About us

About us

Role of internal audit

According to the Institute of Internal Auditors, ‘internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process.’

The main objective of the Internal Audit Function is to provide the Council, Rector and other senior management of the University of Malta (UM) with an objective assessment of the adequacy and effectiveness of Management’s internal control systems.

UM sets out a long-term strategy, which defines the business objectives to meet the strategy. Management is responsible for driving the business and for identifying and dealing with risks, which may threaten the achievement of its objectives. In order to mitigate risks, managers set up a system of internal controls, which the Internal Audit’s main role is to assess these controls.

The role of the Internal Audit Office is fully defined in the Internal Audit Activity Charter, which was approved, by the Audit and Risk Committee on 31 January 2020.

Scope of internal audit

The scope of Internal Audit covers all the activities of the University and its group of companies.

It includes all the University’s operations, resources and staff, services and responsibilities to other bodies although does not extend to the academic process.

Internal audit vs external audit

The main responsibility of the external audit is to review the financial accounts.

The internal audit is concerned with all aspects of the University’s operations, including strategic planning, people management, and collaborations with other organisations, Information Technology, procurement and finance amongst others.

Independence of the internal audit

Internal audit is independent of all functional areas of the University of Malta.

Although the Internal Audit reports to the University Secretary for administrative purposes, the function reports directly to the Audit and Risk Committee.


Audit and Risk Committee

Internal Audit reports to the Audit and Risk Committee, a sub-committee of the Council.

The Committee consists of a group of non-executive specialists selected for their business knowledge and expertise.