What does Internal Audit provide?


Internal Audit’s work programme is risk-based and made up of different types of engagements.









Performance auditing

Comprehensive risk-based reviews focusing on value for money of the Organisation’s operations (effectiveness, efficiency, economy and ethics)

 Example: assess the efficiency and effectiveness of an entity or a function (e.g. financial management, procurement) with a focus on effectiveness in the achievement of objectives, efficiency of operations and economic use of resources



Compliance auditing

Check adherence to policies, application of procedures, compliance with regulations and respect of contractual obligations

 Example: assess the adequacy of procurement practices in the CoE as a whole, in a specific entity or within a specific programme with a focus on compliance with regulations and on whether internal controls are present and functioning as intended



Information technology auditing

Address issues such as IT governance, information security and IT controls over applications, information processing and infrastructure 

 Example: IT governance at the Council of Europe, IT security audits of critical applications to assess the resilience and robustness of the audited IT systems



Management consulting services

Advisory services carried out at the request of management related to governance, risk management and/or internal control

 Example: assistance to management in developing the internal control policy relating to financial management and in drawing up an internal control self-assessment tool for use by budget holders