Internal Audit Confidentiality Agreement

The High Level Management Committee reviewed current practices in the information exchange system contained in internal audit reports on its financial and budget network. In this regard, the first criteria, which could serve as a benchmark for the review, were examined to define a common approach to disclosure of information in internal audit reports. Further consultations would take place within the community of internal auditors and the financial and budgetary network, and the potential criteria would take into account consultations with the Committee of External Auditors and the Institute of Auditors, as well as the need to respect legislative decisions taken by the governing bodies of United Nations agencies. Although university staff are not required to sign the agreement, the Committee urges each department to consider adopting this agreement, if necessary, and to establish an internal process in which staff can certify it both on hiring and on an annual basis. If this agreement does not exactly meet the specific needs of the departments, directors should discuss the changes with the Office of General Counsel. The CEB stressed the importance of internal audit reports as an important management tool for executives and the need to distinguish between internal and external audits and their own functions. The need to preserve the integrity of internal audit as a management tool was recognized and, at the same time, the Commission recognized that the system must meet a growing demand for transparency and accountability. The CEB would take this issue into account at its next meeting, based on further consultations with the High Level Committee for Management. The submission of confidentiality agreements was developed and approved in 2014 by the Data Management Steering Committee, consisting of the Executive Vice President`s Office, the Office of General Counsel, the Office of Human Resources, the Office of Information Technology, the Office of Finance and Treasury, the Office of Audit and Compliance, the Dean of the Faculty and the Office of the Registrar.

The model is provided as a guide for the use of departments to properly protect the confidential and confidential information of the university.