Office of Internal Audit and Investigations

The Office of Internal Audit and Investigations (OIAI) is part of the International Federation of Red Cross and Red Crescent Societies (IFRC) secretariat. The OIAI is an independent function which oversees the effectiveness of the organization's risk management and internal control systems.

The purpose of the OIAI is established through its charter. The charter sets out OIAI's mission, mandate, authority and responsibilities. The OIAI`s mission is:

    “to provide high quality audit services that gives management reasonable assurance on the effectiveness of the IFRC's internal control environment and to act as an agent for change by making recommendations for continual improvement, thus providing assurance and assistance to management and staff in the effective discharge of their responsibilities and the achievement of the IFRC’s mission and goals.”

The scope of OIAI covers all programmes, operations and activities of the IFRC.


The OIAI reports directly to the Secretary General of the IFRC and has operational independence in order to perform its function. Oversight of the OIAI is provided by an independent Audit and Risk Commission which forms part of IFRC governance, and which reports directly to the Governing Board.

Functions of the OIAI

The functions of OIAI include internal audit, investigations and coordination of external audits.

Internal Audit

The OIAI adopts the Institute of Internal Auditors' (IIA) definition of internal auditing:

    "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, (internal) control and governance processes."

Internal audits include reviews of IFRC entities, key processes, as well as information systems. Internal audits are performed either by the OIAI, or can be co-sourced or outsourced to an external service provider.

OIAI also provides guidance towards improving risk management practices throughout the organization.


The IFRC established its in-house investigations function in the second half of 2015.  Investigations are performed in relation to allegations of fraud, misconduct or other wrongdoings that involve IFRC staff, fund or operations. A preventative element is included within the scope of the investigations function. This includes increasing the IFRC's fraud prevention awareness, and to promote a zero tolerance culture in relation to inappropriate behaviour. 

The IFRC's fraud and corruption prevention and control policy outlines the organization's approach, including the investigation procedures that will be followed should fraud or corruption be detected.

An independent whistleblowing hotline is available to report any possible breaches such as corruption, fraud, dishonesty, harassment, sexual violence and abuse, unethical behaviour and abuse of child labour. Calls can be anonymous and can be directed through the independent company Safecall by calling +44 207 696 5952 or by sending an email to ifrc(at) or by filling directly a complaint at

Coordination of external audits

The OIAI coordinates the process of external audits of IFRC funding. External audits include the annual consolidated audit of the IFRC's financial statements as well as audits of appeals and of specific partner funding.

Quality assurance and professional standards

The internal audit function of OIAI is guided by the Institute of Internal Auditors' (IIA) mandatory guidance including the definition of internal auditing, the code of ethics and the international standards for the professional practice of internal auditing. The OIAI performs its audit work with due professional care and in accordance with best practice recommended by the IIA. In 2014, an independent review was performed of the OIAI and concluded that it generally conforms to the relevant IIA standards for the professional practice of internal auditing.

The investigation function of OIAI is guided by the Association of Certified Fraud Examiners (ACFE) code of professional standards. The OIAI`s investigation work is of an administrative nature. Findings are established by a preponderance of credible and substantive evidence following an in-depth analysis of evidences gathered.

Report disclosure

The IFRC will publicly disclosure internal audit reports commencing in 2016, with internal audit reports uploaded to the public website quarterly. Internal audit reports prior to 2016 will not be disclosed.  

The purpose of an internal audit is to identify issues for management to address and therefore the primary audience is internal. In some cases, the reports may include sensitive information and this information will be excluded from reports which are shared with the public. Disclosure restrictions are elaborated in the IFRC`s information disclosure policy. 

The annual consolidated external audit report will be disclosed following the approval by the relevant IFRC governance functions, within six months following the period being audited.

Investigation reports are not publicly disclosed.

Use of reports and queries

The use of information contained in internal audit reports will be subject to the IFRC disclaimer. The IFRC will not respond to public queries in relation to audit reports.