SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

Transcription

1 Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain a quality assurance and imprvement prgram that cvers all aspects f the internal audit activity and cntinuusly mnitrs its effectiveness. This prgram includes peridic internal and external quality assessments and nging internal mnitring. The bjective f this prgram is t prvide reasnable assurance t the varius stakehlders f the internal audit activity that it: Perfrms in accrdance with its charter, which shuld be cnsistent with the Standards and Cde f Ethics, Operates in an effective and efficient manner, and Is perceived by thse stakehlders as adding value and imprving the Center s peratins Discussin: A quality assurance and imprvement prgram cmprises: Clear plicies, prcedural requirements and explanatins f what is expected in terms f alignment with the IIA standards, apprpriately rganized t meet the cnditins under which Internal Audit services are delivered t the Centers. This Manual seeks t address this element. Internal Auditrs and Quality cntrl and assurance reviewers shuld use this Manual as a Standard 1300 Quality Assurance and Imprvement Prgram The chief audit executive must develp and maintain a quality assurance and imprvement prgram that cvers all aspects f the internal audit activity Practice Advisry Imprvement Prgram Standard 1310 Requirements f the Imprvement Prgram The quality assurance and imprvement prgram must include bth internal and external assessments. Versin: August 15, 2009 Page J: 1

2 Audit Manual Sectin J benchmark fr their wrk. Recruitment, perfrmance evaluatin and prfessinal develpment arrangements which prmte quality see Sectin D.1 f this Manual fr related plicies and practice requirements Quality cntrl f medium term and annual internal audit wrk planning, thrugh internal reviews f draft planning dcuments and feedback frm audit clients befre the planning dcuments are finalized see Manual Sectin G.1 fr related plicies and practice requirements Feedback frm audit clients at the planning and reprting phases f audit engagements see Manual Sectins I.1 and I.5 fr related plicies and practice requirements Quality cntrl f audit engagements thrugh apprpriate supervisin during the audit engagement cycle particularly at the planning and reprting stages this is discussed in mre detail in this Manual Sectin A prgram f annual internal reviews f audit wrking papers and reprts by independent senir Internal Auditrs frm amng the CGIAR Internal Audit cmmunity this is discussed in mre detail in this Manual Sectin A prgram f 5 yearly external Quality Assurance Reviews this is discussed in mre detail in this Manual Sectin This prgram is supplemented by feedback frm peridic reviews f internal audit activities by Center external auditrs, dnr auditrs, External Prgram and Management Reviews, and Center Versin: August 15, 2009 Page J: 2

3 Audit Manual Sectin J J 1:1 Cmmissined External Reviews The Internal Audit rganizatin fr the CGIAR System is nt large enugh t establish a separate, dedicated quality assurance grup. The internal aspects f the quality assurance prgram will be carried ut by cperatively by the CGIAR IAU Directrs and Assciate Directrs, and by ther Center Heads f Internal Audit. There are sufficient qualified and experienced staff at these levels t share the respnsibilities s that a reasnable level f independence can be kept in the internal prgram The Head f Internal Audit shall be respnsible fr assuring that apprpriate engagement supervisin is prvided where ther Internal Auditrs carry ut internal audits fr the Center under the Head s supervisin. Discussin: Supervisin is a prcess that begins with planning and cntinues thrughut the examinatin, evaluatin, cmmunicatin, and fllw up phases f the engagement. Supervisin includes: Ensuring that the auditrs assigned pssess the requisite knwledge, skills, and ther cmpetencies t perfrm the engagement. Prviding apprpriate instructins during the planning f the engagement and apprving the engagement prgram. Seeing that the apprved engagement prgram is carried ut unless changes are bth justified and authrized. Standard 2340 Engagement Supervisin Engagements must be prperly supervised t ensure bjectives are achieved, quality is assured, and staff is develped. Practice Advisry Engagement Supervisin Versin: August 15, 2009 Page J: 3

4 Audit Manual Sectin J J 1:2 J 1:3 Determining that engagement wrking papers adequately supprt the engagement bservatins, cnclusins, and recmmendatins. Ensuring that engagement cmmunicatins are accurate, bjective, clear, cncise, cnstructive, and timely. Ensuring that engagement bjectives are met. Prviding pprtunities fr develping the knwledge, skills, and ther cmpetencies f the Internal Auditrs being supervised The Head f Internal Audit has verall respnsibility fr review but may designate apprpriately experienced Internal Auditrs t perfrm the review. Apprpriately experienced internal auditrs may be utilized t review the wrk f ther less experienced internal auditrs. Apprpriate evidence f supervisin shall be dcumented and retained. The extent f supervisin required will depend n the prficiency and experience f internal auditrs and the cmplexity f the engagement. Key engagement wrking papers, including draft audit terms f reference, audit prgrams and draft reprts, shall be reviewed t ensure that they prperly supprt the engagement cmmunicatins and that all necessary audit prcedures have been perfrmed. Evidence f supervisry review may be in different frms: the reviewer initialing and dating each wrking paper after it is reviewed. written recrds (review ntes) f questins Practice Advisry Engagement Supervisin Practice Advisry Engagement Supervisin Versin: August 15, 2009 Page J: 4

5 Audit Manual Sectin J J 1:4 arising frm the review prcess cmpleting an engagement wrking paper review checklist, preparing a memrandum specifying the nature, extent, and results f the review, and/r evaluatin and acceptance within electrnic wrking paper sftware. Discussin: This applies als t audits are undertaken directly by the Head f Internal Audit. In such cases anther senir internal auditr in the CGIAR IAU r Center IAU, where available ne that has previus experience in the audit r subject matter f the area under review, shuld act as reviewer. When clearing review ntes, care shuld be taken t ensure that the wrking papers prvide adequate evidence that questins raised during the review have been reslved. This may be in the frm f a blanket clearance where the questins are straightfrward and all satisfactrily addressed. Evidence f review activities, including clearance f questins, shuld be retained in the wrking papers. This is ften in the frm f electrnic mails r marked up cpies f dcuments with edit tracking and cmments Fr each Center, an annual prgram f internal quality assurance ver the internal audit activity shall be develped. This prgram may be carried ut by the Directr r an Assciate Directr f the CGIAR IAU, r anther Head f Internal Audit fr a different Center. Standard 1310 Requirements f the Imprvement Prgram The quality assurance and imprvement prgram must include bth internal and external Versin: August 15, 2009 Page J: 5

6 Audit Manual Sectin J J 1:5 Discussin: The annual internal quality assurance shuld cmprehensively review the Internal Audit activity fr the Center against all the relevant benchmarks set ut in this Manual. The review shuld take accunt f any perfrmance metrics fr the Internal Audit Activity (see Sectin E f this Manual) The Head f Internal Audit is recmmended t prepare fr such internal quality assurance reviews by self assessing. Time fr this level f quality assurance shuld be built int the Center annual internal audit wrk plan and Head f Internal Audit s and the QA reviewer s wn individual annual wrk plans. Given the gegraphic dispersin f the Internal Audit activities acrss the CGIAR System, the internal quality assurance prgram shuld rely as much as pssible n electrnic recrds and cmmunicatins. Hwever where pssible such reviews will be scheduled at a time when n site review and discussins can als be held. The results f the prgram shall be dcumented and shall include verall cnclusins and, where apprpriate, recmmendatins fr imprvement. Discussin: A peridic internal assessment perfrmed within a shrt time prir t an external assessment can serve t facilitate and reduce the cst f an external assessment. If the 5 yearly external assessments takes the frm f a self assessment with assessments. Practice Advisry Imprvement Prgram Practice Advisry Requirements f the Imprvement Prgram Standard 1311 Internal Assessments Internal assessments must include: Onging mnitring f the perfrmance f the internal audit activity; and Peridic reviews perfrmed thrugh selfassessment r by ther persns within the rganizatin with sufficient knwledge f internal audit practices. Practice Advisry Internal Assessments Practice Advisry Requirements f the Imprvement Prgram Practice Advisry Internal Assessments Versin: August 15, 2009 Page J: 6

7 Audit Manual Sectin J independent validatin, the peridic internal assessment can serve as the selfassessment prtin f this prcess. The IIA s Quality Assessment Manual cntains an utline f the self assessment prcess including guidance and tls, which can be applied t the annual internal quality assurance reviews. Draft and final reprting f results, similar t that fr an external assessment, shuld be prepared J 1:6 The Head f Internal Audit shall reprt the results f annual internal quality assurance reviews, including recmmendatins and fllw up actins taken r prpsed, in the peridic internal audit activity reprt t the Center s Directr General and the Audit Cmmittee. Practice Advisry Requirements f the Imprvement Prgram Practice Advisry Internal Assessments J 1:7 The cllective Internal Audit activity f the CGIAR Internal Auditing Unit and Center hired internal auditrs shall be subject, at least every 5 years, t a cmprehensive external quality assurance review, cnducted by a qualified, independent reviewer r review team frm utside the CGIAR System. Discussin: External assessments shuld appraise and express an pinin as t the Internal Audit activity s cmpliance with the Standards and, as apprpriate, shuld include recmmendatins fr imprvement. These external assessments shuld cver the entire spectrum f audit and cnsulting wrk perfrmed by the internal audit activity and shuld nt be limited t assessing its QA&IP Standard 1312 External Assessments External assessments must be cnducted at least nce every five years by a qualified, independent reviewer r review team frm utside the rganizatin. The chief audit executive must discuss with the bard the need fr mre frequent external ;assessments; and the qualificatins and independence f the external reviewer r review team, including any ptential cnflict f interest. Versin: August 15, 2009 Page J: 7

8 Audit Manual Sectin J The external assessment shuld cnsist f a brad scpe f cverage that includes the fllwing elements f the internal audit activity: Practice Advisry External Assessments Cmpliance with the Standards, The IIA s Cde f Ethics, and the internal audit activity s charters, plans, and plicies and practice requirements as set ut in this Manual. Expectatins f the internal audit activity expressed by the Centers bards, executive management, and peratinal managers, Integratin f the internal audit activity int the Centers gvernance prcess, including the attendant relatinships between and amng the key grups invlved in that prcess, Tls and techniques emplyed by the internal audit activity, Mix f knwledge, experience, and disciplines within the staff, including staff fcus n prcess imprvement, and Determinatin as t whether r nt the audit activity adds value and imprves the Centers peratins. The CGIAR IAU s first external quality assurance review, cnducted by a tw persn team nminated by the IIA and the Wrld Bank, was in The next such review is due by The CGIAR IAU business plan makes budget prvisin fr this review in Fr the next (2009) review it will be desirable t include all CGIAR internal audit activity, whether carried ut by the CGIAR IAU r self managing Center Internal Audit Units, in this review. The external quality assurance review Versin: August 15, 2009 Page J: 8

9 Audit Manual Sectin J J 1:8 wuld als desirably be cmbined with an external review f the verall strategy and rganizatin and sustainability f the internal audit activities acrss the CGIAR Centers Practice requirement: In rder t keep the csts f external quality assurance lw, avid t nerus a prcess n what is a relatively small Internal Audit activity, and t prmte the value f the internal quality assurance and imprvement prgram, the frmat f self assessment with external validatin will be alternated between full external reviews. Discussin: self assessment with external validatin has the fllwing features: A cmprehensive and fully dcumented self assessment prcess, which shuld emulate the external assessment prcess, at least with respect t evaluatin f cmpliance with the Standards. An independent n site validatin by a qualified reviewer(s). Ecnmical time and resurce requirements a sample f interviews may be made with senir and perating management and Audit Cmmittee chairs in Centers may be made rather than attempting t cver all Centers The annual internal qualify assurance review just prir t an external quality assurance review can be carried ut as a selfassessment subject t validatin by the external quality assurance reviewers. Practice Advisry External Assessments Practice Advisry External Assessments: Self Assessment with Independent Validatin Versin: August 15, 2009 Page J: 9

10 Audit Manual Sectin J J 1:9 J 1:10 J 1:11 T ensure the independence f the external quality assurance review, the review will be cmmissined by the CGIAR IA Cnsrtium Bard f Spnsrs, the review team selected by them, and the reprting f results will be t this Bard. Discussin: The Bard f Spnsrs prvides administrative versight f the CGIAR IAU and cmprises representatives f the Centers and CGIAR Secretariat wh receive services frm the Unit. The Spnsrs are nminated by the Directrs General and the CGIAR Directr in the case f the Secretariat representative. The reprt f the review will be addressed t the Bard f Spnsrs. The preliminary results f the review shall be discussed with the CGIAR IAU Directr, Assciate Directrs and ther Center Heads f Internal Audit during and at the cnclusin f the assessment prcess. The external quality assurance reviewers will prepare a draft reprt which will be reviewed by the Bard f Spnsrs and the CGIAR IAU Directr, Assciate Directrs and ther Center Heads f Internal Audit. The Bard f Spnsrs will frmulate respnses n the basis f the draft reprt and cnvey these back t the reviewers fr incrpratin in the final reprt. Discussin: The CGIAR IAU Directr will review with the Bard f Spnsrs the prpsed Practice Advisry External Assessments Versin: August 15, 2009 Page J: 10

11 Audit Manual Sectin J J 1:12 J 1:13 respnses t be prvided t the external reviewers fr incrpratin in their final reprt The external quality assurance reprt shall include the fllwing: An pinin n the internal audit activity s cmpliance with the Standards based n a structured rating prcess. The term cmpliance means that the practices f the internal audit activity, taken as a whle, satisfy the requirements f the Standards. Similarly, nncmpliance means that the impact and severity f the deficiencies in the practices f the internal audit activity are s significant that they impair the internal audit activity s ability t discharge its respnsibilities. The degree f partial cmpliance with individual Standards, if relevant t the verall pinin, shuld als be expressed in the reprt n the independent assessment. An assessment and evaluatin f the use f best practices, bth thse bserved during the assessment and thers ptentially applicable t the activity. Recmmendatins fr imprvement, where apprpriate. Unrecnciled disagreements between the external review and the internal selfassessment being validated. Respnses frm the Bard f Spnsrs, as the cmmissining entity, that include an actin plan and implementatin dates The results f the external quality assurance review will be reprted by the Head f Internal Audit t the Center s Directr General and t Practice Advisry External Assessments Standard 1320 Reprting n the Quality Assurance and Imprvement Prgram The chief audit executive must cmmunicate the results f the quality assurance and imprvement prgram t senir management and the bard. Standard 1320 Reprting n the Quality Prgram Versin: August 15, 2009 Page J: 11

12 Audit Manual Sectin J J 1:14 J 1:15 the Audit Cmmittee f the Bard. Discussin: The reprt may be submitted specially r tgether with the next scheduled, peridic Internal Audit activity reprt. Any instances f nncmpliance that have been disclsed by a quality assessment (internal r external), which impair the internal audit activity s ability t discharge its respnsibilities: Shuld be adequately remedied, The remedial actins shuld be dcumented and reprted t the relevant assessr(s), t btain cncurrence that the nncmpliance has been adequately remedied, and The remedial actins and agreement f the relevant assessr(s) therewith shuld be reprted t the Bard f Spnsrs and t Centers senir management and Audit Cmmittees. The Head f Internal Audit may reprt that the internal audit activity fr the Center cnfrms with the Definitin f Internal Auditing, the Cde f Ethics and the Internatinal Standards fr the Prfessinal Practice f Internal Auditing prvided that the results f the quality assurance and imprvement prgram supprts this statement. Discussin: Such reprting may be made in the peridic internal audit activity reprts and n internal audit websites, and in respnse t queries frm external auditrs r dnr PA ʺCnducted in Accrdance with the Standardsʺ Standard 1321 Use f Cnfrms with the Internatinal Standards fr the Prfessinal Practice f Internal Auditing The chief audit executive may state that the internal audit activity cnfrms with the Internatinal Standards fr the Prfessinal Practice f Internal Auditing nly if the results f the quality assurance and imprvement prgram supprt this statement. Versin: August 15, 2009 Page J: 12

13 Audit Manual Sectin J J.1:16 rganizatins. The internal audit activity must have been subject t external quality assurance review at least every five years and the mst recent review must have results that supprt the statement. The Head f Internal Audit shall reprt nncnfrmance with the Definitin f Internal Auditing, the Cde f Ethics r the Internatinal Standards fr the Prfessinal Practice f Internal Auditing where this impacts n the verall scpe r peratin f the internal audit activity. Discussin: Nn cnfrmance may be reprted in peridic internal audit activity reprts, special reprts where events have intervened t create a situatin f nncnfrmance, and in reprts n the results f internal and external quality assurance reviews. Standard 1322 Disclsure f Nncnfrmance When nncnfrmance with the Definitin f Internal Auditing, the Cde f Ethics, r the Standards impacts the verall scpe r peratin f the internal audit activity, the chief audit executive must disclse the nncnfrmance and the impact t senir management and the bard. Versin: August 15, 2009 Page J: 13