Internal Audit’s work programme is risk-based and made up of different types of engagements.
Performance auditing
Comprehensive risk-based reviews focusing on value for money of the Organisation’s operations (effectiveness, efficiency, economy and ethics)
Example: assess the efficiency and effectiveness of an entity or a function (e.g. financial management, procurement) with a focus on effectiveness in the achievement of objectives, efficiency of operations and economic use of resources
Compliance auditing
Check adherence to policies, application of procedures, compliance with regulations and respect of contractual obligations
Example: assess the adequacy of procurement practices in the CoE as a whole, in a specific entity or within a specific programme with a focus on compliance with regulations and on whether internal controls are present and functioning as intended
Information technology auditing
Address issues such as IT governance, information security and IT controls over applications, information processing and infrastructure
Example: IT governance at the Council of Europe, IT security audits of critical applications to assess the resilience and robustness of the audited IT systems
Management consulting services
Advisory services carried out at the request of management related to governance, risk management and/or internal control
Example: assistance to management in developing the internal control policy relating to financial management and in drawing up an internal control self-assessment tool for use by budget holders
Example: assess the efficiency and effectiveness of an entity or a function (e.g. financial management, procurement) with a focus on effectiveness in the achievement of objectives, efficiency of operations and economic use of resources
