IOC governance model to ensure integrity

Who does what?

The IOC was the first sports organisation to set up an independent Ethics Commission in 1999. The Ethics Commission establishes the Code of Ethics and, in the event of a violation of the ethical principles, analyses complaints and proposes sanctions. It also delivers advice to the IOC on the implementation of the ethical principles.

The Ethics Commission has three functions:

Firstly, it draws up and updates a framework of ethical principles, including the Code of Ethics, as well as specific Implementing Provisions based on the values and principles enshrined in the Olympic Charter.

Secondly, it examines situations involving potential non-compliance with the Code of Ethics and, where necessary, proposes sanctions to the IOC Executive Board and/or the IOC Session. These recommendations remain confidential until the IOC Executive Board makes a decision. The decisions taken are published here.

Thirdly, when requested to do so, it delivers advice to the IOC on the implementation of the ethical principles.

The year 2020 saw the full deployment of new regulations regarding conflicts of interest, including the mechanism of prevention through which IOC Members regularly submit a disclosure of interests. The IOC Ethics Commission continued to strongly support the various activities of the International Partnership Against Corruption in Sport (IPACS).

The Compliance, Risk and Internal Control unit has the mission to define and implement the IOC Administration’s compliance, consolidate the risk management and the internal control, while also enhancing the efficiency of its processes. The key areas of focus are: ensure the operational effectiveness of the internal control system; foster the compliance with laws, regulations and internal policies; manage the IOC Administration risk strategy; and develop the compliance strategy, including the implementation of awareness-raising programmes to IOC staff.

A dedicated IOC Audit Committee looks after risk management, financial reporting, compliance, control and governance within the IOC. The Audit Committee reports to the IOC Executive Board and the IOC President, and assists the Director General’s Office in fulfilling its responsibilities in terms of risk management, financial reporting, compliance, control and governance. It has the authority and responsibility to conduct any audit it deems necessary, and other such duties that the Executive Board and/or the IOC President may assign to it.

The Audit Committee is supported by the Chief Internal Auditor and oversees all IOC entities, including the Olympic Foundation for Culture and Heritage, the Olympic Foundation, Olympic Solidarity, IOC Television and Marketing Services, Olympic Broadcasting Services and Olympic Channel Services.

There are other IOC Commissions which advise the IOC Session, the IOC Executive Board or the IOC President in areas related to organisational integrity. A good example is the IOC Finance Commission, which provides counsel on the IOC’s financial management to safeguard continuity and strengthen the transparency and good governance of the IOC and the Olympic Movement. The Finance Commission is supported by the IOC Finance Department and, like the Audit Committee, oversees all IOC entities.


The IOC Risk and Assurance Governance Model

The IOC’s risk and assurance system is a core element of its governance model. An effective risk and assurance governance model helps the IOC to reduce potential risks and to take advantage of opportunities, while also ensuring the fulfilment of its missions and objectives.

The IOC follows the internationally recognised “Three Lines Model” for risk management. Previously known as the “Three Lines of Defence”, the model was recently updated and renamed by the Institute of Internal Auditors.

The Three Lines Model distinguishes three groups with different roles and responsibilities:

  • The First Line consists of the operational functions that own and manage risks, and which are embedded in the IOC’s day-to-day activities. IOC departments ensure that risks are identified, reported, evaluated and responded to in a timely manner.
  • The Second Line consists of the managerial functions that help build and/or monitor the first line controls. This serves as an oversight function within the IOC administration, ensuring that controls, frameworks, policies and procedures are set up, aligned with the IOC’s objectives, and implemented throughout the administration.
  • The Third Line consists of the independent functions that provide assurance to the organisation’s governing bodies and the Director General on how effectively the organisation assesses and manages its risks, including the way the first and second lines of defence operate. The independence of these functions is critical to guaranteeing their objectivity.

Complying with Swiss law, the IOC Internal Control System (ICS) is guided by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) framework, revised in 2013 as the Internal Control – Integrated Framework, which covers control environment, risk management, control activities, information and communication, and monitoring activities. The ICS and its operating effectiveness in key business processes are audited annually by the external auditor.

Governance structure

In its Three Lines Model, IOC governance’s Third Line comes under the authority of the IOC President, the Ethics Commission and the Audit Committee, and includes the Ethics and Compliance Office and audit functions. External Audit is also an element of the governance structure.

Ethics and Compliance Office

The mission of the Ethics and Compliance Office, which was created in 2015, is primarily one of prevention through education and the provision of information relating to ethical principles and compliance. It also has an advisory role for the whole Olympic Movement in order to help achieve better application of the ethical principles and rules. In all cases, this advice remains confidential.

The Ethics and Compliance Office includes the consolidated Compliance, Risk and Internal Control Unit. The unit was established in 2019 to strengthen the Second Line in the IOC’s Three Lines Model, and has allowed the IOC to strengthen its compliance strategy to achieve higher standards of governance.

If the Ethics and Compliance Office suspects a failure to comply with ethical principles and IOC rules, it performs an initial compliance analysis. It may refer serious cases to the Ethics Commission according to the Rules of Procedure, which strengthen transparency and the right to due process of those concerned.

Internal Audit

Internal Audit is an independent and objective assurance and consulting function designed to add value and improve the operations of the IOC (including Olympic Solidarity) and all its reporting entities, including IOC Television & Marketing Services SA, Olympic Broadcasting Services SA, Olympic Channel Services SA, the Olympic Foundation, the Olympic Foundation for Culture and Heritage and the Spanish subsidiaries, Olympic Broadcasting Services SL and Olympic Channel Services SL.

Guided by the Institute of Internal Auditors’ mandatory guidance, including the Definition of Internal Auditing, and the International Standards for the Professional Practice of Internal Auditing, Internal Audit helps the IOC to accomplish its objectives by bringing a systematic and disciplined approach to evaluating and improving the effectiveness of the organisation’s governance and risk management as well as its internal control processes.

The Chief Internal Auditor is appointed by and reports functionally to the Audit Committee, which regularly reviews the scope of Internal Audit, its audit plans and the results of internal audits.

External Audit

The external auditor provides an opinion on whether the consolidated financial statements comply with IFRS and applicable laws (that is, Swiss law for the IOC and the entities based in Switzerland, and Spanish law for Olympic Broadcasting Services SL and Olympic Channel Services SL), and whether the separate statutory financial statements comply with such applicable laws. The financial statements of the IOC are prepared according to IFRS, even though the IOC is not legally required to do so.

The external auditor conducts the audit in accordance with the respective applicable laws and auditing standards, as well as the International Standards on Auditing. Those standards require that the audit is planned and performed to obtain reasonable assurance as to whether the consolidated financial statements are free from material misstatement. An audit includes evaluating the appropriateness of the accounting policies used and the reasonableness of accounting estimates made, as well as evaluating the overall presentation of the financial statements.


To learn more about the IOC Risk and Assurance Governance Model as well as the IOC’s Internal Control System and Governance structure, please consult the IOC Annual Report, section Governance and Ethics.