The CERN Internal Audit works in compliance with:
- The International Standards for the Professional Practice of Internal Auditing, the Standards, promulgated by the Institute of Internal Auditors
- The CERN Code of Conduct
- CERN Internal Audit Code of Ethics which all internal auditors have to comply with.
Internal Audit has specified its long term objectives and strategy to reach them and is regularly reviewing them.
The activity of the Internal Audit is set in a pluri-annual audit plan, established on the basis of a risk assessment and taking into account input from CERN management, the External Auditors and the CERN Audit Committee.
Internal Audit has designed internal procedures to provide a reference framework for all internal auditors to how activities shall be carried out.
As part of these activities, the Internal Audit follows up on the recommendations issued during its engagements to check whether the agreed action plans have been implemented and the risks identified during the audit have been adequately mitigated (sample of audit).
All Internal Audit audit activities are covered by a Quality Assurance and Improvement Programme, that aims both at ensuring that its activities are carried out in line with the Standards and the internal procedures, that internal auditors apply the Code of Ethics and at assessing the effectiveness and efficiency of the CERN IA and identify opportunities for improvement.
Finally, the IA may rely, for specific assignments, on external resources, either for very specific tasks within an audit assignment conducted by the IA or for the performance of part or full specific audit assignments.