Corporate Internal Audit Services

Internal Audit Process


To allow for the most effective use of internal audit resources, programs and services are selected for internal audit using a risk assessment process. The risk assessment process prioritizes programs and services for examination into those with the highest risk and / or greatest potential payback to the government. The risk assessment process considers the size, significance, nature and impact on clients of programs and services.


The purpose of an internal audit is to:

  • Provide reassurance to management that operations are well-managed, efficient and within the bounds of applicable laws, regulations and policies;
  • Identify weaknesses in business practices and management systems and recommend improvements; and
  • Identify opportunities to reduce expenditures, increase revenues and put in place effective controls to better protect government assets.

Back to Top

How it is Done

An internal audit includes:

  • Comparing what is (actual performance) against what should be (expected performance);
  • Analyzing and evaluating differences between actual and expected performance; and
  • Reporting gaps between actual and expected performance and making recommendations to support management in minimizing risk exposure.

Back to Top

Internal Audit Phases

An internal audit involves four essential and interrelated phases:

Back to Top


Page last updated:  August 23, 2017