The Public Sector I nternal Audit Capability Model ( I A-CM) Presented by Daniela Danescu CIA CGAP member of The IIA Public Sector Committee www.theiia.org/ research
I nternal Audit Capability Model ( I A-CM) for the Public Sector Using the IA-CM as a Self-assessment Tool IA-CM www.theiia.org/ research
IA-CM Agenda • What is the IA-CM? – Underlying principles. • Structure of the IA-CM. • Self-assessment steps. • Considerations. • Communicate results. • More information. 3 www.theiia.org/ research
IA-CM W hat is the I A-CM? • Communication vehicle. • Framework for assessment. • A road map for orderly improvement. 4 www.theiia.org/ research
IA-CM W hy Public Sector? • Internal auditing (IA) varies widely from country to country. • Differences in culture, management practices, and processes. • Need for a governance model, including IA. • Opportunities to: – Modernize/ evolve IA. – Improve its effectiveness. – Deliver added value. • Critical need for a developmental model, especially in developing countries. 5 www.theiia.org/ research
IA-CM Underlying Principles I A Activity’s Obligations • Be an integral component of effective governance in the public sector. • Help organizations achieve their objectives and account for their results. Organization’s Obligations • Determine optimum level of IA capability to support required governance structures. • Achieve and maintain the desired capability. 6 www.theiia.org/ research
IA-CM Underlying Principles Selecting Optim um Capability • Three variables: – Environment. – Organization. – IA activity. • Different capability required. • Auditing must be cost-effective. • No “one size fits all.” 7 www.theiia.org/ research
Structure of the I A-CM Capability Level Key Process Area Key Process Area Key Process Area Purpose Activities Outputs & Outcomes Mastery 8 www.theiia.org/ research
I A Capability Model IA-CM Levels LEVEL 5 IA learning from inside and outside the Optimizing organization for continuous improvement LEVEL 4 IA integrates information from across the organization Managed to improve governance and risk management IA management and professional LEVEL 3 practices uniformly applied Integrated Sustainable and repeatable IA LEVEL 2 practices and procedures Infrastructure No sustainable, repeatable LEVEL 1 capabilities – Initial dependent upon individual efforts 9 www.theiia.org/ research
IA-CM W hy Levels? • Different performance expectations and measures in current practice. • Capability gets built in steps/ stages. • Need a common map/ conceptual framework. • Help select the capability level appropriate for an organization. 1 0 www.theiia.org/ research
IA-CM I A Activity Elem ents The IA activity consists of the following six elements: – Services and role of IA. – People management. – Professional practices. – Performance management and accountability. – Organizational relationships and culture. – Governance structures. 1 1 www.theiia.org/ research
I nternal Audit IA-CM Capability Model Matrix Services and Role of IA People Management Professional Practices Performance Organizational Governance Management and Relationships and Structures Accountability Culture Level 5 –Optimizing Leadership Involvement with Continuous Improvement Professional Bodies in Professional Practices IA Recognized as Key Public Reporting of IA Effective and Ongoing Independence, Power, Agent of Change Effectiveness Relationships and Authority of the IA Activity Workforce Projection Strategic IA Planning Level 4 – IA Contributes to Independent Oversight of the IA Activity Managed Overall Assurance on Management Development Audit Strategy Leverages Integration of Qualitative CAE Advises and Governance, Risk Organization’s and Quantitative Influences Top-level Management, and Control Management of Risk Performance Measures Management CAE Reports to Top- IA Activity Supports level Authority Professional Bodies Workforce Planning Level 3 – Integrated Team Building and Quality Management Performance Measures Coordination with Other Management Oversight Competency Framework Review Groups of the IA Activity Advisory Services Cost Information Professionally Qualified Staff Risk-based Audit Plans Integral Component of Funding Mechanisms Performance/Value-for- Management Team Money Audits IA Management Reports Workforce Coordination Level 2 – Individual Professional Professional Practices Full Access to the Infrastructure Development and Processes Organization’s Compliance Auditing IA Operating Budget Managing within the IA Framework Information, Assets, Activity and People Skilled People Identified and IA Business Plan Recruited Audit Plan Based on Management/ Reporting Relationship Established Stakeholder Priorities Level 1 – Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs dependent upon the skills of specific individuals holding the position; no specific professional practices established other than those provided by professional associations; funding approved by management, as needed; absence of 1 2 Initial infrastructure; auditors likely part of a larger organizational unit; no established capabilities; therefore, no specific key process areas www.theiia.org/ research
IA-CM Using the I A-CM • Not prescriptive — what should be done rather than how to do it. • A universal model with comparability around principles, practices, and processes to improve IA and be applied globally. 1 3 www.theiia.org/ research
Self-assessm ent IA-CM Steps • Understand the IA-CM. • Identify KPAs that appear to be institutionalized by the IA activity. • Review documentation: IA activity, organization, and environment. • Interview managers/ stakeholders. • Confirm actual KPAs institutionalized. • Determine capability level. • Communicate results. 1 4 www.theiia.org/ research
IA-CM Considerations • Apply professional judgment. • Consider environmental and organizational factors. • Is Level 3 sufficient? • Can capability levels be skipped? • Can KPAs be ignored? • Must all elements be at the same capability level? 1 5 www.theiia.org/ research
IA-CM Com m unicate Results • Identify strengths and areas for improvement of the IA activity. • Identify “leading practices” of the IA activity. 1 6 www.theiia.org/ research
http://www.theiia.org/bookstore/product/internal-audit-capability-model-iacm-for-the-public-sector-1422.cfm 1 7 www.theiia.org/ research
THANK YOU VERY MUCH! QUESTIONS? Daniela Danescu CIA CGAP daniela.danescu@gmail.com www.theiia.org/ research
Recommend
More recommend