An Internal Audit function is a key component of a modern governance system of any organisation. It enhances and protects organisational value by providing risk-based and objective assurance, advice and insight. The assurance part of the internal audit work consists in an objective examination of evidence for the purpose of providing an independent assessment of effectiveness and efficiency of governance, risk management and/or control processes. Examples of assurance services include financial, performance, compliance and IT audits. Consultancy services include advice, facilitation and training.

The biennial work programme is based on a risk analysis and is discussed with the management of the Organisation, the Oversight Advisory Committee and the External Auditor.

It takes into consideration:

• the Council of Europe’s organisational risk register;
• coverage by previous internal audits;
• coverage by other oversight functions (Evaluation Division of DIO or External Auditor);
• significant changes associated with the activity under review (e.g. introduction of a new IT tool, changes in management, working methods, structural changes);
• commitments taken/requests received (from the Committee of Ministers, the Secretary General, donors, etc.);
• strategic importance/alignment with priorities of the Secretary General and/or the Committee of Ministers;
• the Organisation’s biennial programme and budget;
• red flags of fraud.

• To the Secretary General with a copy to the Deputy Secretary General, the audited area(s), the Oversight Advisory Committee and the External Auditor.
• The annual report on the activities of the DIO is sent to the Committee of Ministers. It includes a part on Internal Audit, which summarises the results of the audits conducted during the year.

Internal audit

 Objective: Assesses effectiveness and efficiency of governance, risk management and/or control processes

 Reports to: 

• Secretary General,
• Interacts with the Committee of Ministers through:
  • the Oversight Advisory Committee
  • Submitting a  DIO work programme and annual activity report

Evaluation

 Objective: Assesses the relevance, added value, efficiency, effectiveness, impact and sustainability of Council of Europe interventions. Decentralised evaluations are managed by entities other than the DIO. They follow a quality assurance framework put in place by the DIO

 Reports to: 

• Secretary General. 
• Interacts with the Committee of Ministers through: 
• Approval of the Evaluation Policy
• Transmitting evaluation reports to the Chair of Ministers’ Deputies
• The Oversight Advisory Committee
• Submitting a DIO work programme and annual activity report.
   

Investigation

 Objective: Examines allegations and collects evidence into alleged fraud or corruption relating to the Council of Europe’s staff, the use of its funds and resources

 Reports to: 

• Secretary General,
• Interacts with the Committee of Ministers through:
  • the Oversight Advisory Committee
  • the Secretary General (reporting on specific matters as necessary)
  • Submitting a DIO work programme and annual activity report

External Audit (outside the Organisation) (Supreme Audit Institution of one of the CoE’s member states)

 Objective: Provides an independent opinion on the Council of Europe’s financial statements and budgetary management accounts. 
External Audit may also make observations and recommendations as regards economy, efficiency and effectiveness of the financial procedures, the accounting system, the administration and management of the Organisation.

 Reports to :

• Committee of Ministers,
• Interacts directly with the Committee of Ministers through:
  • Exchanges of views with the GR-PBA on the financial statements and budgetary management accounts, other auditing work performed and the follow-up of its recommendations 
  • The publication of its audit reports
  • Also interacts with the Oversight Advisory Committee

Internal Audit

• Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve Organisation’s operations. 
• It helps the Organisation to accomplish its objectives by a systematic assessment of the effectiveness of risk management, control and/or governance processes.
• Internal Audit’s activity is governed by its Charter.
   

Internal Control

• Internal control is a process effected by senior management and other staff, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. 
• Internal control relating to financial management is governed by the Council of Europe policy on internal control relating to financial management.
   

Institute of Internal Auditors (IIA) standards

The Internal Audit function abides to the professional standards of the IIA and conducts its activities in line with the IIA’s International Professional Practices Framework (IPPF). In this connection, it performs ongoing monitoring, periodic self-assessments and undergoes an independent external quality assessment every 5 years.

Ongoing monitoring is a part of the day-to-day supervision of internal audit activities to ensure it operates in an effective and efficient manner. Ongoing monitoring is conducted through:

• supervision of engagements to ensure that audits bring value, audit objectives are achieved, and deadlines are respected; 
• regular, documented review of work papers during engagements to ensure that audit working papers adequately support findings, conclusions and recommendations;
• review of all audit reports; 
• analyses of performance indications to measure Internal Audit effectiveness and efficiency. 

Periodic self-assessments are conducted every 2 years by the internal audit team and are designed to assess conformance with Internal Audit’s Charter, Standards, Definition of Internal Auditing, the Code of Ethics, and the efficiency and effectiveness of internal audit in meeting the needs of its various stakeholders.

Peer-reviews are conducted at least once every five years by a qualified, external independent assessor or assessment team from outside the Organisation. The objective of the external assessment is to appraise and express an opinion about Internal Audit’s conformance with the Standards, Definition of Internal Auditing and Code of Ethics and include recommendations for improvement, as appropriate. 
 

Oversight Advisory Committee (OAC)

The OAC is established by the Committee of Ministers and is made up of five members acting in an independent capacity.

It performs its advisory function through independent appraisal of:

• internal and external audit work, risk management, internal controls, governance, and
• follow-up given to Evaluation, Internal Audit, Investigation and External Audit recommendations.

The Oversight Advisory Committee normally meets three times a year and submits an annual report on the results of its activities to the Committee of Ministers. Where its review of activities reveal cause for concern or scope for improvement, it makes recommendations on actions required. 
 

External Auditor

The External Auditor is a Supreme audit institution of a member state of the Council of Europe nominated by the Committee of Ministers for a non-renewable term of 5 years. External Audit is fully independent in the conduct of audits, which are performed in compliance with international auditing standards (INTOSAI and ISA).

If the External Auditor considers it useful, he/she may make observations and recommendations as regards economy, efficiency and effectiveness of the financial procedures, the accounting system and the administration and management of the Organisation.

Internal and External Audit functions coordinate their activities to ensure even coverage and avoid duplication of efforts. For that, they share information on audit assignments to be undertaken (their objectives, scope and timing) , the results of these audits as well as the follow-up given to audit recommendations.