Internal audit, as defined by the Institute of Internal Auditors, is an independent, objective, assurance and consulting activity designed to add value and improve an organizations operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve effectiveness of risk management, control and governance processes.
Scope
The scope of internal audit work includes the review of risk management procedures, internal control systems, information systems and governance processes. This work also involves periodic testing of transactions, special investigations, and measures to help prevent and detect fraud.
Authority and Responsibility
The responsibility of internal audit is to serve the Ministry of Justice in a manner that is consistent with the Financial Administration and Audit Act, Standards for the Professional Practice of Internal Auditing, and with the professional standards of conduct outlined in the Code of Ethics of the Institute of Internal Auditors.
Internal audit is authorized to review all records of the Ministry including its departments and agencies and has full and complete access to all activities, records property and personnel reasonably necessary to perform the responsibilities of this function. Information obtained during the course of audit activities will be held with appropriate confidentiality. Internal Audit will have no direct responsibility or authority for any of the activities or operations they review. They should not develop and install procedures, prepare records, or engage in activities that would normally be reviewed by internal auditors. Furthermore, an internal audit function does not in any way relieve other persons in the Ministry of the responsibilities assigned to them.
Main Functions
Reporting
Results of internal audit assurance and consulting services are properly communicated to the appropriate management or operating personnel in the form of written reports, consultation, advice or through other appropriate means. Written reports include management comments itemizing specifications taken or planned to mitigate identified risks and to ensure that operational objectives are achieved.