OCIA 2013-2018 Strategic Plan 1 | Page REPUBLIC OF RWANDA MINISTRY OF FINANCE AND ECONOMIC PLANNING P.O.BOX 158 KIGALI Prepared by: Office of Chief Internal Auditor June 2014 OCIA 2013-2018 Strategic Plan Theme: Transforming Internal Audit Function to Promote Public Accountability
93
Embed
OCIA 2013-2018 Strategic Plan - MINECOFIN · Situation Analysis ... OCIA 2013-2018 Strategic Plan 1 | Page ... Human Resources and Leadership • Internal audit competency framework
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
OCIA 2013-2018 Strategic Plan
1 | P a g e
REPUBLIC OF RWANDA
MINISTRY OF FINANCE AND ECONOMIC PLANNING
P.O.BOX 158 KIGALI
Prepared by:
Office of Chief Internal Auditor
June 2014
OCIA 2013-2018 Strategic Plan
Theme: Transforming Internal Audit Function to Promote Public Accountability
4.3 Pillar 3: Human Resources and Leadership ...................................................................................... 29
4.4 Pillar 4: Audit Process, Tools and Techniques .................................................................................. 31
4.5 Pillar 5: Communication and Reporting ........................................................................................... 33
4.6 Pillar 6. Performance Management and accountability .................................................................. 34
5. Strategy Implementation Plan ................................................................................................................. 36
Oversight of the strategic plan ..................................................................................................................... 36
5.1 Sequencing Implementation of the Strategic Plan .......................................................................... 38
Annex 8: Number of Internal Auditors per Entity ............................................................................................ 83
Annex 9: Internal Audit Training Needs Assessment ....................................................................................... 87
OCIA 2013-2018 Strategic Plan
1 | P a g e
Executive summary
i. Introduction
Internal Audit in Government of Rwanda (GoR) was established in 2006 after the enactment of the Organic Law No. 37/2006 of 12th
September 2006 on State Finances and Property. This Strategic Plan builds on the improvements accomplished in strengthening internal audit in GoR through capacity building initiatives undertaken since 2010.
The Minister in charge of Finance has the responsibility under Organic Law N° 12/2013/OL of 12/09/2013 on State finances and property to ensure the adequacy of internal audit, to know and monitor risks related to management and internal audit arrangements. International standards for the professional practice of internal auditing (2060) require the Head of Internal Audit to periodically report to Senior Management and the Board on internal audit’s purpose, authority, responsibility, and performance. The Organic Law requires the Chief Internal Auditor to provide indicators for internal audit and risk management and monitor and coordinate services of internal auditors in public entities. This strategic plan has been developed to fulfill this responsibility. The strategic plan (2013-2018) sets the goals and strategies that the Office of the CIA will pursue over the next five years. It is a commitment by the OCIA to improve internal audit function in GoR in line with aspirations set in MINECOFIN and the PFM sector strategic plans. The strategy aims at transforming internal audit into a sustainable internal audit function capable of being a change agent in Government and is based on the internationally recognized Public Sector Internal Audit Capability Model developed by the Institute of Internal Auditors (Annex 5). Capacity building efforts undertaken to date have yielded positive results and build a solid foundation for further capacity building. However various assessments show that the Internal Audit professional skills in the country remained low and reforms needed to be deepened to mainstream best practice in internal audit units in MDAs.
To speed up the pace in transforming internal audits on the job training and other change management techniques will be used to impart technical and behavioral and audit management skills.
ii. Mission, vision and values
The OCIA vision is “to improve the effectiveness of IA functions for the purpose of strengthening internal controls in financial management and reliability of reporting by MDAs.” The mission of the Internal Audit Units is to help Ministries, Districts and Agencies (MDAs) satisfy their statutory and fiduciary responsibilities; and use public resources efficiently. This vision and mission is aimed at promoting the highest standards of accountability and transparency in public financial management in line with the PFM reform 2008-2012 strategy and 2013-2018 PFM SSP. To complement the vision and mission and ensure ethical professional behavior of internal auditors, the Office of the CIA has identified the following as its core values: Integrity; Objectivity; Professional Competence and Confidentiality.
OCIA 2013-2018 Strategic Plan
2 | P a g e
Internal auditors are also guided by international standards for the professional practice of internal auditing developed by the institute of internal auditors, the code of ethics for internal auditors, internal audit charter and the internal audit procedure manual when carrying out their work.
iii. Strategic priorities and pillars
The following strategic priorities were identified by analyzing the current situation, IA mandate and the strategic issues facing internal auditing:
1) To address gaps identified in different reviews including PEFA 2010 and COWATER 2010; 2) To comply with International Internal Auditing Standards and best practices; 3) To strengthen internal audit institutional capacity in line with its mandate; 4) To enhance skills development through coaching and mentoring; 5) To reinforce the positive Tone at the Top and promote good governance; 6) To consolidate audit reports and centrally monitor audit recommendations; 7) To promote professional qualifications such as CFE, CISA, CIA and ACCA; 8) To build the capacity of internal auditors to audit in a computerized environment; 9) To promote best practices in public financial management and accountability; 10) To refocus internal audit effort to areas of higher risk and to increase audit coverage; 11) To strengthen audit committees’ oversight role; 12) To automate audit process to increase audit efficiency; 13) To focus on managing change and overcoming staff and organizational barriers to change; and 14) To strengthen internal audit capacity to deal with its stakeholders effectively. These priorities have been summarized into the following six pillars each with a strategic objective to assist in assigning responsibilities.
1) Ensure internal audit function is established in laws, regulations and in ministries, districts and budget agencies (Regulating and coordination pillar).
2) Internal audit has an appropriate organization structure to effectively discharge its mandate and engage its stakeholder (Organisational structure and internal audit roles pillar).
3) Internal audit is staffed with the adequate, skilled and competent staff to provide quality internal audit services and meet stakeholders’ expectations (Human Resources and Leadership pillar).
4) To ensure efficiency and effectiveness in the audit process by employing efficient audit procedures and techniques (Working practices pillar).
5) To ensure that the results of the audit work are fully understood and appropriately acted upon to facilitate improvement of internal control environment (Communication and Reporting pillar).
6) To successfully implement the Strategic Plan (Performance Management and accountability pillar).
OCIA 2013-2018 Strategic Plan
3 | P a g e
iv. Policy Actions
The approval and implementation of the following activities require policy dialogue with internal audit stakeholders. Adequate planning and resources will be essential for successful implementation.
Pillar 1: Regulating and coordination
• Role of internal audit and audit committees in risk management included in Organic Law on State Finances and property.
• Establishing and monitoring audit committees in Central Government. • Implementation of a quality assurance and improvement programme and recruitment of an
external quality assurance reviewer every five years.
Pillar 2: Organisational structure and internal audit roles
• Review of OCIA and internal audit units’ organizational structure and number of internal auditors.
• Outsource review of IFMIS and audit of other areas of significant risk where internal audit cadre lack adequate skills.
• Clarify role of OCIA in performance appraisal of internal auditors in MDAs. • Design and implement Ministerial Instructions on enterprise risk management. • Implement internal control monitoring framework.
Pillar 3: Human Resources and Leadership
• Internal audit competency framework approved and implemented. • Internal audit skills development plans approved and implemented.
Pillar 4: Audit process, tools and techniques
• Internal audit and audit committee regulations updated in line with Organic Law on State Finances and Property and financial regulations.
• Purchase of additional CCH Teammate licenses to facilitate audit automation
Pillar 5: Communication and Reporting
• Submission of internal audit reports by entities for consolidation • Submission of reports on implementation of external audit and internal audit recommendations
for consolidation.
Pillar 6: Performance Management and accountability
• Recruitment of technical assistance to support capacity building program. • Develop and monitor internal audit performance indicators. • Review of the strategic plan implementation and develop of next strategic plan.
OCIA 2013-2018 Strategic Plan
4 | P a g e
v) Human and Financial requirements To assist in implementing the strategic plan financial and human resources required have been identified and estimated. The Office of the CIA plans to use capacity building technical assistance during the first two years of implementation of the plan to ensure skills transfer to enable the core team continue implementing the capacity building programme. However, to reach over 200 internal auditors and a similar number of audit committee members in a shorter time, the Office proposes to extend technical assistance to include on the job training to internal auditors in MDAs to accelerate skills transfer. The table below summarizes proposed budget requirements over the five years. The budget for 2013/14 is included in PFM reform basket fund 2013/14 workplan. A detailed breakdown of the cost of each strategic activity is included in section 6.2.
Financial Year 2013/14 2014/15 2015/16 2016/17 2017/18
vi) Implementation and Monitoring A comprehensive implementation matrix has been developed to elaborate the strategies and activities aimed at achieving each objective and the expected outputs and outcomes. Activities have been prioritized and sequenced into short term (1-2 years), medium term (3-4 years) and long term (5 years onwards). The Office of the CIA will base its annual action plans on this strategic plan to ensure a seamless implementation. Internal auditors in MDAs will also be required to participate in activities targeting them. The strategic plan has been harmonized with the PFM sector strategic plan to facilitate monitoring by the Office of CIA and PFM secretariat.
OCIA 2013-2018 Strategic Plan
5 | P a g e
Abbreviations AC Audit Committee
ACCA Association of Chartered Certified Accountants
CBM Chief Budget Managers
CBP Capacity Building Programme
CGAP Certified Government Audititing Professional
COBiT Control Objectives for Information and related Technology
CRMA Certification in Risk Management Assurance
COSO Committee of the Cosponsoring Organisations of the Tradeway Commission
EDPRS Economic Development and Poverty Reduction Strategy
GBE Government Business Enterprises
CIA Chief Internal Auditor
ERM Enterprise Risk Management
HIA Head of Internal Audit
IA Internal Audit
IA-CM Internal Audit – Capability Model
IAU Internal Audit Units
ICT Information and Communication Technology
IFMIS Integrated Financial Management Information System
IIA Institute of Internal Auditors
IMF International Monetary Fund
INTOSAI International Organization of Supreme Audit Institutions
IPPF International Professional Practice Framework (of the IIA)
ISACA Information Systems Audit and Control Association
IT Information Technology
MDAs Ministries, Districts and Agencies
MIFOTRA Ministry of Public Service and Labour
MINECOFIN Ministry of Finance and Economic Planning
MOU Memorandum of Understanding
OAG Office of the Auditor General
OCIA Office of Chief Internal Auditor
OCIA 2013-2018 Strategic Plan
6 | P a g e
OL Organic Law
PEFA Public Expenditure and Financial Accountability
PFM Public Financial Management
PFIC Public Financial Internal Control
PS/ST Permanent Secretary and Secretary to the Treasury
RPPA Rwanda Public Procurement Authority
SP Strategic Plan
SSP Sector Strategic Plan
SWOT Strengths Weaknesses Opportunities and Threats
VPN Virtual Private Network
OCIA 2013-2018 Strategic Plan
7 | P a g e
1. Introduction
1.1 Background information
Internal Auditors are mandated to provide independent, objective and systematic evaluation
and improvement of risk management, control and governance processes in government
entities. They accomplish this by providing the following assurance services in addition to
providing consulting services: Financial, Compliance, Value for Money, IT, Systems Audits
and Fraud Investigations.
Internal audit helps to promote accountability and transparency and effective management in
respect of revenue, expenditure, assets and liabilities by conducting audits to assess the health
of the public financial management system and report areas of improvement and misuse of
resources.
The Head of Internal Audit is required to periodically report to Senior Management and the
Board on internal audit’s purpose, authority, responsibility, and performance (Standard 2060:
Reporting to Senior Management and the Board).
By providing assurance on accountability of use of public resources and continuous
improvement, internal auditors play a critical role in assisting management and the boards
discharge their fiduciary responsibility and utilize funds effectively towards meeting the
Economic Development and Poverty Reduction Strategy (EDPRS2) targets, and ultimately
those of Vision 2020.
1.2 Legal Framework and Mandate
Internal audit in Rwanda is established by the Organic Law N° 12/2013/OL of 12/09/2013,
which replaced Organic Law No. 37/2006 of 12th September 2006, on State finances and
property. The function was established in 2006 and preceded by the “Inspection Générale de
Finances (IGF)” department in MINECOFIN. The Law requires the Minister in charge of
OCIA 2013-2018 Strategic Plan
8 | P a g e
Finance “to ensure the adequacy of internal audit, to know and monitor risks related to
management and internal audit arrangements”.
Ministerial Order No. 002/07 of 15th
February 2007 relating to financial regulations devolved
internal control responsibilities to the budget agencies and each agency was required to set up
an internal audit unit. Article 36 of the Ministerial Order established the Internal Audit
Function and gave the Chief Internal Auditor the responsibility of supervising and developing
the internal audit function across all Government entities. The Organic Law N° 12/2013/OL of
12/09/2013 requires the Chief Internal Auditor to provide indicators for internal audit and risk
management and monitor and coordinate services of internal auditors in public entities.
Ministerial Order N°002/09/10/GPIA of 12/02/2009 setting out regulations internal control,
internal audit and Ministerial Instruction N° 004/09/10/MIN of 01/10/2009 established audit
committees in public entities, local government entities and autonomous and semi-autonomous
public entities, regulate internal audit and audit committees respectively.
1.3 Vision and Mission Statements
The OCIA vision is “to improve the effectiveness of IA function for the purpose of
strengthening internal controls in financial management and reporting by MDAs.” The
mission of the Internal Audit Units is to help Ministries, Districts and Agencies (MDAs)
satisfy their statutory and fiduciary responsibilities; and use public resources efficiently. This
vision and mission is aimed at promoting the highest standards of accountability and
transparency in public financial management in line with the PFM reform 2008-2012 strategy
and 2013-2018 PFM SSP.
1.4 Key Objectives
In line with the mission statement stated above, the key objectives of the Office of the CIA are
to:
a) Set up a strong and effective Government Internal Audit function;
b) Formulate and disseminate internal audit regulations, policies, guidelines etc;
OCIA 2013-2018 Strategic Plan
9 | P a g e
c) Ensure capacity building for Internal Auditors and Audit Committees;
d) Provide guidance and supervise Internal Auditors in MDAs;
e) Initiate preventive and corrective measures to improve quality of Public Financial
Management;
f) Conduct audit assignments in any government entity to assess whether risks are
appropriately identified and managed;
g) Provide consulting services to management on internal controls, risk management and
corporate governance;
h) Monitor implementation of the audit recommendations and prepare quarterly reports;
i) Prepare quarterly consolidated internal audit report for all government entities to the
PS/ST, Minister in Charge of Finances and Prime Minister; and
j) Coordinate internal audit work with the Auditor General of State Finances.
1.5 Core values The core values of the Internal Auditors as highlighted in the (draft) code of conduct for
internal auditors are: Integrity; Objectivity; Professional Competence and Confidentiality.
1.6 Internal Audit Organization structure
The Office of the Chief Internal Auditor (Office of CIA) is responsible for regulating,
capacity building and coordinating internal audit units in ministries, districts and agencies, has
10 internal auditors and is headed by the Chief Internal Auditor (CIA) who reports
administratively to the Permanent Secretary and Secretary to the Treasury (PS & ST) and
functionally to the Minister in Charge of Finance. In addition, there are over 200 internal
auditors in 19 Ministries, 4 provinces and Kigali City, 30 Districts, projects and semi
autonomous entities. The number of internal auditors per entity is listed in Annex 8.
Except the CIA and auditors in a few GBEs, all other auditors are in the same rank. All
ministries and districts have between 1-3 auditors all at the same rank. OCIA team is
OCIA 2013-2018 Strategic Plan
10 | P a g e
administratively divided into two teams, Local Government and Central Government, each
headed by a Team leasder.
1.7 Key strategic issues
The strategic plan seeks to address the following key questions to improve the effectiveness of
internal audit function in GoR:
a) Is internal audit meeting its key objectives?
b) What is the value proposition of internal audit to its stakeholders and is this value
being realized?
c) Does the current internal audit organization structure enable internal auditors to
effectively discharge their mandate?
d) Does internal audit legal framework enabling it to function effectively?
e) Is the current internal audit reporting line appropriately promoting its effectiveness?
f) Are internal auditors independent and objective?
g) Do internal auditors appropriately focus their effort in areas of higher risk?
h) What is the current internal audit skills levels in the country and are there gaps?
i) Is internal audit effectiveness measured using suitable performance indicators?
j) Is the core mandate of the Office of the Chief Internal Auditor clear and is it being
fulfilled?
These and other questions are addressed in this strategic plan.
2. Situation Analysis
This section reviews internal audit performance against internationally accepted public sector
standards and its mandate as stipulated in the internal audit regulations.
OCIA 2013-2018 Strategic Plan
11 | P a g e
2.1 Internal audit value proposition
By definition, Internal Auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic and disciplined approach to evaluate and
improve the effectiveness of the risk management, control and governance processes.
The internal audit activity provides assurance to top management and the audit committee that
risks to the organization are understood and managed appropriately. IA reports and other
communications should provide hindsight on past performance, insight on effectiveness of
internal control, risk management and governance systems and foresight on risks that may
hinder achievement of objectives, to top management and the Executive/board/Council to
facilitate decision making. In addition, IAs are supposed to use the information they gather to
act as an in-house consultant to management.
Experience has shown that management and the board listens to or tends to ignore internal
audit depending on whether they are adding value to the entity. Internal auditors therefore
need to demonstrate how they add value to the organization objectives.
Internal auditors are charged with assisting the organization in the effective discharge of
responsibilities, promoting the establishment of cost-effective controls, assessing risks, and
recommending measures to mitigate those risks. As an integral part of the management team,
internal auditors furnish top management with analysis, appraisals, counsel, and information
on the activities they review. They also monitor organizational ethics.
Evaluating emerging technologies, analyzing opportunities, assessing quality, economy, and
efficiency, and providing accurate and timely communication are just some of the activities
internal auditors conduct on a daily basis. The comprehensive scope of their responsibilities
provides them with a broad perspective on the organization. And that, in turn, makes them a
valuable resource to executive management and the board of directors in accomplishing
overall goals and objectives, as well as strengthening internal control and governance.
However, this value proposition is directly related to the timeliness and quality of internal
audit reports, ability of internal audit to sell the results of its work to management, the ability
OCIA 2013-2018 Strategic Plan
12 | P a g e
of management to implement audit recommendations and improve controls to reduce repeat
occurrences. This demands that internal auditors pro-actively focus on key risks that are of
concern to management and that audit recommendations address the root cause and not
symptoms of problems. Additionally, internal audit should monitor audit reports and hold
management accountable, not just churn out audit reports. Internal auditors must be vocal,
visible, have a customer focused approach and engage at the executive level to avoid getting
ignored by management. Internal auditors’ performance should be measured using indicators
that demonstrate the value they add including cost savings and other financial indicators.
Clearly, internal auditors cannot succeed on their own. Audit committees working together
with management play an important role in shaping internal audit focus. Ultimately the audit
committee and management are responsible for ensuring internal auditors are sufficient,
motivated and competent staff to deliver their services they are mandate. These relationships
need to be strengthened.
2.2. Drivers of change
This strategic plan has been informed by PFM reviews conducted in the recent past, the
SWOT analysis, Public Sector Internal Audit Capability Model and International Standards
for the Professional Practice of Internal Auditors, benchmarking with other Governments’
Internal Audit units and various consultations details of which are included in the SWOT in
Annex 4.
To achieve the envisaged transformational change, the following 14 priority areas were
identified.
1) Addressing gaps identified in different PFM reviews
Although formed in 2006, internal audit capacity building efforts started in earnest in 2010/11.
2010 Public Expenditure and Financial Accountability (PEFA) assessment rated internal audit
in Central Government at C. D is the lowest possible score while A is the highest. The Core
internal audit unit at MINECOFIN was understaffed at the time of the review. The function
OCIA 2013-2018 Strategic Plan
13 | P a g e
was yet to fully meet international internal auditing standards, and needed to devote more time
to systems-audit as opposed to transaction audits.
Following this review, COWATER, an international firm was recruited to conduct training in
2010. Upon completing training and pilot audits, COWATER in their final report assessed the
capacity of IA in Rwanda to be between level 1 and 2 of the Institute of Internal
Auditors’(IIA) Public Sector Internal Audit Capability Model (IA-CM), Annex 5. The firm
recommended a more long term capacity building approach leading to the recruitment of the
Resident Internal Audit Advisor in 2011.
To date the following significant achievements have been realized through capacity building
efforts to mention but a few.
• Internal audit procedure manual, draft code of conduct for internal auditors, internal
audit charter and the audit committee charter have been developed and
communicated;
• International standards for the professional practice of internal auditing were
disseminated and are being implemented;
• Several trainings for auditors and audit committee members were conducted;
• 10 IDEA data analysis licenses were acquired.
• 50 CCH Teammate audit management software licenses were acquired;
• Audit guidelines and tools were developed and are being implemented; and
• Risk management guidelines were developed and disseminated to GBEs.
2) Complying with International Internal Auditing Standards and best practices
The Internal audit function partially conforms to the International professional practice
framework (IPPF) issued by the Institute of Internal Auditors according to a self assessment
carried out by internal auditors in 2013. Internal auditors have difficulties in complying with
independence and objectivity, quality assurance and improvement program, management of
internal audit activity, engagement planning and performing monitoring and acceptance of
management standards to mention but a few. In addition, internal auditors are also required to
OCIA 2013-2018 Strategic Plan
14 | P a g e
comply with the code of ethics and professional standards issued by INTOSAI and ISACA
depending on the type of assignment being conducted.
A benchmark survey carried out against Uganda, Kenya, Tanzania, Malawi, Ethiopia and
Zanzibar during a conference sponsored by IMF in 2012 showed that Rwanda internal audit
function capability was less developed in a number of key areas compared to some of these
countries. During a East Africa PGM conference, Rwanda internal audit was rated at level 2
while Kenya and Tanzania was rated at level 3.
3) Strengthening IA institutional capacity in line with mandate
The Internal Audit regulations establishing internal audit units and audit committees in public
entities are undergoing review to capture lessons learnt and incorporate best practice. An
organizational review has proposed changes to internal audit structures and numbers and in
MDAs are enhance skills development to provide specialized services e.g. consulting services
over internal controls, risk management and public /corporate governance processes, IT, value
for money, review of financial information, system audits and forensic investigations and
scope coverage.
4) Enhancing skills development in MDAs through coaching and mentoring
Despite various trainings and availability of audit manuals, skills among internal auditors in
MDAs remains low compared to those in the Office of CIA. Due to high staff turnover, a high
number of auditors are recruited as fresh university graduates each year and require coaching
and mentoring to develop appropriate professional skills. The auditors have not been provided
with this support due to the small number of auditors in each entity and the limited capacity of
the OCIA team. On the job coaching will assist in overcoming the challenge auditors face in
implementing audit manuals and standards.
5) Reinforcing the positive Tone at the Top
The strong tone at the top established by the Country Leadership lays a strong foundation for
accountability, transparency and zero tolerance to corruption culture. This and a performance
management culture set the right environment for objective conduct of internal auditing and
OCIA 2013-2018 Strategic Plan
15 | P a g e
implementation of audit recommendations by management. More awareness training on the
role of internal audit and engagement of IA’s stakeholders is needed to exploit this
opportunity.
6) Consolidating and monitoring audit recommendations centrally
The Office of the CIA is required to prepare quarterly consolidated reports to the Minister of
Finance and Economic Planning with a copy to the PS & ST, and the Prime Minister. Some
government entities do not submit internal audit reports to the Office of CIA for consolidation
for various reasons. The Office of the Chief Internal Auditor will monitor implementation of
Auditor Generals’ Office and Internal Audit recommendations to ensure issues do not reoccur
and provide feedback to entities where necessary.
7) Promoting professional qualifications
There are no internal auditors qualified in specialized audit skills such as IT Audits and
forensic investigations in the public sector. The country also has a low number of qualified
accountants. MINECOFIN will sponsor OCIA team members who wish to pursue CFE and
CISA professional courses after becoming ACCA or CIA qualified. This will assist in
reviewing risks that require specialized internal audit skills.
8) Building the capacity of internal auditors to audit in a computerized environment
The Government of Rwanda is committed to computerization of its operations to improve
efficiency in service delivery. Key Government operations including payroll processing and
public financial management have been automated. However internal auditors lack
appropriate skills to audit in a computerized environment and there is urgent need to develop
this capability.
OCIA 2013-2018 Strategic Plan
16 | P a g e
9) Promoting best practices in public financial management and accountability
The OAG has in its 2010/2011 annual report highlighted that the public financial management
and accountability was still weak. The OAG also pointed out that there were weak internal
audit units and audit committees were lacking.
The Ministerial Order N°002/09/10/GPIA of 12/02/2009 setting out regulations for internal
control and internal audit in Government requires CBMs to sign an annual statement on the
adequacy of the internal control system and the Head of Internal Audit to give an annual
independent opinion on the internal control system (incorporating risk management).
Currently, there is no risk management framework in Government although guidelines have
been proposed. We propose to conduct an organizational review to assess which entities
require heads of internal auditors. Auditors are also not professionally qualified and there is
doubt as whether they are in a position to give an opinion on internal controls. The Public
Financial Internal Control (PFIC) recommends adoption of Internal Control Frameworks such
as COSO and consolidation of internal control information and capacity building by the
Ministry in charge of Finance.
10) Rebalancing internal audit effort
The Office of the CIA needs to rebalance its coordinating, monitoring and capacity building
role, and that of conducting audit assignments. This requires a review of the organization
structure and skills to develop capabilities to coordinate internal audit units and specialized
skills to conduct fraud investigations, IT and value for money audits. Internal auditors have
also been found to do more transaction audits as opposed to system audits to address
weaknesses in internal audit control design. Internal audit also needs to rebalance its efforts
between the different audit missions.
11) Strengthening audit committees’ oversight role
OCIA 2013-2018 Strategic Plan
17 | P a g e
Audit committees comprised of independent members were established in districts in 2011.
Rwanda Governance Board in its’ Rwanda Governance Score Card 2010 and development
partners in the 2011/2012 Sector Performance Report highlighted the need to undertake audit
committee training and other capacity building efforts to make them more effective. Audit
Committtes have been appointed in some ministries but some ministries and boards are yet to
appoint audit committees. Internal auditors are required to report to audit committees in
addition to the District Council and Chief Budget Managers. Reporting to audit committees
will boost internal audit independence and ensure adequate attention is given by management
to resolution of audit recommendations. Audit committees periodically reports to the
supervisory board or executive authority as the case may be. Audit committees are further
required to give an annual statement indicating how they discharged their responsibilities
alongside the entity annual report.
12) Automating audit process to enhance audit efficiency
The Government has embraced computerization in service delivery and maintaining of
records. Internal auditors need audit tools to audit in an automated environment and to
increase their efficiency. Auditors will need to increase their proficiency to fully utilize CCH
Teammate and IDEA tools currently being implemented.
13) Focusing on managing change and overcoming personal and organizational barriers
to change
The internal audit function is undergoing transformational change. This will create some
turbulence as new positions and responsibilities are assigned and new skills and capabilities
developed. This also endanger some uncertainty and resistance to change. Dealing with these
issues on a reactive, case-by-case basis puts speed, morale, and results at risk. There is need to
have a structured change management approach to ensure that changes are seamlessly
institutionalized to achieve lasting benefit. The Office of the CIA will play a key role in
directing and influencing the speed of change.
14) Strengthening capacity to deal with stakeholders effectively
OCIA 2013-2018 Strategic Plan
18 | P a g e
Internal audit has a number of stakeholders with different level of power, influence, and
requirements. IA should continuously identify the interests, roles/responsibilities and areas of
collaboration with its stakeholders and engage in order to improve its effectiveness.
Professional standards require that “When issued, an opinion or conclusion must take into the
account of the expectations of senior management, the board, and other stakeholders”. Easy
flow of information to and from concerned parties promotes accountability and internal audit
effectiveness. Currently internal audit is not highly regarded by stakeholders and concerted
efforts are needed to create a more positive image.
Below is a list of some of the stakeholders and their responsibilities. Stakeholder Area of collaboration Role / responsibility What the stakeholder can
do for IA
1. The Minister of Finance and
Economic Planning
Quarterly consolidated and
monitoring reports
Reporting line
Tone at the top
Budgetary support
Request for audit
assignments
Resolution of audit findings
Appointment ministerial
audit committees
Policy decisions
2. Permanent
Secretary/Secretary to the
Treasury
3. Executive management /
District council / Boards
Internal control and risk
management
Resolution of risks Ownership of internal control
and risk management
4. Audit committees Quarterly reports
Audit plan approval
Functional reporting
Monitoring of audit findings
Promote internal audit
independence, approve action
plans
5 .Chief Budget Managers Appointment and appraisal Administrative reporting
Monitor resolution of audit
findings
6. Projects Coordinators and
Heads of Departments
Coordinate audit
assignment
Auditee, provide access to
information
Implement audit
recommendations
7. Internal auditors in MDAS Training, audit plan
approval, Quarterly audit
reports, coaching
Supervision, capacity
building and reporting
Implementation of internal
audit policies, joint audits
8. MINECOFIN /Public
Financial Management
Coordinating capacity
building efforts
Capacity budgeting and
procurement support
Mobilise resources to
implement strategic plan
9. MINECOFIN/ Public
Accounts Unit
Records and financial
statements
Supervise public sector
accounting
Monitor resolution of
financial audit findings
10. MINECOFIN/
Government Portfolio
Risk management, training
for CBM, directors and
Supervise government
investments Capacity
Facilitate implementation of
audit committee and internal
OCIA 2013-2018 Strategic Plan
19 | P a g e
Stakeholder Area of collaboration Role / responsibility What the stakeholder can
do for IA
Management unit audit committees building of board of
directors and CBMs
Monitor effectiveness of
audit committees, risk
management and controls
audit regulations
Promote implementation of
risk management and internal
control frameworks
11.MINECOFIN/Treasury
department
Implementation of audit
findings
Payments and funds transfer Assist in implementing
sanctions for non compliance
12.MINECOFIN/ ICT unit Use of CCH TeamMate
audit management
software.
ICT support TeamMate implementation
including VPN access
13.MINECOFIN/ IFMIS
Project
System controls, data
access, IFMIS training
Data base management and
training
Provide read only access
rights to auditors and training
External Stakeholders
14. The Prime Minister Quarterly consolidated and
monitoring reports
Stakeholder meetings
Tone at the top Set performance target on
audit committees and internal
audit
15. Cabinet Legal framework
Organization structure
Approval of Regulations
Appointment of GCIA
Approval of staffing levels
Approve ministerial orders
and staffing policy proposals
16. Members of Parliament PAC Legislation
Oversight
Approve laws
17. Office of the Auditor
General
Audit of internal controls
Monitoring of audit
recommendations
Review IA and audit
committee effectiveness
Promote role of internal audit
and audit committees,
coordinate value for money
and financial audits
18. Development Partners Joint sector review Programme and technical
support
Technical and financial
assistance
19. Rwanda Governance
Board
Governance score card Monitoring of governance
performance
Promote role of internal audit
and audit committees
Promote adoption of best
practices in public
governance
20. Rwanda Public
Prosecution Authority
Forensic investigations Prosecution of criminal
offenses
Prosecution fraud cases
following fraud investigation
21. Rwanda National Police Forensic investigations Law and order, Fraud investigations
OCIA 2013-2018 Strategic Plan
20 | P a g e
Stakeholder Area of collaboration Role / responsibility What the stakeholder can
do for IA
investigations
22. Ombudsman Code of ethics monitoring Corruption and ethical code Handling whistle blowing
incidences
23. Rwanda Public
Procurement Authority
Training, monitoring of
procurement review
findings
Regulation of public
procurement
Capacity building and
monitoring of audit
recommendations
24. Institute of internal
auditors
Membership and
certifications
Standards and quality
control
Public awareness on the role
of internal audit
25. Institute of Certified
Accountants of Rwanda and
ACCA
Membership and
certifications
Regulation of accounting
profession and training
Training of auditors on
CPA(R) qualification
26. Media Articles and features Dissemination of
information
Raise awareness on internal
auditing, risks, controls
27. Consultants Advise, assignments Technical support and
training
Implementation of strategic
plan
3 Strategy Formulation
3.1 Basis for developing the strategic plan
Experience and lessons learnt in implementing the 2010 – 2013 OCIA strategic plan and the
implementing 2011-2013 Capacity Building Program, various studies and reviews, internal
consultations and consultations with various stakeholders, have indicated that internal audit
skills in the country were still low and radical measures were needed to entrench internal audit
reforms and enhance its effectiveness towards international practices. In particular, auditors
from MDAs were found to lag behind in implementing skills imparted during trainings and
were unable to effectively use manuals and tools provided, mainly due to lack of coaching.
Auditors at the OCIA being a larger team received constant coaching and supervision from
the CIA and Resident Internal Audit Advisor and also share experience more. This disparity in
skills transfer poses a significant threat to the capacity building program at the decentralized
level.
OCIA 2013-2018 Strategic Plan
21 | P a g e
To remedy the situation, it was found necessary to craft a multi faceted and broad based
internal audit reform strategy that builds and sustains the gains realized by the capacity
building initiatives undertaken to date and addresses impediments to change, while
introducing new techniques. This SP presents a systematic and broach based approach that
draws in expectations and support of internal audit stakeholders to take up their governance
role in promoting internal audit effectiveness.
This strategic plan lays a clear roadmap to building a sustainable internal audit function that is
a change agent in public financial management and has the capacity and momentum to
spearhead internal audit capacity building efforts while reducing reliance on technical
assistance from consultants.
The areas of strategic focus identified above were mapped into the following six broad pillars
that cover all the aspects public sector internal audit practice.
1) Regulating and Coordination - the establishment, development and coordination of
internal audit function in government to ensure it contributes to an effective and
efficient public financial management system
2) Organizational structure and internal audit responsibilities - the way that Internal
Audit is structured and supported by the organisation to allow it to deliver its terms of
reference
3) Human Resources and Leadership - the availability (both in terms of quality and
quantity) and management of audit resources to allow internal audit to deliver its remit
4) Audit process, tools and techniques - the processes, tools and techniques in place that
ensure the efficient and effective completion of audit work
5) Communication and Reporting - the way that the function interacts with the
organisation and third parties to ensure that the results of the audit work are fully
understood and appropriately acted upon;
6) Performance Management and accountability - the procedures in place to ensure that
audit work is of a consistently high quality and that internal audit continuously
OCIA 2013-2018 Strategic Plan
22 | P a g e
monitors (and reports) its performance to ensure and evidence that it meets its set
objectives.
3.2 Steps followed in developing the strategic plan
Development of the strategic plan followed a systematic approach based on practice guide on
Developing the Internal Audit Strategic Plan issued by the Institute of Internal Auditors in
July 2012 whose key steps are outlined below.
The strategic plan was has been informed by several studies including:
• PEFA assessment and assessments by various consultants;
• SWOT analysis conducted by the Office of the GCIA team Annex 4,
• A gap analysis against Public Sector Internal Audit Capability Model
• A gap analysis against International Standards for the Professional Practice of Internal
Auditors
• Benchmarking with Internal Audit units of Governments
• Interviews with 10 MINECOFIN senior managers
• Survey of 65 internal auditors conducted in January 2012
• Training impact assessment survey of 16 internal audit units
• Discussions in various internal audit forums
• Feedback obtained from internal auditors, audit committee and chief budget managers
• Stakeholders consultations including development partners and other.
A two day strategy workshop was held by the Office of the GCIA team before the SP was
presented to MINECOFIN senior management and stakeholders for validation.
Industry & Objectives
Standards & Guidance
Stakeholders Expectations
Stakeholders Expectations
Vision Critical success factors
SWOT Analysis
Key initiatives
OCIA 2013-2018 Strategic Plan
23 | P a g e
3.3 Monitoring Key Performance Indicators
Internal audit function in Government of Rwanda is a relatively young function that is yet to
mature. This is also the reality of the accountancy profession in the country in general and
auditing in particular.
The overall objective of the strategy is to transforming the internal audit function from
between level 1 and 2 of the IA-CM to level 4 by the end of five years. Key performance
indicators and a monitoring framework has been developed. This will be attained when the
following key performance indicators are achieved
a) Full compliance with the GoR internal audit regulations by the end of year three.
b) Full conformance to International Standards for the professional practice of internal
auditors, code of ethics, and the internal audit definition by the end of year four.
c) Attaining and maintaining PEFA score A rating by the end of year four
d) Creating a critical mass of professionally qualified internal auditors in ACCA and CIA by
the end of five years.
e) Commence developing specialized audit skills including CFE and CISA at the start of year
three.
These targets assumes that the activities indicated in this strategic plan will be implemented
without undue delay and that policy actions will be taken to remove capacity building
constraints to create an enabling environment.
OCIA 2013-2018 Strategic Plan
24 | P a g e
4 Strategic Pillars
The strategies under each pillar are detailed below.
4.1 Pillar 1: Regulating and Coordination
Objective: Ensure internal audit function is established in laws, regulations and in ministries,
districts and budget agencies
4.1.1 Context of the pillar
Internal audit regulations establishing internal audit, internal control and audit committees are
in place and are currently being reviewed with a view of enhancing them to reflect current
environment, close gaps and incorporate best practices including risk management. There is
need to develop an implementation plan to ensure full compliance with the regulations in the
medium term. A proposal has been made to anchor internal audit, the Office of the Chief
Internal Auditor, risk management and audit committee in the Organic Law on State
Finances and Property which is currently undergoing review to enhance recognition of
internal audit role in public financial management similar to other commonwealth
jurisdictions. Approval and roll out of the risk management policy guidelines drafted by the
Office of the CIA will give auditors an opportunity to add more value in its implementation
and assist in adoption of risk based auditing.
Recent interviews with stakeholders indicated there was low stakeholders’ engagement both at
the OCIA and MDAS resulting in low awareness and support to internal audit activities. IA
and AC charters which delineate the role of IA and that of ACs and their relationships with
their stakeholders have been developed. Audit committees have been established in Local
Government but are yet to become effective. ACs have been appointed in some ministries. A
communication plan will be put in place to raise awareness on the role of internal audit and
where appropriate memorandum of understanding developed e.g. with the Auditor General
Office and National Public Prosecution Authority.
OCIA 2013-2018 Strategic Plan
25 | P a g e
The Office of the CIA has a due role of supervising internal audit units (including regulation,
consolidating reports, monitoring audit recommendations and capacity building) and
conducting internal audit assignments in MDA. At the time of developing this strategy the
OCIA team expended more effort in conducting assignments. The Office of the CIA has
started to centrally monitor implementation of internal audit recommendations to foster the
role of the Ministry of Finance and Economic Planning in monitoring the public financial
management system to ensure accountability and transparency in use of public funds. A
quarterly implementation report will be prepared and sent to the Minister with a copy to the
PS/ST.
There is need to ensure that the Office has adequate qualified and experienced staff who can
effectively supervise internal audit units and conduct capacity building while reducing
reliance on consultants. This may require a change in entry level for new staff and
departmentalization of the directorate based on specialized skills and roles to accelerate skills
development. At the moment all auditors perform the same tasks. The department also needs
to be more selective in choosing assignments to conduct e.g. where there are no internal
auditors, coaching of internal auditors, responding to management requests and assignments
requiring specialized skills. More focus also need to be laid on consolidating audit reports,
consolidating monitoring reports, and supervising and coordinating internal audit units.
4.1.2 Strategic Drivers
• Strengthening internal audit institutional capacity in line with its mandate (3).
• Consolidating audit reports and centrally monitor audit recommendations (6).
4.1.3 Strategic actions of this pillar & sub-activities
(1) Enhance and comply with regulations on internal audit, audit committee internal
control
a) Management, IA and AC role in risk management recognized in OL on State Finances
and Property to enhance compliance
OCIA 2013-2018 Strategic Plan
26 | P a g e
b) Update audit committee, internal audit charter and IA regulations to include roles in
risk management
c) Hold annual workshops and annual conference for internal auditors
(2) Operationalise internal audit, audit committee and mobilize stakeholders
a) Conduct training for various stakeholders to raise awareness on regulations, guidelines
and IA standards.
b) Establish audit committees in public entities and monitor audit committee in the
Government entities.
c) Develop and disseminate audit committee handbook and tools.
d) Provide continuous training to audit committees on their role in financial reporting,
risk management, internal and external audit, internal controls, stakeholder
relationships etc.
e) Annual audit committee report on AC responsibilities and performance, and opinion
on internal controls including internal audit.
(3) Increase internal audit visibility and integration in public governance
a) Develop effective relationship with other arms of government, development partners,
professional associations
b) Professional membership in Institute of Internal Auditors
c) Prepare publicity materials to promote awareness of the role of IA and AC in control,
risk management, governance , fraud detection etc
(4) Networking and Knowledge Sharing
a) Purchase reference books and subscribe to knowledge databases
b) Develop internal audit intranet, extranet, group emails etc for networking and
knowledge sharing
(5) Develop and implement quality assurance program
a) Implement an internal quality assurance review mechanism
b) External quality assurance review conducted by independent consultants
OCIA 2013-2018 Strategic Plan
27 | P a g e
4.2 Pillar 2: Organizational structure and internal audit responsibilities
4.2.1 Context of the pillar
The structure of the OCIA is not optimal and the office lacks adequate skills to undertake
specialized audits and build capacity of internal audit units across the country. Internal
auditors in MDAs are lowly ranked, and few in number, all ranked in the same position of
internal auditor making supervision difficult. Head of internal audit position although
envisaged in article 9 of the Ministerial Order has not been implemented. It is also been
challenging for the OCIA team to centrally supervise the large number of internal audit units.
Management in some entities exerts undue influence on internal auditors scope and reporting
to select less risk areas affects their objectivity. The OCIA and audit committees need to play
a more active role in recruitment, assessment and termination of auditors.
Although internal audit has adopted a risk based audit methodology, most internal auditors do
not conduct risk assessment in order to identify the audit areas to prioritize in the risk based
annual plans. Adoption of a risk management framework will facilitate risk based audit
approach. Internal audit currently lacks skills to undertake IT audits and fraud investigations
which carry significant risks. Internal audit spends significant amount of time in conducting
financial review and compliance audit, however quality improvement is needed. The OCIA
has proposed a structure that reflects the different roles and responsibilities and specialized
skills. See Annex 7.
Internal audit role should evolve to respond to management needs. Internal audit function can
also perform other responsibilities such as conducting inspections and risk management
facilitation.
4.2.2 Strategic Drivers
• Strengthening internal audit institutional capacity in line with its mandate (3).
• Promoting best practices in public financial management and accountability (9).
• Refocusing internal audit effort to areas of higher risk and to increase audit coverage (10).
OCIA 2013-2018 Strategic Plan
28 | P a g e
4.2.3 Strategic actions of this pillar & sub-activities
(1) Review organizational structure to match internal audit mandate
a) Review internal audit structure at OCIA and MDAs to ensure adequate internal audit
resources, skills and coverage
b) OCIA to allocate time appropriately between coordination, capacity building and audit
assignments
c) Attracting experienced and skilled people especially to OCIA
d) Develop capacity to provide specialized internal audit services within OCIA
e) Outsource review of IFMIS and other mission critical systems to specialized IT
consulting firms
f) Coach internal auditors to increase audit coverage
(2) Enhance independence of internal audit function
a) OCIA to advise in recruitment, performance and termination of employment of
internal auditors in MDAs
b) OCIA to review and follow up implementation of audit plans
c) OCIA consolidates Internal Auditors’ independence declaration forms
(3) Ensure appropriate internal audit focus
a) Increase number of system audits carried out as opposed to compliance and transaction
audits
b) Conduct annual risk assessment and develop risk based audit plans
(4) Provide consulting services and develop tools to improve risk management and
internal control systems
a) Obtain senior management approval and champion implementation of risk
management guidelines in MDAs
b) Promote implementation of international internal control framework e.g. COSO, PIFC,
COBIT
OCIA 2013-2018 Strategic Plan
29 | P a g e
c) Provide assurance reports and opinion on adequacy of risk management and internal
control systems
4.3 Pillar 3: Human Resources and Leadership
4.3.1 Context of the pillar
There is general lack of adequate accounting skills in particular internal audit skills in the
country. The Government has been sponsoring accountants and internal auditors to pursue
ACCA professional exams but the success rate has been low. The Government has also
undertaken to sponsor internal auditors in specialized internal audit professional qualifications
including Certified Internal Auditor (CIA), and office of the CIA team in Certified Fraud
Examiner (CFE) and Certified Information Systems Auditor (CISA). The Office of the CIA is
in the process of recruiting candidates for CIA exams from Ministries, Districts and Agencies.
This underscores the Government commitment to develop internal audit skills. Auditors from
semi-autonomous institutions are encouraged to seek the support of their entities in pursuing
similar professional trainings.
In addition the OCIA has identified a number of short term courses that it will offer to develop
key internal audit competencies. The courses are benchmarked to the Institute of Internal
Auditors and other service providers. The Office of the CIA needs to establish a training unit
as recommended by COWATER to coordinate the various trainings listed in the training
needs assessment, Annex 9.
It is equally important to have a strong cadre of internal audit leaders who can effectively
manage the internal audit units and effectively interact with management at all levels and
audit committees. The position of the CIA is the only full internal audit management position
in Central and Local Government. This makes it difficult to effectively support internal
auditors on operational issues and at the same time focus on strategic issues of the department
and effectively engage stakeholders.
OCIA 2013-2018 Strategic Plan
30 | P a g e
There is need to review internal audit organization structure both at the OCIA and internal
audit units in MDAs. The number, structure and grading can be considered with a view of
optimizing professional development and staff retention.
4.3.2 Strategic Drivers
• Strengthening internal audit institutional capacity in line with its mandate (3).
• Enhancing skills development through coaching and mentoring (4).
• Promoting professional qualifications such as CFE, CISA, CIA and ACCA etc (7).
4.3.3 Strategic actions of this pillar & sub-activities
(1) . Implement professional and competency development framework
a) Obtain approval and implement internal audit competency framework
b) Internal auditor Training and Development Plan implemented
c) Implement an internal audit leadership training program
(2). Enhance professional and skills training
a) Internal auditors to pursue ACCA, CIA professional training
b) Internal auditors to pursue technical professional qualifications including: CFE, CISA,
CRMA
c) Develop public sector internal audit diploma
d) Sponsor internal auditors to attend regional and international professional conferences
e) OCIA organizes short courses for internal auditors
Quality of reports Better communication with auditees − Issue quality audit reports
Relationship with auditees Raise awareness on the role of internal audit − Capacity building
Government policies Advise on developments and implementation
of government policies
− Market consulting role to management
SWOT Analysis - Threats
Area Threat How threat can be prevented
Internal audit
Leadership and
management skills
Lack of leadership and audit management skills − International leadership development
program to increase exposure
Communication Failure to secure executive management and
stakeholders engagement commitment to strategic
plan and implementation of audit recommendations
− Marketing of internal audit to management
through regular senior management
presentations
− Organize workshops and produce brochures
OCIA 2013-2018 Strategic Plan
61 | P a g e
to inform stakeholders of its mission
Staff turnover High staff turnover due to better terms outside,
performance and independence challenges
− Review internal audit structure through
MIFOTRA
− Introduce annual recruitment of graduates to
factor in staff turnover.
- Introduce career path
Organization
structure
Review of IA structure dependent on approval of
MIFOTRA
As above
Professional
qualifications
Internal audit grade is unable to attract experienced
and qualified professional
As above
IA independence
and objectivity
Internal auditors intimidated by fear of losing
employment and are influenced in selecting audit
assignments
OCIA to participate in evaluation and
termination of IAs
Awareness workshops
Consulting
services
IA are at the lowest rank in their organizations and
not highly regarded to give consultancy services
As above
VPN connectivity TeamMate users are not connected remotely to
MINECOFIN server
Follow up with ICT department for resolution
or use work around
Internal control
environment
Weak internal control environment in public sector Identify cross cutting issues and develop
interventions including training with IA
stakeholders
Awareness of the
role of internal
audit
Low awareness by management on how internal
audit can be used to add value to their organizations
Raise awareness on the role of internal
auditing in different forums
Financial support Inadequate financial support to sustain capacity
building
Budget for required resources as appropriate
IFMIS control
environment
Lack of adequate audit trail, inadequate input
controls and database integrity
Play an advisory role in IFMIS
implementation.
Change in
government policy
Influence by elected and appointed officials Recognize internal audit in legal framework
Raise awareness through presentations,
magazine
Employment
terms
Internal auditors employed on contract influence
objectivity and independence
Lobby for reversal of contract employment
except where auditors are working on project
OCIA 2013-2018 Strategic Plan
62 | P a g e
to enhance independence.
Audit committees Audit committees still new. These were set up in
districts in 20111 and in central government in 2013.
− Provide allowance to ACs
− Training of audit committees
− Monitor performance of AC
Appointment of audit committees in central
government
Goals and
objectives
Failure to agree on common goals and objectives
with stakeholders
− Market the role of internal audit
− Discuss strategic plan and action plan with
stakeholders
Benchmarking
with other
Governments’
internal audit
functions
Lack of exposure to techniques employed by auditors
in other governments
− Study tours
Change
management
Failure to implement audit procedures by some
auditors
− Develop change management strategies to
overcome personal barriers to change and
manage benefits
OCIA 2013-2018 Strategic Plan
63 | P a g e
Annex 5: Public Sector Internal Audit Capability Model Matrix The model below is developed by the Global Institute of Internal Auditors and shows best practices that should be institutionalised at different maturity levels.
Services and
Role of IA
People Management Professional
Practices
Performance
Management
and
Accountability
Organizational
Relationships
and Culture
Governance
Structures
Level 5 –
Optimizing
IA Recognized
as Key Agent of
Change
Leadership
Involvement with
Professional Bodies
Workforce Projection
Continuous
Improvement in
Professional Practices
Strategic IA Planning
Public Reporting
of IA
Effectiveness
Effective and
Ongoing
Relationships
Independence,
Power, and
Authority of the
IA Activity
Level 4 –
Managed
Overall
Assurance on
Governance,
Risk
Management,
and Control
IA Contributes to
Management
Development
IA Activity Supports
Professional Bodies
Workforce Planning
Audit Strategy
Leverages
Organization’s
Management of Risk
Integration of
Qualitative and
Quantitative
Performance
Measures
CAE Advises and
Influences Top-
level
Management
Independent
Oversight of the
IA Activity
CAE Reports to
Top-level
Authority
Level 3 –
Integrated
Advisory
Services
Performance/V
alue-for-Money
Audits
Team Building and
Competency
Professionally
Qualified Staff
Workforce
Coordination
Quality Management
Framework
Risk-based Audit
Plans
Performance
Measures
Cost Information
IA Management
Reports
Coordination
with Other
Review Groups
Integral
Component of
Management
Team
Management
Oversight of the
IA Activity
Funding
Mechanisms
Level 2 –
Infrastructure
Compliance
Auditing
Individual
Professional
Development
Skilled People
Identified and
Recruited
Professional Practices
and Processes
Framework
Audit Plan Based on
Management/
Stakeholder Priorities
IA Operating
Budget
IA Business Plan
Managing within
the IA Activity
Full Access to the
Organization’s
Information,
Assets, and
People
Reporting
Relationship
Established
Level 1 –
Initial
Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs
dependent upon the skills of specific individuals holding the position; no specific professional practices established other than those
provided by professional associations; funding approved by management, as needed; absence of infrastructure; auditors likely part of a
larger organizational unit; no established capabilities; therefore, no specific key process areas
Annex 7: Proposed Internal Audit Structure Proposed Structure for District
Notes:
(i.) The proposed structure introduces the position of Director of Internal Audit to enhance supervision lacking in current structure;
(ii.) There is also an increase by one extra internal auditor to address the high volume of work particularly relating to subsidiary entities.
Proposed structure for Ministries:
OCIA 2013-2018 Strategic Plan
81 | P a g e
Notes:
(i.) The proposed structure introduces the position of Director of Internal Audit to empower the internal audit units to be more independent, enhance supervision lacking in current structure and one extra internal auditor to enhance coverage within including single project units, inspections and risk management.
(ii.) Complex/large government entities such as boards and higher learning institutions and major spending ministries can negotiate directly with MIFOTRA for a more robust structure depending on the complexity of the entity.
(iii.) In small ministries and other budget agencies internal audit units will have two internal auditors and will be headed by senior internal auditor.
Proposed structure for Office of the Chief Internal Auditor in MINECOFIN:
Notes:
(i) The proposed structure increase number of Office of the Chief Internal Auditor staff from ten (10) to nineteen (21);
(ii) The increase is aimed to introduce a level of supervision and coverage
OCIA 2013-2018 Strategic Plan
82 | P a g e
(iii) The central government and local government teams will in charge of consolidating audit reports from all public entities and also conducting performance audits and building capacity of internal auditors in other public entities.
(iv) The Inspection and risk management team will lead inspection and forensic audit assignments in high risk institutions and build the capacity of public entities to implement institutional risk management frameworks.
(v) The specialized audit team will conduct value for money assignments; IT Audits on IFMIS and IPPS and other core government systems; other management requests; and support other auditors in implementation of automated audit tools such as TeamMate and IDEA.
(vi) The Quality assurance, capacity building and governance team will monitor the performance of audit committees, coordinate training of all internal auditors and review the quality of reports prepared by the department.
OCIA 2013-2018 Strategic Plan
83 | P a g e
Annex 8: Number of Internal Auditors per Entity
CENTRAL GOVERNMENT
#
Budget Agencies No of Internal auditors per entity
1. SENATE 1
2. Supreme Court 1
3. Prime Minister’s Office 1
4. Ministry of Defense 4
5. Ministry of Education (MINEDUC) 3
6. Ministry of East Africa Community (MINEAC) 1
7. Ministry of Sports and Culture (MINISPOC) 1
8. Ministry of Youth (MINIYOUTH) 1
9. Ministry of Justice (MINIJUST) 1
10. Ministry of Health (MINISANTE) 12
11. 1 Ministry of Trade and Industry (MINICOM)
12. Ministry of Finance and Economic Planning (MINECOFIN) 1
13. Ministry of Public Service and Labour (MIFOTRA) 1
14. Ministry for Infrastructure (MININFRA) 1
15. Ministry of Foreign Affairs (MINAFFET) 1
16. Ministry of Internal Security (MININTER) 1
17. Ministry of Agriculture (MINAGRI) 1
18. Ministry of Disaster Management and Refugees
(
1
MIDIMAR)
19. 1 Ministry of Local Government (MINALOC)
20. Ministry of Natural Resources (MINIRENA) 1
21. Rwanda Institute of Administration and Management
(RIAM)
1
22. Single project Unit /MINICOM 1
OCIA 2013-2018 Strategic Plan
84 | P a g e
23. Rwanda Agricultural Board (RAB) 2
24. National Electoral Commission (NEC) 1
25. Rwanda Public Procurement Authority (RPPA) 1
26. ISAE Busogo 1
27. Integrated Polytechnic Regional Center (IPRC)
South/Kavumu
1
28. Kavumu College 1
29. Kigali Institute of Education (KIE) 1
30. Kigali Institute of Science and Technology (KIST) 2
31. National Curriculum Development Centre 1
32. Rwanda Education Board (REB) 2
33. RBS 1
34. National Agriculture and Export Board (NAEB) 3
35. RBC 5
36. School of Finance and Banking (SFB) 2
37. Student Financing Agency of Rwanda (SFAR) 1
38. Institute of Legal Practice Development (ILPD) 1
39. National Human Rights Commission (NHRC) 1
40. National Public Prosecution Authority (NPPA) 1
41. RURA 4
42. National Police 3
43. Kigali Health Institute 1
44. Kigali University Teaching Hospital (CHUK) 1
45. CHUB 1
46. National Reference Laboratory 1
47. HNP-Ndera ( Mental Hospital) 1
48. NSS - Internal Security 1
49. Rwanda Development Board (RDB) 1
50. 1 Rwanda Natural Resources Authority
51. National Commission for the Fight Against Genocide
(CNLG)
1
52. RCA 1
53. Rwanda Transport Agency 1
OCIA 2013-2018 Strategic Plan
85 | P a g e
54. OMBUDSMAN’office 1
55. Rwanda Housing Authority (RHA) 1
56. NSS - Immigration/Emigration 1
57. CDF 2
58. Kicukiro Integrated Polytechnic 1
59. UMUTARA Polytechnic 1
60. REMA 1
61. Support Project to the Strategic Plan for the Transformation
of Agriculture in Rwanda (PAPSTA)
1
62. PMU-Global Fund/WB 6
63. RRA 10
64. NUR 8
65. SSFR 10
66. EWSA 5
67. ORINFOR 2
68. Gender Monitoring Office 1
69. Institute of National Museums of Rwanda ( INRMR) 1
70. 1 Public Service Commission
71. Workforce Development Authority (WDA) 1
72. RSSP&LWH 1
73. Special Guarantee fund 1
TOTAL 140
LOCAL GOVERNMENT
#
Province/ District No. of internal Auditors per entity