Key procedures

1. Audit Plan preparation (3 year rolling plan)

The audit plan is based on:

  • A risk assessment
  • Based on IAS’ past experience & taking into account input fromCERN & PF management, the External Auditors and theCERN Audit Committee.

Key risks to consider

  • Governance risk
  • Legal and compliance risk
  • Operational risk
  • Financial reporting risk
  • Fraud risk
  • Reputational risk

Recommendation follow-up

As part of its activities, the Internal Audit follows up on the recommendations issued during its engagements to check whether the agreed action plans have been implemented and the risks identified during the audit have been adequately mitigated. After the deadline the recommendations are classified as:

  • Fully implemented,
  • Implemented in most respect,
  • Implemented in some respect,
  • Not implemented,
  • Not relevant

    2. The key steps of an audit

       - Launch of the audit

    The audit is announced by email to all persons identified, with preliminary audit objectives and an estimated date of release of the audit report.

       - Preliminary analysis

    The auditor in charge acquires the necessary knowledge of the Organization’s process under review. For this purpose the auditor will review all available information and interview key persons in charge. This phase allows the auditor to assess key risks in the process audited and to define the audit objectives.

       - Opening meeting

    The auditor will present the audit objectives to all identified persons in charge.

       - Field work

    The auditor will deploy audit procedures by means of a variety of audit tools including interviews, data analysis, review of material, check lists, survey etc.

       - Closing meeting

    After field work is completed, the auditor will present to all persons concerned their preliminary findings and recommendations.

    Recommendations and Report

    • The finding and recommendations that were presented at the closing meeting are laid out in an audit report which contains an executive summary, a detailed background of the activity audited and the findings and recommendations
    • Findings are rated Minor, Moderate, Major and Catastrophic
    • Recommandations are addressed to a recommendations owner, who is in the best position to address the control weakness that the audit has evidenced. The follow up of audit process, as it provides assurance that actions have actually been taken to mitigate the risks identified during the audit
    • The final report issued to all recommandation owners and their hierarchy including the Director-general & PFGB it is also presented to the AC

      3. Recommendation follow-up

      As part of its activities, the Internal Audit follows up on the recommendations issued during its engagements to check whether the agreed action plans have been implemented and the risks identified during the audit have been adequately mitigated.