Internal Auditing

… a core concept used in Implementation and Delivery and Atlas107

Concept description

The Institute of Internal Auditors (reference below) defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations” and states:

“It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

Most federal institutions in Canada are covered by the Treasury Board Policy on Internal Audit, found at

Internal auditing activities

In Ontario, the Internal Audit Directive (reference below) states:

“Internal auditing includes, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the organization’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the organization’s stated goals and objectives. This includes:

  • Evaluating risk exposure relating to achievement of the organization’s strategic objectives.
  • Evaluating the reliability and integrity of information and the means used to identify measure, classify, and report such information.
  • Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws and regulations, which could have a significant impact on the organization.
  • Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets.
  • Evaluating the effectiveness and efficiency with which resources are employed.
  • Evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned.
  • Monitoring and evaluating governance processes.
  • Monitoring and evaluating the effectiveness of the organization’s risk management processes.
  • Performing consulting and advisory services related to governance, risk management and control as appropriate for the organization.
  • Reporting periodically on internal audit activity’s purpose, authority, responsibility and performance relative to its plan.
  • Reporting significant risk exposures and control issues, including fraud risks, governance issues and other matters needed or requested by the audit committee.
  • Evaluating specific operations at the request of the audit committee or management, as appropriate.”

Atlas topic, subject, and course

Controlling Fraud, Waste, and Abuse (core topic) in Implementation and Delivery and Atlas107.


The Institute of Internal Auditors, About the Profession, at, accessed 8 October 2017.

Ontario, Internal Audit Directive, at,  accessed 8 October 2017.

Page created by: Ian Clark, last modified 8 October 2017.

Image:, Internal Audit for ISO 17025, at, accessed 8 October 2017.