1. PRESENTATION TO THE
PARTNERS OF IG MPW
IndII Activity P243-02: Governance Reform
in Internal Audit Function (IG-MPW)

2. Internal Audit Capability Model
(IA-CM) for the Public Sector
Overview Presentation
Libby MacRae
Bob McDonald
2

3. Agenda
The IA-CM
– Its structure and underlying concepts
– Principles in its application
– Using the IA-CM
3
3

4. What is the IA-CM?
• A universal model with comparability – principles,
processes and practices
• To be used globally to improve internal auditing
• Framework for assessing capabilities against standards
and practices
• Communication vehicle for defining and advocating
the importance of internal auditing
• Roadmap and toolkit for orderly improvement
4

5. Underlying Principles
IA Activity’s Obligations
• Be an integral component of effective governance in the
public sector
• Assist organizations achieve their objectives and account for
their results
Organization’s Obligations
• Determine optimum level of IA capability to support required
governance structures
• Achieve and maintain the desired capability
5
5

6. Underlying Principles
Selecting Optimum Capability
• Three variables
– Environment
– Organization
– IA Activity
• Different capability required
• Auditing must be cost-effective
• No “one size fits all”
6
6

7. IA-CM Levels
IA learning from inside and outside the organization for LEVEL 5
continuous improvement Optimizing
IA integrates information from across the organization to improve LEVEL 4
governance and risk management Managed
IA management and professional practices LEVEL 3
uniformly applied Integrated
Sustainable and repeatable IA LEVEL 2
practices and procedures
Infrastructure
No sustainable,
repeatable
capabilities –
LEVEL 1
dependent upon Initial
individual efforts
7
7

8. Level 1- Initial
• Ad hoc or unstructured
• Isolated single audits, document reviews, transaction
verification
• Outputs dependent on incumbent skills
• No professional practices or standards applied
• Funding approved by management as needed
• Absence of Infrastructure
• Auditors likely belong to a larger organizational unit
• Institutional capability not developed
8

9. Level 2- Infrastructure
• Repeatable processes or capability established
• Reporting relationships, management, administrative
infrastructure, professional practices established
• Audit planning based principally on management
priorities
• Continued reliance essentially on skills and
competencies of incumbents
• Partial conformance with IIA Standards
9

10. Level 3 - Integrated
• Defined IA policies, procedures, documented and
integrated into organization structure
• IA management and professional practices well
established, uniformly applied
• IA beginning to align with business and its risks
• IA providing advice on performance and
management of risks
• Focus on team building and IA capacity and
independence and objectivity
• Generally conforms to IIA Standards
10

11. IA-CM 1-page Matrix © 2009, The IIA Research
Foundation – All Rights Reserved
Services and Role People Management Professional Performance Organizational Governance
of IA Practices Management and Relationships Structures
Accountability and Culture
Level 5 – Leadership Continuous
Optimizing Involvement with Improvement in
IA Recognized as Public Reporting of Effective and Independence,
Professional Bodies Professional
Key Agent of IA Effectiveness Ongoing Power, and
Practices
Change Workforce Projection Relationships Authority of the IA
Strategic IA Activity
Planning
Level 4 – IA Contributes to Independent
Managed Management Oversight of the
Overall Assurance Audit Strategy Integration of CAE Advises and
Development IA Activity
on Governance, Leverages Qualitative and Influences Top-
Risk Management, IA Activity Supports Organization’s Quantitative level CAE Reports to
and Control Professional Bodies Management of Performance Management Top-level
Risk Measures Authority
Workforce Planning
Level 3 – Team Building and Quality Performance Coordination with Management
Integrated Competency Management Measures Other Review Oversight of the
Advisory Services
Framework Groups IA Activity
Professionally Cost Information
Performance/
Qualified Staff Risk-based Audit Integral Funding
Value-for-Money IA Management
Plans Component of Mechanisms
Audits Workforce Reports
Management
Coordination
Team
Level 2 – Individual Professional Full Access to the
Infrastructure Professional Practices and Managing within Organization’s
Compliance IA Operating
Development Processes the IA Activity Information,
Auditing Budget
Framework Assets, and
Skilled People
IA Business Plan People
Identified and Audit Plan Based
Recruited on Management/ Reporting
Stakeholder Relationships
Priorities Established
Level 1 – Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs
Initial dependent upon the skills of specific individuals holding the position; no specific professional practices established other than those
provided by professional associations; funding approved by management, as needed; absence of infrastructure; auditors likely part of a
larger organizational unit; no established capabilities; therefore, no specific key process areas

12. Key Process Area (KPA)
Key Process Area
Purpose
Essential
Activities
Outputs
Outcomes
Institutionalizing Practice
Examples
12
12

13. People Management
Level 2 – Infrastructure
Skilled People Identified and Recruited
Purpose – To identify and attract people with the necessary competencies and
relevant skills to carry out the work of the IA activity. Appropriately qualified
and recruited internal auditors are more likely to provide credibility to the
internal audit results.
Essential Activities
• Identify and define the specific audit tasks to be conducted
• Identify the knowledge, skills (technical and behavioral), and other
competencies required to conduct audit tasks
• Develop job descriptions for positions
• Determine proper pay classification for positions
• Conduct valid, credible recruitment process to select appropriate candidates
13
13

14. People Management
Level 2 – Infrastructure
Skilled People Identified and Recruited
Outputs
• Internal audit positions are filled with appropriately qualified persons
Outcomes
• Audit work is conducted with due professional care
• There are credible audit observations, conclusions, and recommendations
Institutionalizing Practice Examples
• Visible commitment and support through senior management action to ensure that a
competent and qualified CAE is in place, and the necessary resources are provided to
appropriately staff the IA activity
• Staffing and recruitment policy
• Job descriptions
• Classification system, including levels specific to internal auditing
14
14

15. Institutionalizing a Key Process Area
Commitment
To Perform
Activities
Activities Ability to
Verified Perform
Key Process
Activities
Area
Activities Activities
Measured Performed
15

16. Using the IA-CM as an Assessment Tool
• Understand the purpose and structure of the IA-CM
• Identify the KPAs that appear to be institutionalized by
the IA activity
• Obtain and review documentation re: IA activity,
organization, and environment
• Interview managers/stakeholders
• Confirm the actual KPAs institutionalized
• Determine the capability level
• Communicate and confirm the opportunities for
improvement
• Develop and implement the improvement plan
16
16

17. Principles in its Application
• Apply professional judgment
• Environmental and organizational factors
• A practice cannot be improved if it cannot be repeated
• Capability gets built in steps/stages
• KPAs at one level set the foundation for KPAs at the next
level
• A KPA is achieved when it is institutionalized into the
culture of the IA activity
• All KPAs, up to and including the KPAs at a given level,
must be institutionalized to achieve that level
• Not all all elements need be at the same level 17
17

18. Important Considerations
• All levels in the IG participate
• Organizational management and stakeholder support
• Processes are institutionalized and sustainable
18

19. Procurement Standards in
Indonesia
IndII Activity P243-02: Governance Reform
in Internal Audit Function (IG-MPW)
Presented by Rob Thompson
IndII Activity P243-02: Governance Reform
9/6/2012
in Internal Audit Function (IG-MPW)

20. The Procurement Process
Identify the Need
Review of Approval to Proceed
Performance
Develop Contract Strategy
Payment
Manage Set Evaluation Criteria
Relationship
Develop the Specification
Monitor
Performance Define the
Contract Award Contractual Terms
Clarify/ PTN VFM Research the
Analyse Quotes/ Market
Tenders
Invite Quotes/ Identify Pre-Qualification
Tenders and Select Bidders

21. Key Areas of Procurement Activity
• Good Sourcing Principles and Practices
• Price and Cost Analysis
• Inventory Management
• Legal Protection
Procurement Competencies being prepared

22. Approach
• Analysis of current competencies, procedures, practices and policies
• Work with MPW management and selected DG’s to enhance
procurement competency
• Develop and support the ULP in developing good procurement
practice
• Applying Risk Assessment & Management techniques to all
procurement
• Introduction of best practice procurement training
• Presenting and mentoring the introduction of new procurement
tools and techniques
• Providing practical guidance to MPW & DG’s to ensure a consistent
application of best practice techniques

23. Key Messages
• Early involvement (by both parties) in the
procurements to resolve potential risk areas in
time
• Shared understanding of what is procurement
• Integrate lessons learnt from past experience in
future training and procurement practices
• Best practice contract management
• Cost not price
• Performance not conformance
• Consistency in actions.

24. Best Practice Procurement
WILL
achieve compliance,
Compliance alone does not
ensure a best value for money
procurement.
IndII Activity P243-02: Governance Reform
9/6/2012
in Internal Audit Function (IG-MPW)