Internal audits

Internal audits

WHO
Internal Oversight Services (IOS) mission to Pakistan in 2023.
© Credits

Section navigation

In accordance with its mandate, WHO’s Office of Internal Oversight Services provides independent and objective audit and advisory services, designed to add value and improve the Organization’s operations and to enhance the integrity and reputation of the Organization.

The Office brings a systematic, disciplined approach to evaluating and improving the effectiveness of governance, risk management, and control processes, in order to provide reasonable assurance that:

  • risks are appropriately identified and managed;
  • interaction with the various governance groups within the Secretariat occurs in accordance with all relevant rules;
  • significant financial, managerial, programmatic and operating information is accurate, reliable and timely;
  • staff members and other personnel act in compliance with WHO regulations, rules, policies, standards and procedures;
  • resources are acquired economically, used efficiently and adequately protected;
  • programmes, plans, and objectives are achieved and contribute to sustainable results; and
  • quality and continuous improvement are fostered in the Organization’s control processes.

At the conclusion of each audit assignment, IOS prepares a detailed report and makes recommendations to management designed to help manage risk, maintain controls and implement effective governance within the Secretariat.

 

Integrated audits

Integrated audits assess the performance of WHO at the country level, or the performance of a department/division at a regional office or headquarters, in the achievement of relevant workplans.  These audits also assess the operational capacity of country offices and departments.

Integrated audits focus on risks to areas and functions under three components:

  • The organizational setting (strategy, control environment, risk management, organizational profile, collaboration, and readiness and support for public health emergencies).
  • The programmatic and operational processes (programme budget development and operational planning, resource mobilization, information and communication, business operations support, and effectiveness of key internal controls in transaction processing).
  • The achievement of results (implementation of WHO’s core functions, implementation of WHO’s critical functions in emergencies, monitoring and performance assessment, sustainability, and evaluation and organizational learning).

 

Performance audits

The objectives of performance audits are to assess:

  • the adequacy of the organizational setting for the programme budget performance assessment;
  • the effectiveness and efficiency of the programme budget performance assessment, including the use of the output scorecard across the three levels of the Organization; and
  • the reliability and integrity of programmatic and financial reporting.

 

Operational and information technology audits

The objective of operational audits is to assess:

  • the risk management and control processes in the finance, administration, and information technology areas with respect to the integrity of financial and managerial information;
  • efficiency and economy in the use of resources (including value for money);
  • compliance with WHO regulations, policies and procedures; and
  • the safeguarding of assets.

 

Advisory services

In accordance with its charter, the Office of Internal Oversight Services may:

“…provide advisory services to WHO management to the extent that its independence and objectivity are not compromised. Such provision is based on the Office’s knowledge of governance, risk management and controls, and of WHO activities. The Office may participate in reviewing draft policies, guidance, systems and work processes, but shall not participate in the decision-making process.”

 

Gender-related areas

To foster compliance with the requirements of the United Nations System-wide Action Plan on Gender Equality and the Empowerment of Women, integrated audits include specific tests in relation to the integration of equity, gender, human rights and social determinants into the work of the audited entity.