Effectiveness of Internal Control and Risk Management Internal audit in practice

Internal audit and risk-based approaches in practice.

Review of data provided by Central Harmonisation Unit (CHU) or the central IA function responsible for co-ordinating the development of internal audit (IA). For criteria 6 to 10, a sample is taken to review practice. The sample organisations include all ministries and the 10 central government agencies reporting directly to a ministry, the Government, or the central budget authority with the largest budgets.

Subindicators fulfilled per country

IA units are staffed according to legal requirements.

IA units are staffed by at least 2 auditors.

A certification scheme for IA professionals is operational at the national level.

At least 85% of public officials performing internal audit functions have obtained a national or international certificate for IA.

Audit charters are adopted by heads of institutions for all sample organisations.

Audit procedure manuals are adopted by heads of institutions for all sample organisations.

Reports from the IA unit are submitted directly to the head of the institution for all sample organisations.

Annual activity reports from all the IA units are submitted to the CHU or the central IA function.

Audit plans in all sample organisations use data from an entity-wide risk register and the IA function’s risk assessment to select areas to audit within the defined audit universe.

Audit plans in at least half of sample organisations include integrity-specific objectives aimed at reducing fraud and other public integrity risks.

At least 90% of IA reports include the results of IC assessment in the audited area.

At least half of sample organisations conducted external quality assurance of the IA function within the last 5 years.