Add to collection(s) Add to saved
  1. Business
  2. Management

16croatiaiacmmvalidationpempal2002

The IIA
Research Foundation
Internal Auditing
Capability Maturity Model
(IA-CMM)
Preliminary Draft
Validation Session
Republic of Croatia
Ministry of Finance
Internal Audit Division
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
Outline
• Validation Objectives
• Why an IA-CMM?
– Underlying Principles
– Matrix
• Validation Results
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
1
Validation Objectives
• Review purpose, theory and uses of the
IA-CMM
• Refine, confirm and elaborate on
–
–
–
–
Capability Maturity Levels
Elements of Internal Auditing (IA)
Key Process Areas (KPAs)
Practices/Means to Institutionalize KPAs
• Identify issues to be addressed
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
2
Why the IA-CMM?
• Framework for Assessment
– Basis for implementing and
institutionalizing effective internal
auditing in the public sector
– Roadmap for orderly improvement to
strengthen capabilities
• Communication Vehicle
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
3
Underlying Principles
Selecting Optimum Capability
• Three variables
– Environment
– Organization
– IA Activity
• Different capability required
• Auditing must be cost-effective
• No “one size fits all”
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
4
Typical Structure of a
Capability Maturity Model
Capability
Level
Key Process Area
Key Process Area
Key Process Area
Goals
Activities
Outputs &
Outcomes
Mastery
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
5
IA-CMM Capability Maturity Levels (Draft)
LEVEL 5
Optimizing
LEVEL 4
Managed
LEVEL 3
Integrated
LEVEL 2
Infrastructure
LEVEL 1
Initial
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
6
Preliminary Draft Internal Auditing Capability Maturity Model Matrix
Level 5 –
Optimizing
Services &
Role of IA
People Management
Professional Practices
Performance
Management &
Accountability
Organizational
Relationships &
Culture
Governance
Structures
IA as a Change
Agent
Leadership Involvement
with Professional
Associations
Continuous Improvement in
Professional Practices
Public Reporting of
IA Effectiveness
Effective and
Ongoing
Relationships
Independence,
Power and
Authority of the IA
Activity
Integration of
Qualitative and
Quantitative
Performance
Measures
CAE Advises and
Influences TopLevel
Management
Independent
Oversight of the IA
Activity
Cost Information
Integral
Component of
Management
Team
Anticipatory IA Planning
Workforce Projection
Level 4 –
Managed
Assurances on
Governance,
Risk
Management,
Control
IA as a Management
Development and Career Tool
IA Activity Supports
Professional Bodies
Strategic Alignment of
Audits with
Organization’s
Management of Risk
CAE Reports to
Top-Level
Authority
Workforce Planning
Level 3 –
Integrated
Performance /
Value-for-Money
Audits
Advisory
Services
Team Building and
Competency
Quality Management
Framework
Professionally Qualified
Staff
Risk-Based Audit Plans
IA Management
Reports
Workforce Coordination
Level 2 –
Infrastructu
re
Level 1 Initial
Compliance
Auditing
Performance
Measures
Individual Professional
Development
Professional Practices and
Processes Framework
Identify and Recruit Skilled
People
Audit Plan Based on
Management / Stakeholder
Priorities
IA Business Plan
IA Operating Budget
Management
Oversight Committee
Funding
Mechanisms
Full Access to the
Organization’s
Information, Assets
and People
Managing the
Work of the IA
Activity
Reporting
Relationship
Established
Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs dependent upon
the skills of specific individuals holding the position; no specific professional practices established other than those provided by professional
associations; funding approved by management, as needed; absence of infrastructure; auditors likely part of a larger organizational unit; no
established capabilities; therefore, no specific key process areas
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
7
Validation Process
• Review Documentation re: IA-CMM
Elements; Environmental Factors
• Walkthrough IA-CMM
– Chief Audit Executive
– Internal Audit Practitioners
– Key Stakeholders
• CHU
• State Auditor
• Auditee Client
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
8
Validation Results
• Importance of External
Environment, Organizational
Factors
• Need more clarity in some
elements and KPAs
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
9
Issues For Consideration
• Advisory Services
– Independence and Objectivity of IA
• Team Building and Competency
– Communication
• Quality Management Framework
– External Quality Assessment
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
10
Issues For Consideration
• Governance Structures
– Funding Mechanisms
– Management Oversight Committee
– Independent Oversight of IA
• Role of CHU
• IA’s Relationship with External
(State) Auditor
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
11
Leading Practices
• Training and Professional Development
– Modules
– CPIA
– IA Classification System
• Relationship Building
– CAE Network
• Professional Practices Framework
– Law, Charter, Code of Ethics, Rulebook,
Manual
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
12
Decree on organisation of MoF/
Rulebook for job description
Charter of internal auditors
Working procedures of IAD
Strategic/annual plan
Internal audit programmes/guidelines
Internal audit reports/Follow up
MoF
PIFC Law
Code of ethics
Internal audit standards
Rulebook for budget users IA
Internal audit manual
CHU
State
Croatia - Internal Audit Legal Framework
13
Next Steps
• Refine and validate the draft model
based on each global validation
session
• Completed IA-CMM–2008
– Summary
– Implementation Workbook/s
– Illustrative recommended and leading
practices
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
14
…
• “When you aim for perfection, you
discover it's a moving target”
– Geoffrey F. Fisher (1887–1972) archbishop of Cantebury
DRAFT VERSION – DO NOT DISTRIBUTE OR COPY
© 2007, IIA Research Foundation – All Rights Reserved
www.theiia.org
15
Related documents
CIA EXAM APPLICATION fORM
CIA EXAM APPLICATION fORM
An Elected Official at Your Event
An Elected Official at Your Event
Academic Lab - Expectations for Teachers
Academic Lab - Expectations for Teachers
Continuous Auditing - Global Institute of Internal Auditors
Continuous Auditing - Global Institute of Internal Auditors
Recent Changes to IIA Standards
Recent Changes to IIA Standards
TECHNICAL MESSAGES OF THE IIA – UK AND IRELAND
TECHNICAL MESSAGES OF THE IIA – UK AND IRELAND
Course Description
Course Description
Quality Assessment - The Road to Professionalism
Quality Assessment - The Road to Professionalism
Download