Role of Internal Audit and Risk Department in ZACC

The Institute of Internal Auditors (IIA) is an organization that advocates, provides educational conferences, and develops standards, guidance, and certifications for the internal audit profession. It defines Internal Audit as follows:


“Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”


In principle, an effective audit function that provides the appropriate oversight and assurance over the organization’s internal controls and processes will help advance and uphold good governance, accountability, and transparency.


The Zimbabwe Anti-Corruption Commission has an established Internal Audit and Risk Department. The Internal Audit and Risk Department is an important pillar in ZACC’s governance. It fosters trust, transparency and accountability. The existence of this department has proved to be critical for ZACC’s growth and development as well as contributing to the fight against corruption, albeit, indirectly. It assists ZACC in accomplishing its Constitutional mandate by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of business risk management, control, and internal operating processes that support the Commission’s core missions of investigations, asset recovery, and prevention of corruption.


The Department reports functionally to the Audit Committee and administratively to the Accounting Officer, the Secretary of the Commission. The structure seeks to establish and align the Department’s reporting lines, processes, and systems to the best practices of the internal audit profession – these being requisites to fulfil the oversight role of ensuring and promoting efficiency, accountability, and transparency in ZACCs’ governance processes and systems.


The dual reporting by the Department enables the Internal Audit function to remain independent to carry out its mandate as provided for in Section 80 (2) (a) (i) to (iv) of the Public Finance Management Act (Chapter 22:19). The Internal Audit function assists Treasury in the management of Public Funds as stated in the Public Finance Management Act. In addition, the department also exists to compliment the oversight role of the Auditor General (AG).

The roles and responsibilities of the Internal Auditor

are outlined in Section 80 (2) (a) (i) to (iv) as follows:

“To monitor the financial administration and procedures of the Ministry or reporting unit concerned to ensure that:

Proper accounting and book-keeping transactions and procedures are carried out

Proper accounting records are maintained

Adequate internal checks and controls are observed

Assets under the control of the Ministry or reporting unit are properly accounted for

In compliance with these provisions, therefore, the Internal Audit and Risk Department on an on-going basis, determines whether ZACC’s internal control, risk management and governance processes, as designed and implemented by management are adequate and functioning.

This ensures that that the following actions are taken by the responsible auditable units:

  • Risks are appropriately identified and managed.
  • Financial, managerial, and operating information is accurate, reliable and timely.
  • Officers’ actions are in compliance with ZACC’s policies and procedures, and applicable laws and regulations.
  • Resources acquired or appropriated by Government are used efficiently and adequately protected.
  • Adherence to Regional and International protocols. This requires a risk based thinking approach and continuous improvement which is fostered in the ZACC’s control processes.
  • Plans and objectives are achieved.

The Internal Audit and Risk Unit’s activities are guided by:


IIA’s International Professional Practices Framework (IPPF) including its Standards, as adopted by the Government of Zimbabwe.



It’s Internal Audit Charter approved by the Commission in 2021

The Internal Audit charter defines the department's purpose, authority, responsibility and position within the Commission. The Annual Internal Audit Plans are formulated using a risk-based approach. The risk-based audit approach enables the internal auditors to respond to organizational risks more timely and provide insights to management to help solve problems on a regular basis. The Annual Internal Audit Plan is designed to add value (value for money audits) and improve ZACC’s operations by utilising a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal control and governance processes.

This annual work-plan also guides the efforts of the Department so that the limited resources that ZACC has can be focused on the highest identified risk areas. It includes budgeted time for cycle audits, audits of specific programs and processes, non-audit services, follow-up on previously issued internal and external audit (Auditor General) recommendations and internal administrative/quality assurance activities.


In addition, the Internal Audit Plan seeks to align the audit activity with the Results Based Management framework; the Whole of Government Document; ZACC’s Strategic Plan 2021-2025; ZACC’s 2022 Approved Budget; and the Secretary’s Performance Contract.


To-date, the Internal Audit and Risk Department has contributed to ZACC’s success, positive change, and innovation by delivering assurance, insight and advice.