance services and take all reasonable steps to prevent
unauthorized access to, or inadvertent disclosure of, information collected during or relating
to a service.
4.2.1 Member Firms shall establish a policy that all information obtained or developed in
connection with a social compliance service shall not be disclosed to any party other than
the relevant client, except under the following circumstances:
4.2.1.1 The client provides specific written consent.
4.2.1.2 Disclosure is required to execute the service.
4.2.1.3 Disclosure is required by applicable law.
4.2.1.4 Disclosure is required to obtain legal or ethical advice regarding compliance with
applicable laws or the Code or Standards. Where confidentiality is not governed by a
recognized professional code of conduct, an appropriate non-disclosure agreement
must be executed.
4.2.1.5 Disclosure is required to establish a claim or defense in an adversarial proceeding.
4.2.2 Member Firms shall undertake appropriate technical and security measures to prevent the
inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to
the audit.
4.2.3 Confidentiality of audit data shall be maintained for a minimum of ten years or longer if
required by applicable law or contractual agreement; personally identifiable information
shall not be disclosed.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 6 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
4.3 Report Generation and Submission: Members shall ensure an accurate, concise, timely, clear
audit report, following the format and methodology of the program being audited against.
Auditors may only sign off on an audit as a CSCA if they are conducting an independent Social
Compliance Audit on behalf of a Member Firm who takes responsibility for the process.
4.3.1 Member Firms shall provide employment conditions which ensure auditors can spend a
reasonable part of their normal working hours writing and completing audit reports.
4.3.2 In preparing audit reports, Members shall ensure:
4.3.2.1 Prior to report submission, a report quality review process is performed.
4.3.2.2 The audit report is generated and submitted to the client and / or audit requestor at
the conclusion of each audit within an agreed timeframe.
4.3.2.3 The audit report includes the names and APSCA member number(s) (where
applicable) of all Member Auditors who performed audit procedures during the audit.
4.4 Supporting Documentation: Member Firms shall ensure each audit report is supported by a
record, which evidences the work performed in sufficient detail to support the conclusions in
the audit report.
4.4.1 The record for each Social Compliance Audit should include the following, at a minimum:
4.4.1.1 The final audit report submitted to the client or audit requestor.
4.4.1.2 Executed Code of Ethics Agreement.
4.4.1.3 A summary of all substantive procedures performed in connection with the audit to
evidence consideration of all required elements for a Social Compliance Audit.
4.4.1.4 Facility map for the operations considered during the audit.
4.4.1.5 Working papers to evidence performance of quantitative elements including, but not
limited to:
Minimum age
Compensation and benefits
Hours of work
4.4.1.6 Summary of worker interviews identifying:
The number of workers interviewed
The method of interview – e.g. individual or group
The composition of the population of interviewed workers by key characteristics –
e.g. gender, nationality
The key issues or concerns raised
4.4.2 The records for Social Compliance Audits shall be subject to a review process designed to
ensure compliance with the Code and Standards.
4.5 Handling of Sensitive Information: Reporting of sensitive issues which may lead to retaliation
against workers, or attempts to bribe, threaten or coerce Member Auditors shall be handled in
a manner which protects workers and Member Auditors.
4.5.1 Protection of workers shall be prioritized by respecting the confidentiality of information
collected during worker interviews. Specifically, if issues raised by workers need to be
discussed with auditee management it must be done with caution, ensuring comments
cannot be traced back to individuals.
4.5.2 To the extent sensitive information is received by a Member in the conduct of a social
compliance service, such information shall be communicated to an appropriate party –
whether the client, service requestor, program owner, APSCA or authorities – for the benefit
of the worker or the Member Auditor.
4.6 Records Management: Member Firms shall have systems in place to ensure all audit data is
collected, stored and transferred in compliance with applicable law and is secure and only
accessible by authorized persons.
4.6.1 Security: Member Firms shall take necessary technical and organizational measures to
ensure security of data held in hard copy or electronically.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 7 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
4.6.1.1 Hard-copy records shall be stored in a secure location and accessible only to
authorized personnel.
4.6.1.2 Electronic data shall be stored in systems that require the use of a unique password
and include a record identifying all individuals who have accessed the data.
4.6.2 Retention: Member Firms shall retain Social Compliance Audit working papers – consistent
with section 4.4.1 above - for a minimum of five years, or longer if required by applicable law
or contractual agreement, from the date of the audit whether or not the client is active.
4.6.3 Destruction: Member Firms shall have a policy and process in place to ensure that records
– whether hard copy or electronic – are securely disposed of in compliance with record
retention policies.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 8 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
5.2.2.2 Member Firms shall retain personnel information as per Section 5.2.2.1 for all audit
firm personnel for a minimum of three years from the date an auditor leaves the
employment of the Member Firm.
5.2.2.3 Member Firms shall establish fair and thorough disciplinary policies and procedures,
including mechanisms to ensure:
Consistent enforcement
Effective investigations
Effective corrective actions
Opportunity for the subject of any investigation to be heard where there are
potential negative consequences
5.2.3 Independence Risk Management
5.2.3.1 Member Firms shall have a process to consider and manage risks related to
independence including:
5.2.3.1.1 Recognition that the source of revenues for Member Firms – the payment
for services by clients – presents a potential threat to independence and
development of policies and procedures to ensure audits are conducted in a
manner that effectively address the threat.
5.2.3.1.2 A process requiring all audit firm personnel to reveal any situation which can
present the individual or the Member Firm with a conflict of interest. Member
Firms shall record and use this information as input to identify threats to
independence raised by the activities of audit firm personnel or by their
relationship with organizations that commission their services.
5.2.3.1.3 A process to identify, analyze, evaluate, treat, monitor, and document the
risks related to independence and conflict of interest arising from provision
of social compliance services including any conflict which arises from its
relationships on an ongoing basis. Sources of threats to independence of
the Member Firm can be based on ownership, governance, management,
personnel, shared resources, finances, revenue sources, contracts, training,
marketing and payment of a sales commission or other inducement for the
referral of new clients and include but are not limited to:
Self-interest: Member acting in their own interest, including financial
interests and interests relating to the provision of social compliance
services to clients where other services are also provided.
Self-review: Member Auditor reviewing the work done by themselves or
other personnel from the same firm.
Familiarity (and trust): Member being too familiar with or trusting of another
party instead of seeking audit evidence.
Intimidation: Member having a perception of being coerced openly or
covertly, such as a threat to be replaced or reported to a supervisor
5.2.3.1.4 Where there are threats to independence, the Member Firm shall document
and demonstrate how the Member Firm eliminates or minimizes such threats
and document any residual risk. The demonstration shall cover all potential
threats that are identified, whether they arise from within the Member Firm or
from the activities of other persons, bodies or organizations.
5.2.4 Complaint Handling
5.2.4.1 Member Firms shall designate a representative to manage the complaint handling
process.
5.2.4.2 Member Firms shall have a documented, publicly accessible process for receiving,
validating, and investigating complaints, and deciding what actions to take.
5.2.4.2.1 Member Firms may retain a third party to investigate complaints or manage
other elements of the complaint handling process in compliance with the
applicable requirements.
5.2.4.3 Member Firms shall track and record all complaints, including actions taken.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 9 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019
5.2.4.4 Member Firms shall manage investigations in a manner fair to all parties, avoiding
conflicts of interest. Whenever possible, Member Firms will provide the subject
of an investigation an opportunity to be heard where there are potential negative
consequences.
5.2.4.5 Member Firms shall ensure appropriate corrective and preventative action is taken in
response to any complaints found to have merit.
5.2.4.6 Member Firms shall have a process in place for periodic analysis of complaints to
identify systemic problems and develop appropriate solutions.
5.2.4.7 Member Firms shall develop an annual summary of complaint handling activities
including:
Number of complaints received alleging violations of the Code or the Standards
Source of the complaints, including the percentage of anonymous complaints
Breakdown by type of complaints
Percentage of substantiated and unsubstantiated allegations
Disciplinary actions taken, by type and number
5.2.5 Member Firms shall have a documented procedure to receive, evaluate and make decisions
on appeals by auditees or other interested parties. In the event of an appeal, the Member
Firm shall ensure all personnel engaged in the appeal handling process are different from
those who carried out the audit(s) and undertook the audit review. In all cases, appeals will
be reported to the client or the audit requestor.
5.2.6 Member Firms shall establish policies and procedures to ensure the safety, protection,
and security of their auditors. Auditors shall act in accordance with these policies and
procedures, and remain aware of their personal safety and security when conducting audits.
These policies and procedures shall include at a minimum:
5.2.6.1 Assessing safety and security risks in countries where they offer services.
5.2.6.2 Procedures for auditors to quickly assess personal safety conditions while onsite,
report risks to a supervisor, and abort the audit if they feel uncomfortable.
5.2.6.3 Procedure to report to the client, prior to or at time of the request, any audit location
where the safety of the auditors may be at risk.
5.3 Notify: Any Member who believes that another Member has committed a violation of the Code
must inform APSCA.
5.3.1 Member Firms shall inform APSCA when handling investigations that are likely to have
industry-wide significance.
5.3.2 Member Firms shall promptly inform APSCA of any cases where a Member Auditor is
disciplined for misconduct which constitutes a violation of the provisions of the Code or
Standards applicable to Member Auditors.
Document Name: APSCA Code and Standards of Professional This document is no longer version controlled once printed. Author/Owner: APSCA President & CEO
Conduct D-032 Page 10 of 14 Authorized by: APSCA Executive Board
Version & Date Version 2 – July 2020
Replaces: Version 1 – 31 August 2019