Upload
nguyenthien
View
234
Download
3
Embed Size (px)
Citation preview
OCIA 2013-2018 Strategic Plan
1 | P a g e
REPUBLIC OF RWANDA
MINISTRY OF FINANCE AND ECONOMIC PLANNING
P.O.BOX 158 KIGALI
Prepared by:
Office of Chief Internal Auditor
June 2014
OCIA 2013-2018 Strategic Plan
Theme: Transforming Internal Audit Function to Promote Public Accountability
OCIA 2013-2018 Strategic Plan
3 | P a g e
TABLE OF CONTENTS
Executive summary ............................................................................................................................................ 1
Abbreviations ..................................................................................................................................................... 5
1. Introduction ............................................................................................................................................... 7
1.1 Background information .................................................................................................................... 7
1.2 Legal Framework and Mandate ......................................................................................................... 7
1.3 Vision and Mission Statements .......................................................................................................... 8
1.4 Key Objectives .................................................................................................................................... 8
1.5 Core values ......................................................................................................................................... 9
1.6 Internal Audit Organization structure ................................................................................................ 9
1.7 Key strategic issues .......................................................................................................................... 10
2. Situation Analysis ..................................................................................................................................... 10
2.1 Internal audit value proposition ...................................................................................................... 11
2.2. Drivers of change ............................................................................................................................. 12
3 Strategy Formulation ............................................................................................................................... 20
3.1 Basis for developing the strategic plan ............................................................................................ 20
3.2 Steps followed in developing the strategic plan .............................................................................. 22
3.3 Monitoring Key Performance Indicators .......................................................................................... 23
4 Strategic Pillars ......................................................................................................................................... 24
4.1 Pillar 1: Regulating and Coordination .............................................................................................. 24
4.2 Pillar 2: Organizational structure and internal audit responsibilities .............................................. 27
4.3 Pillar 3: Human Resources and Leadership ...................................................................................... 29
4.4 Pillar 4: Audit Process, Tools and Techniques .................................................................................. 31
4.5 Pillar 5: Communication and Reporting ........................................................................................... 33
4.6 Pillar 6. Performance Management and accountability .................................................................. 34
5. Strategy Implementation Plan ................................................................................................................. 36
Oversight of the strategic plan ..................................................................................................................... 36
5.1 Sequencing Implementation of the Strategic Plan .......................................................................... 38
6. Resource mobilisation .............................................................................................................................. 42
6.1 Organisation structure and staffing levels ............................................................................................. 42
6.2 Costing summary of the strategic plan .................................................................................................. 43
OCIA 2013-2018 Strategic Plan
4 | P a g e
7. Monitoring & Evaluation .......................................................................................................................... 46
7.1 Performance Indicators .......................................................................................................................... 46
7.2 Targeted outputs and outcomes ...................................................................................................... 46
7.3 Risks and Mitigating Measures ........................................................................................................ 47
Annex 1: Definitions ......................................................................................................................................... 48
Annex 2: References ........................................................................................................................................ 50
Annex 3: People and Institutions Consulted .................................................................................................... 52
Annex 4: SWOT Analysis .................................................................................................................................. 53
Annex 5: Public Sector Internal Audit Capability Model Matrix ...................................................................... 63
Annex 6: Detailed sequencing of implementation .......................................................................................... 64
Annex 7: Proposed OCIA Structure .................................................................................................................. 80
Annex 8: Number of Internal Auditors per Entity ............................................................................................ 83
Annex 9: Internal Audit Training Needs Assessment ....................................................................................... 87
OCIA 2013-2018 Strategic Plan
1 | P a g e
Executive summary
i. Introduction
Internal Audit in Government of Rwanda (GoR) was established in 2006 after the enactment of the Organic Law No. 37/2006 of 12th
September 2006 on State Finances and Property. This Strategic Plan builds on the improvements accomplished in strengthening internal audit in GoR through capacity building initiatives undertaken since 2010.
The Minister in charge of Finance has the responsibility under Organic Law N° 12/2013/OL of 12/09/2013 on State finances and property to ensure the adequacy of internal audit, to know and monitor risks related to management and internal audit arrangements. International standards for the professional practice of internal auditing (2060) require the Head of Internal Audit to periodically report to Senior Management and the Board on internal audit’s purpose, authority, responsibility, and performance. The Organic Law requires the Chief Internal Auditor to provide indicators for internal audit and risk management and monitor and coordinate services of internal auditors in public entities. This strategic plan has been developed to fulfill this responsibility. The strategic plan (2013-2018) sets the goals and strategies that the Office of the CIA will pursue over the next five years. It is a commitment by the OCIA to improve internal audit function in GoR in line with aspirations set in MINECOFIN and the PFM sector strategic plans. The strategy aims at transforming internal audit into a sustainable internal audit function capable of being a change agent in Government and is based on the internationally recognized Public Sector Internal Audit Capability Model developed by the Institute of Internal Auditors (Annex 5). Capacity building efforts undertaken to date have yielded positive results and build a solid foundation for further capacity building. However various assessments show that the Internal Audit professional skills in the country remained low and reforms needed to be deepened to mainstream best practice in internal audit units in MDAs.
To speed up the pace in transforming internal audits on the job training and other change management techniques will be used to impart technical and behavioral and audit management skills.
ii. Mission, vision and values
The OCIA vision is “to improve the effectiveness of IA functions for the purpose of strengthening internal controls in financial management and reliability of reporting by MDAs.” The mission of the Internal Audit Units is to help Ministries, Districts and Agencies (MDAs) satisfy their statutory and fiduciary responsibilities; and use public resources efficiently. This vision and mission is aimed at promoting the highest standards of accountability and transparency in public financial management in line with the PFM reform 2008-2012 strategy and 2013-2018 PFM SSP. To complement the vision and mission and ensure ethical professional behavior of internal auditors, the Office of the CIA has identified the following as its core values: Integrity; Objectivity; Professional Competence and Confidentiality.
OCIA 2013-2018 Strategic Plan
2 | P a g e
Internal auditors are also guided by international standards for the professional practice of internal auditing developed by the institute of internal auditors, the code of ethics for internal auditors, internal audit charter and the internal audit procedure manual when carrying out their work.
iii. Strategic priorities and pillars
The following strategic priorities were identified by analyzing the current situation, IA mandate and the strategic issues facing internal auditing:
1) To address gaps identified in different reviews including PEFA 2010 and COWATER 2010; 2) To comply with International Internal Auditing Standards and best practices; 3) To strengthen internal audit institutional capacity in line with its mandate; 4) To enhance skills development through coaching and mentoring; 5) To reinforce the positive Tone at the Top and promote good governance; 6) To consolidate audit reports and centrally monitor audit recommendations; 7) To promote professional qualifications such as CFE, CISA, CIA and ACCA; 8) To build the capacity of internal auditors to audit in a computerized environment; 9) To promote best practices in public financial management and accountability; 10) To refocus internal audit effort to areas of higher risk and to increase audit coverage; 11) To strengthen audit committees’ oversight role; 12) To automate audit process to increase audit efficiency; 13) To focus on managing change and overcoming staff and organizational barriers to change; and 14) To strengthen internal audit capacity to deal with its stakeholders effectively. These priorities have been summarized into the following six pillars each with a strategic objective to assist in assigning responsibilities.
1) Ensure internal audit function is established in laws, regulations and in ministries, districts and budget agencies (Regulating and coordination pillar).
2) Internal audit has an appropriate organization structure to effectively discharge its mandate and engage its stakeholder (Organisational structure and internal audit roles pillar).
3) Internal audit is staffed with the adequate, skilled and competent staff to provide quality internal audit services and meet stakeholders’ expectations (Human Resources and Leadership pillar).
4) To ensure efficiency and effectiveness in the audit process by employing efficient audit procedures and techniques (Working practices pillar).
5) To ensure that the results of the audit work are fully understood and appropriately acted upon to facilitate improvement of internal control environment (Communication and Reporting pillar).
6) To successfully implement the Strategic Plan (Performance Management and accountability pillar).
OCIA 2013-2018 Strategic Plan
3 | P a g e
iv. Policy Actions
The approval and implementation of the following activities require policy dialogue with internal audit stakeholders. Adequate planning and resources will be essential for successful implementation.
Pillar 1: Regulating and coordination
• Role of internal audit and audit committees in risk management included in Organic Law on State Finances and property.
• Establishing and monitoring audit committees in Central Government. • Implementation of a quality assurance and improvement programme and recruitment of an
external quality assurance reviewer every five years.
Pillar 2: Organisational structure and internal audit roles
• Review of OCIA and internal audit units’ organizational structure and number of internal auditors.
• Outsource review of IFMIS and audit of other areas of significant risk where internal audit cadre lack adequate skills.
• Clarify role of OCIA in performance appraisal of internal auditors in MDAs. • Design and implement Ministerial Instructions on enterprise risk management. • Implement internal control monitoring framework.
Pillar 3: Human Resources and Leadership
• Internal audit competency framework approved and implemented. • Internal audit skills development plans approved and implemented.
Pillar 4: Audit process, tools and techniques
• Internal audit and audit committee regulations updated in line with Organic Law on State Finances and Property and financial regulations.
• Purchase of additional CCH Teammate licenses to facilitate audit automation
Pillar 5: Communication and Reporting
• Submission of internal audit reports by entities for consolidation • Submission of reports on implementation of external audit and internal audit recommendations
for consolidation.
Pillar 6: Performance Management and accountability
• Recruitment of technical assistance to support capacity building program. • Develop and monitor internal audit performance indicators. • Review of the strategic plan implementation and develop of next strategic plan.
OCIA 2013-2018 Strategic Plan
4 | P a g e
v) Human and Financial requirements To assist in implementing the strategic plan financial and human resources required have been identified and estimated. The Office of the CIA plans to use capacity building technical assistance during the first two years of implementation of the plan to ensure skills transfer to enable the core team continue implementing the capacity building programme. However, to reach over 200 internal auditors and a similar number of audit committee members in a shorter time, the Office proposes to extend technical assistance to include on the job training to internal auditors in MDAs to accelerate skills transfer. The table below summarizes proposed budget requirements over the five years. The budget for 2013/14 is included in PFM reform basket fund 2013/14 workplan. A detailed breakdown of the cost of each strategic activity is included in section 6.2.
Financial Year 2013/14 2014/15 2015/16 2016/17 2017/18
Estimated Budget USD 430,000 USD 656,000 USD 1,143,000 USD 842,000 USD 633,000
vi) Implementation and Monitoring A comprehensive implementation matrix has been developed to elaborate the strategies and activities aimed at achieving each objective and the expected outputs and outcomes. Activities have been prioritized and sequenced into short term (1-2 years), medium term (3-4 years) and long term (5 years onwards). The Office of the CIA will base its annual action plans on this strategic plan to ensure a seamless implementation. Internal auditors in MDAs will also be required to participate in activities targeting them. The strategic plan has been harmonized with the PFM sector strategic plan to facilitate monitoring by the Office of CIA and PFM secretariat.
OCIA 2013-2018 Strategic Plan
5 | P a g e
Abbreviations AC Audit Committee
ACCA Association of Chartered Certified Accountants
CBM Chief Budget Managers
CBP Capacity Building Programme
CGAP Certified Government Audititing Professional
COBiT Control Objectives for Information and related Technology
CRMA Certification in Risk Management Assurance
COSO Committee of the Cosponsoring Organisations of the Tradeway Commission
EDPRS Economic Development and Poverty Reduction Strategy
GBE Government Business Enterprises
CIA Chief Internal Auditor
ERM Enterprise Risk Management
HIA Head of Internal Audit
IA Internal Audit
IA-CM Internal Audit – Capability Model
IAU Internal Audit Units
ICT Information and Communication Technology
IFMIS Integrated Financial Management Information System
IIA Institute of Internal Auditors
IMF International Monetary Fund
INTOSAI International Organization of Supreme Audit Institutions
IPPF International Professional Practice Framework (of the IIA)
ISACA Information Systems Audit and Control Association
IT Information Technology
MDAs Ministries, Districts and Agencies
MIFOTRA Ministry of Public Service and Labour
MINECOFIN Ministry of Finance and Economic Planning
MOU Memorandum of Understanding
OAG Office of the Auditor General
OCIA Office of Chief Internal Auditor
OCIA 2013-2018 Strategic Plan
6 | P a g e
OL Organic Law
PEFA Public Expenditure and Financial Accountability
PFM Public Financial Management
PFIC Public Financial Internal Control
PS/ST Permanent Secretary and Secretary to the Treasury
RPPA Rwanda Public Procurement Authority
SP Strategic Plan
SSP Sector Strategic Plan
SWOT Strengths Weaknesses Opportunities and Threats
VPN Virtual Private Network
OCIA 2013-2018 Strategic Plan
7 | P a g e
1. Introduction
1.1 Background information
Internal Auditors are mandated to provide independent, objective and systematic evaluation
and improvement of risk management, control and governance processes in government
entities. They accomplish this by providing the following assurance services in addition to
providing consulting services: Financial, Compliance, Value for Money, IT, Systems Audits
and Fraud Investigations.
Internal audit helps to promote accountability and transparency and effective management in
respect of revenue, expenditure, assets and liabilities by conducting audits to assess the health
of the public financial management system and report areas of improvement and misuse of
resources.
The Head of Internal Audit is required to periodically report to Senior Management and the
Board on internal audit’s purpose, authority, responsibility, and performance (Standard 2060:
Reporting to Senior Management and the Board).
By providing assurance on accountability of use of public resources and continuous
improvement, internal auditors play a critical role in assisting management and the boards
discharge their fiduciary responsibility and utilize funds effectively towards meeting the
Economic Development and Poverty Reduction Strategy (EDPRS2) targets, and ultimately
those of Vision 2020.
1.2 Legal Framework and Mandate
Internal audit in Rwanda is established by the Organic Law N° 12/2013/OL of 12/09/2013,
which replaced Organic Law No. 37/2006 of 12th September 2006, on State finances and
property. The function was established in 2006 and preceded by the “Inspection Générale de
Finances (IGF)” department in MINECOFIN. The Law requires the Minister in charge of
OCIA 2013-2018 Strategic Plan
8 | P a g e
Finance “to ensure the adequacy of internal audit, to know and monitor risks related to
management and internal audit arrangements”.
Ministerial Order No. 002/07 of 15th
February 2007 relating to financial regulations devolved
internal control responsibilities to the budget agencies and each agency was required to set up
an internal audit unit. Article 36 of the Ministerial Order established the Internal Audit
Function and gave the Chief Internal Auditor the responsibility of supervising and developing
the internal audit function across all Government entities. The Organic Law N° 12/2013/OL of
12/09/2013 requires the Chief Internal Auditor to provide indicators for internal audit and risk
management and monitor and coordinate services of internal auditors in public entities.
Ministerial Order N°002/09/10/GPIA of 12/02/2009 setting out regulations internal control,
internal audit and Ministerial Instruction N° 004/09/10/MIN of 01/10/2009 established audit
committees in public entities, local government entities and autonomous and semi-autonomous
public entities, regulate internal audit and audit committees respectively.
1.3 Vision and Mission Statements
The OCIA vision is “to improve the effectiveness of IA function for the purpose of
strengthening internal controls in financial management and reporting by MDAs.” The
mission of the Internal Audit Units is to help Ministries, Districts and Agencies (MDAs)
satisfy their statutory and fiduciary responsibilities; and use public resources efficiently. This
vision and mission is aimed at promoting the highest standards of accountability and
transparency in public financial management in line with the PFM reform 2008-2012 strategy
and 2013-2018 PFM SSP.
1.4 Key Objectives
In line with the mission statement stated above, the key objectives of the Office of the CIA are
to:
a) Set up a strong and effective Government Internal Audit function;
b) Formulate and disseminate internal audit regulations, policies, guidelines etc;
OCIA 2013-2018 Strategic Plan
9 | P a g e
c) Ensure capacity building for Internal Auditors and Audit Committees;
d) Provide guidance and supervise Internal Auditors in MDAs;
e) Initiate preventive and corrective measures to improve quality of Public Financial
Management;
f) Conduct audit assignments in any government entity to assess whether risks are
appropriately identified and managed;
g) Provide consulting services to management on internal controls, risk management and
corporate governance;
h) Monitor implementation of the audit recommendations and prepare quarterly reports;
i) Prepare quarterly consolidated internal audit report for all government entities to the
PS/ST, Minister in Charge of Finances and Prime Minister; and
j) Coordinate internal audit work with the Auditor General of State Finances.
1.5 Core values The core values of the Internal Auditors as highlighted in the (draft) code of conduct for
internal auditors are: Integrity; Objectivity; Professional Competence and Confidentiality.
1.6 Internal Audit Organization structure
The Office of the Chief Internal Auditor (Office of CIA) is responsible for regulating,
capacity building and coordinating internal audit units in ministries, districts and agencies, has
10 internal auditors and is headed by the Chief Internal Auditor (CIA) who reports
administratively to the Permanent Secretary and Secretary to the Treasury (PS & ST) and
functionally to the Minister in Charge of Finance. In addition, there are over 200 internal
auditors in 19 Ministries, 4 provinces and Kigali City, 30 Districts, projects and semi
autonomous entities. The number of internal auditors per entity is listed in Annex 8.
Except the CIA and auditors in a few GBEs, all other auditors are in the same rank. All
ministries and districts have between 1-3 auditors all at the same rank. OCIA team is
OCIA 2013-2018 Strategic Plan
10 | P a g e
administratively divided into two teams, Local Government and Central Government, each
headed by a Team leasder.
1.7 Key strategic issues
The strategic plan seeks to address the following key questions to improve the effectiveness of
internal audit function in GoR:
a) Is internal audit meeting its key objectives?
b) What is the value proposition of internal audit to its stakeholders and is this value
being realized?
c) Does the current internal audit organization structure enable internal auditors to
effectively discharge their mandate?
d) Does internal audit legal framework enabling it to function effectively?
e) Is the current internal audit reporting line appropriately promoting its effectiveness?
f) Are internal auditors independent and objective?
g) Do internal auditors appropriately focus their effort in areas of higher risk?
h) What is the current internal audit skills levels in the country and are there gaps?
i) Is internal audit effectiveness measured using suitable performance indicators?
j) Is the core mandate of the Office of the Chief Internal Auditor clear and is it being
fulfilled?
These and other questions are addressed in this strategic plan.
2. Situation Analysis
This section reviews internal audit performance against internationally accepted public sector
standards and its mandate as stipulated in the internal audit regulations.
OCIA 2013-2018 Strategic Plan
11 | P a g e
2.1 Internal audit value proposition
By definition, Internal Auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization’s operations. It helps an organization
accomplish its objectives by bringing a systematic and disciplined approach to evaluate and
improve the effectiveness of the risk management, control and governance processes.
The internal audit activity provides assurance to top management and the audit committee that
risks to the organization are understood and managed appropriately. IA reports and other
communications should provide hindsight on past performance, insight on effectiveness of
internal control, risk management and governance systems and foresight on risks that may
hinder achievement of objectives, to top management and the Executive/board/Council to
facilitate decision making. In addition, IAs are supposed to use the information they gather to
act as an in-house consultant to management.
Experience has shown that management and the board listens to or tends to ignore internal
audit depending on whether they are adding value to the entity. Internal auditors therefore
need to demonstrate how they add value to the organization objectives.
Internal auditors are charged with assisting the organization in the effective discharge of
responsibilities, promoting the establishment of cost-effective controls, assessing risks, and
recommending measures to mitigate those risks. As an integral part of the management team,
internal auditors furnish top management with analysis, appraisals, counsel, and information
on the activities they review. They also monitor organizational ethics.
Evaluating emerging technologies, analyzing opportunities, assessing quality, economy, and
efficiency, and providing accurate and timely communication are just some of the activities
internal auditors conduct on a daily basis. The comprehensive scope of their responsibilities
provides them with a broad perspective on the organization. And that, in turn, makes them a
valuable resource to executive management and the board of directors in accomplishing
overall goals and objectives, as well as strengthening internal control and governance.
However, this value proposition is directly related to the timeliness and quality of internal
audit reports, ability of internal audit to sell the results of its work to management, the ability
OCIA 2013-2018 Strategic Plan
12 | P a g e
of management to implement audit recommendations and improve controls to reduce repeat
occurrences. This demands that internal auditors pro-actively focus on key risks that are of
concern to management and that audit recommendations address the root cause and not
symptoms of problems. Additionally, internal audit should monitor audit reports and hold
management accountable, not just churn out audit reports. Internal auditors must be vocal,
visible, have a customer focused approach and engage at the executive level to avoid getting
ignored by management. Internal auditors’ performance should be measured using indicators
that demonstrate the value they add including cost savings and other financial indicators.
Clearly, internal auditors cannot succeed on their own. Audit committees working together
with management play an important role in shaping internal audit focus. Ultimately the audit
committee and management are responsible for ensuring internal auditors are sufficient,
motivated and competent staff to deliver their services they are mandate. These relationships
need to be strengthened.
2.2. Drivers of change
This strategic plan has been informed by PFM reviews conducted in the recent past, the
SWOT analysis, Public Sector Internal Audit Capability Model and International Standards
for the Professional Practice of Internal Auditors, benchmarking with other Governments’
Internal Audit units and various consultations details of which are included in the SWOT in
Annex 4.
To achieve the envisaged transformational change, the following 14 priority areas were
identified.
1) Addressing gaps identified in different PFM reviews
Although formed in 2006, internal audit capacity building efforts started in earnest in 2010/11.
2010 Public Expenditure and Financial Accountability (PEFA) assessment rated internal audit
in Central Government at C. D is the lowest possible score while A is the highest. The Core
internal audit unit at MINECOFIN was understaffed at the time of the review. The function
OCIA 2013-2018 Strategic Plan
13 | P a g e
was yet to fully meet international internal auditing standards, and needed to devote more time
to systems-audit as opposed to transaction audits.
Following this review, COWATER, an international firm was recruited to conduct training in
2010. Upon completing training and pilot audits, COWATER in their final report assessed the
capacity of IA in Rwanda to be between level 1 and 2 of the Institute of Internal
Auditors’(IIA) Public Sector Internal Audit Capability Model (IA-CM), Annex 5. The firm
recommended a more long term capacity building approach leading to the recruitment of the
Resident Internal Audit Advisor in 2011.
To date the following significant achievements have been realized through capacity building
efforts to mention but a few.
• Internal audit procedure manual, draft code of conduct for internal auditors, internal
audit charter and the audit committee charter have been developed and
communicated;
• International standards for the professional practice of internal auditing were
disseminated and are being implemented;
• Several trainings for auditors and audit committee members were conducted;
• 10 IDEA data analysis licenses were acquired.
• 50 CCH Teammate audit management software licenses were acquired;
• Audit guidelines and tools were developed and are being implemented; and
• Risk management guidelines were developed and disseminated to GBEs.
2) Complying with International Internal Auditing Standards and best practices
The Internal audit function partially conforms to the International professional practice
framework (IPPF) issued by the Institute of Internal Auditors according to a self assessment
carried out by internal auditors in 2013. Internal auditors have difficulties in complying with
independence and objectivity, quality assurance and improvement program, management of
internal audit activity, engagement planning and performing monitoring and acceptance of
management standards to mention but a few. In addition, internal auditors are also required to
OCIA 2013-2018 Strategic Plan
14 | P a g e
comply with the code of ethics and professional standards issued by INTOSAI and ISACA
depending on the type of assignment being conducted.
A benchmark survey carried out against Uganda, Kenya, Tanzania, Malawi, Ethiopia and
Zanzibar during a conference sponsored by IMF in 2012 showed that Rwanda internal audit
function capability was less developed in a number of key areas compared to some of these
countries. During a East Africa PGM conference, Rwanda internal audit was rated at level 2
while Kenya and Tanzania was rated at level 3.
3) Strengthening IA institutional capacity in line with mandate
The Internal Audit regulations establishing internal audit units and audit committees in public
entities are undergoing review to capture lessons learnt and incorporate best practice. An
organizational review has proposed changes to internal audit structures and numbers and in
MDAs are enhance skills development to provide specialized services e.g. consulting services
over internal controls, risk management and public /corporate governance processes, IT, value
for money, review of financial information, system audits and forensic investigations and
scope coverage.
4) Enhancing skills development in MDAs through coaching and mentoring
Despite various trainings and availability of audit manuals, skills among internal auditors in
MDAs remains low compared to those in the Office of CIA. Due to high staff turnover, a high
number of auditors are recruited as fresh university graduates each year and require coaching
and mentoring to develop appropriate professional skills. The auditors have not been provided
with this support due to the small number of auditors in each entity and the limited capacity of
the OCIA team. On the job coaching will assist in overcoming the challenge auditors face in
implementing audit manuals and standards.
5) Reinforcing the positive Tone at the Top
The strong tone at the top established by the Country Leadership lays a strong foundation for
accountability, transparency and zero tolerance to corruption culture. This and a performance
management culture set the right environment for objective conduct of internal auditing and
OCIA 2013-2018 Strategic Plan
15 | P a g e
implementation of audit recommendations by management. More awareness training on the
role of internal audit and engagement of IA’s stakeholders is needed to exploit this
opportunity.
6) Consolidating and monitoring audit recommendations centrally
The Office of the CIA is required to prepare quarterly consolidated reports to the Minister of
Finance and Economic Planning with a copy to the PS & ST, and the Prime Minister. Some
government entities do not submit internal audit reports to the Office of CIA for consolidation
for various reasons. The Office of the Chief Internal Auditor will monitor implementation of
Auditor Generals’ Office and Internal Audit recommendations to ensure issues do not reoccur
and provide feedback to entities where necessary.
7) Promoting professional qualifications
There are no internal auditors qualified in specialized audit skills such as IT Audits and
forensic investigations in the public sector. The country also has a low number of qualified
accountants. MINECOFIN will sponsor OCIA team members who wish to pursue CFE and
CISA professional courses after becoming ACCA or CIA qualified. This will assist in
reviewing risks that require specialized internal audit skills.
8) Building the capacity of internal auditors to audit in a computerized environment
The Government of Rwanda is committed to computerization of its operations to improve
efficiency in service delivery. Key Government operations including payroll processing and
public financial management have been automated. However internal auditors lack
appropriate skills to audit in a computerized environment and there is urgent need to develop
this capability.
OCIA 2013-2018 Strategic Plan
16 | P a g e
9) Promoting best practices in public financial management and accountability
The OAG has in its 2010/2011 annual report highlighted that the public financial management
and accountability was still weak. The OAG also pointed out that there were weak internal
audit units and audit committees were lacking.
The Ministerial Order N°002/09/10/GPIA of 12/02/2009 setting out regulations for internal
control and internal audit in Government requires CBMs to sign an annual statement on the
adequacy of the internal control system and the Head of Internal Audit to give an annual
independent opinion on the internal control system (incorporating risk management).
Currently, there is no risk management framework in Government although guidelines have
been proposed. We propose to conduct an organizational review to assess which entities
require heads of internal auditors. Auditors are also not professionally qualified and there is
doubt as whether they are in a position to give an opinion on internal controls. The Public
Financial Internal Control (PFIC) recommends adoption of Internal Control Frameworks such
as COSO and consolidation of internal control information and capacity building by the
Ministry in charge of Finance.
10) Rebalancing internal audit effort
The Office of the CIA needs to rebalance its coordinating, monitoring and capacity building
role, and that of conducting audit assignments. This requires a review of the organization
structure and skills to develop capabilities to coordinate internal audit units and specialized
skills to conduct fraud investigations, IT and value for money audits. Internal auditors have
also been found to do more transaction audits as opposed to system audits to address
weaknesses in internal audit control design. Internal audit also needs to rebalance its efforts
between the different audit missions.
11) Strengthening audit committees’ oversight role
OCIA 2013-2018 Strategic Plan
17 | P a g e
Audit committees comprised of independent members were established in districts in 2011.
Rwanda Governance Board in its’ Rwanda Governance Score Card 2010 and development
partners in the 2011/2012 Sector Performance Report highlighted the need to undertake audit
committee training and other capacity building efforts to make them more effective. Audit
Committtes have been appointed in some ministries but some ministries and boards are yet to
appoint audit committees. Internal auditors are required to report to audit committees in
addition to the District Council and Chief Budget Managers. Reporting to audit committees
will boost internal audit independence and ensure adequate attention is given by management
to resolution of audit recommendations. Audit committees periodically reports to the
supervisory board or executive authority as the case may be. Audit committees are further
required to give an annual statement indicating how they discharged their responsibilities
alongside the entity annual report.
12) Automating audit process to enhance audit efficiency
The Government has embraced computerization in service delivery and maintaining of
records. Internal auditors need audit tools to audit in an automated environment and to
increase their efficiency. Auditors will need to increase their proficiency to fully utilize CCH
Teammate and IDEA tools currently being implemented.
13) Focusing on managing change and overcoming personal and organizational barriers
to change
The internal audit function is undergoing transformational change. This will create some
turbulence as new positions and responsibilities are assigned and new skills and capabilities
developed. This also endanger some uncertainty and resistance to change. Dealing with these
issues on a reactive, case-by-case basis puts speed, morale, and results at risk. There is need to
have a structured change management approach to ensure that changes are seamlessly
institutionalized to achieve lasting benefit. The Office of the CIA will play a key role in
directing and influencing the speed of change.
14) Strengthening capacity to deal with stakeholders effectively
OCIA 2013-2018 Strategic Plan
18 | P a g e
Internal audit has a number of stakeholders with different level of power, influence, and
requirements. IA should continuously identify the interests, roles/responsibilities and areas of
collaboration with its stakeholders and engage in order to improve its effectiveness.
Professional standards require that “When issued, an opinion or conclusion must take into the
account of the expectations of senior management, the board, and other stakeholders”. Easy
flow of information to and from concerned parties promotes accountability and internal audit
effectiveness. Currently internal audit is not highly regarded by stakeholders and concerted
efforts are needed to create a more positive image.
Below is a list of some of the stakeholders and their responsibilities. Stakeholder Area of collaboration Role / responsibility What the stakeholder can
do for IA
1. The Minister of Finance and
Economic Planning
Quarterly consolidated and
monitoring reports
Reporting line
Tone at the top
Budgetary support
Request for audit
assignments
Resolution of audit findings
Appointment ministerial
audit committees
Policy decisions
2. Permanent
Secretary/Secretary to the
Treasury
3. Executive management /
District council / Boards
Internal control and risk
management
Resolution of risks Ownership of internal control
and risk management
4. Audit committees Quarterly reports
Audit plan approval
Functional reporting
Monitoring of audit findings
Promote internal audit
independence, approve action
plans
5 .Chief Budget Managers Appointment and appraisal Administrative reporting
Monitor resolution of audit
findings
6. Projects Coordinators and
Heads of Departments
Coordinate audit
assignment
Auditee, provide access to
information
Implement audit
recommendations
7. Internal auditors in MDAS Training, audit plan
approval, Quarterly audit
reports, coaching
Supervision, capacity
building and reporting
Implementation of internal
audit policies, joint audits
8. MINECOFIN /Public
Financial Management
Coordinating capacity
building efforts
Capacity budgeting and
procurement support
Mobilise resources to
implement strategic plan
9. MINECOFIN/ Public
Accounts Unit
Records and financial
statements
Supervise public sector
accounting
Monitor resolution of
financial audit findings
10. MINECOFIN/
Government Portfolio
Risk management, training
for CBM, directors and
Supervise government
investments Capacity
Facilitate implementation of
audit committee and internal
OCIA 2013-2018 Strategic Plan
19 | P a g e
Stakeholder Area of collaboration Role / responsibility What the stakeholder can
do for IA
Management unit audit committees building of board of
directors and CBMs
Monitor effectiveness of
audit committees, risk
management and controls
audit regulations
Promote implementation of
risk management and internal
control frameworks
11.MINECOFIN/Treasury
department
Implementation of audit
findings
Payments and funds transfer Assist in implementing
sanctions for non compliance
12.MINECOFIN/ ICT unit Use of CCH TeamMate
audit management
software.
ICT support TeamMate implementation
including VPN access
13.MINECOFIN/ IFMIS
Project
System controls, data
access, IFMIS training
Data base management and
training
Provide read only access
rights to auditors and training
External Stakeholders
14. The Prime Minister Quarterly consolidated and
monitoring reports
Stakeholder meetings
Tone at the top Set performance target on
audit committees and internal
audit
15. Cabinet Legal framework
Organization structure
Approval of Regulations
Appointment of GCIA
Approval of staffing levels
Approve ministerial orders
and staffing policy proposals
16. Members of Parliament PAC Legislation
Oversight
Approve laws
17. Office of the Auditor
General
Audit of internal controls
Monitoring of audit
recommendations
Review IA and audit
committee effectiveness
Promote role of internal audit
and audit committees,
coordinate value for money
and financial audits
18. Development Partners Joint sector review Programme and technical
support
Technical and financial
assistance
19. Rwanda Governance
Board
Governance score card Monitoring of governance
performance
Promote role of internal audit
and audit committees
Promote adoption of best
practices in public
governance
20. Rwanda Public
Prosecution Authority
Forensic investigations Prosecution of criminal
offenses
Prosecution fraud cases
following fraud investigation
21. Rwanda National Police Forensic investigations Law and order, Fraud investigations
OCIA 2013-2018 Strategic Plan
20 | P a g e
Stakeholder Area of collaboration Role / responsibility What the stakeholder can
do for IA
investigations
22. Ombudsman Code of ethics monitoring Corruption and ethical code Handling whistle blowing
incidences
23. Rwanda Public
Procurement Authority
Training, monitoring of
procurement review
findings
Regulation of public
procurement
Capacity building and
monitoring of audit
recommendations
24. Institute of internal
auditors
Membership and
certifications
Standards and quality
control
Public awareness on the role
of internal audit
25. Institute of Certified
Accountants of Rwanda and
ACCA
Membership and
certifications
Regulation of accounting
profession and training
Training of auditors on
CPA(R) qualification
26. Media Articles and features Dissemination of
information
Raise awareness on internal
auditing, risks, controls
27. Consultants Advise, assignments Technical support and
training
Implementation of strategic
plan
3 Strategy Formulation
3.1 Basis for developing the strategic plan
Experience and lessons learnt in implementing the 2010 – 2013 OCIA strategic plan and the
implementing 2011-2013 Capacity Building Program, various studies and reviews, internal
consultations and consultations with various stakeholders, have indicated that internal audit
skills in the country were still low and radical measures were needed to entrench internal audit
reforms and enhance its effectiveness towards international practices. In particular, auditors
from MDAs were found to lag behind in implementing skills imparted during trainings and
were unable to effectively use manuals and tools provided, mainly due to lack of coaching.
Auditors at the OCIA being a larger team received constant coaching and supervision from
the CIA and Resident Internal Audit Advisor and also share experience more. This disparity in
skills transfer poses a significant threat to the capacity building program at the decentralized
level.
OCIA 2013-2018 Strategic Plan
21 | P a g e
To remedy the situation, it was found necessary to craft a multi faceted and broad based
internal audit reform strategy that builds and sustains the gains realized by the capacity
building initiatives undertaken to date and addresses impediments to change, while
introducing new techniques. This SP presents a systematic and broach based approach that
draws in expectations and support of internal audit stakeholders to take up their governance
role in promoting internal audit effectiveness.
This strategic plan lays a clear roadmap to building a sustainable internal audit function that is
a change agent in public financial management and has the capacity and momentum to
spearhead internal audit capacity building efforts while reducing reliance on technical
assistance from consultants.
The areas of strategic focus identified above were mapped into the following six broad pillars
that cover all the aspects public sector internal audit practice.
1) Regulating and Coordination - the establishment, development and coordination of
internal audit function in government to ensure it contributes to an effective and
efficient public financial management system
2) Organizational structure and internal audit responsibilities - the way that Internal
Audit is structured and supported by the organisation to allow it to deliver its terms of
reference
3) Human Resources and Leadership - the availability (both in terms of quality and
quantity) and management of audit resources to allow internal audit to deliver its remit
4) Audit process, tools and techniques - the processes, tools and techniques in place that
ensure the efficient and effective completion of audit work
5) Communication and Reporting - the way that the function interacts with the
organisation and third parties to ensure that the results of the audit work are fully
understood and appropriately acted upon;
6) Performance Management and accountability - the procedures in place to ensure that
audit work is of a consistently high quality and that internal audit continuously
OCIA 2013-2018 Strategic Plan
22 | P a g e
monitors (and reports) its performance to ensure and evidence that it meets its set
objectives.
3.2 Steps followed in developing the strategic plan
Development of the strategic plan followed a systematic approach based on practice guide on
Developing the Internal Audit Strategic Plan issued by the Institute of Internal Auditors in
July 2012 whose key steps are outlined below.
The strategic plan was has been informed by several studies including:
• PEFA assessment and assessments by various consultants;
• SWOT analysis conducted by the Office of the GCIA team Annex 4,
• A gap analysis against Public Sector Internal Audit Capability Model
• A gap analysis against International Standards for the Professional Practice of Internal
Auditors
• Benchmarking with Internal Audit units of Governments
• Interviews with 10 MINECOFIN senior managers
• Survey of 65 internal auditors conducted in January 2012
• Training impact assessment survey of 16 internal audit units
• Discussions in various internal audit forums
• Feedback obtained from internal auditors, audit committee and chief budget managers
• Stakeholders consultations including development partners and other.
A two day strategy workshop was held by the Office of the GCIA team before the SP was
presented to MINECOFIN senior management and stakeholders for validation.
Industry & Objectives
Standards & Guidance
Stakeholders Expectations
Stakeholders Expectations
Vision Critical success factors
SWOT Analysis
Key initiatives
OCIA 2013-2018 Strategic Plan
23 | P a g e
3.3 Monitoring Key Performance Indicators
Internal audit function in Government of Rwanda is a relatively young function that is yet to
mature. This is also the reality of the accountancy profession in the country in general and
auditing in particular.
The overall objective of the strategy is to transforming the internal audit function from
between level 1 and 2 of the IA-CM to level 4 by the end of five years. Key performance
indicators and a monitoring framework has been developed. This will be attained when the
following key performance indicators are achieved
a) Full compliance with the GoR internal audit regulations by the end of year three.
b) Full conformance to International Standards for the professional practice of internal
auditors, code of ethics, and the internal audit definition by the end of year four.
c) Attaining and maintaining PEFA score A rating by the end of year four
d) Creating a critical mass of professionally qualified internal auditors in ACCA and CIA by
the end of five years.
e) Commence developing specialized audit skills including CFE and CISA at the start of year
three.
These targets assumes that the activities indicated in this strategic plan will be implemented
without undue delay and that policy actions will be taken to remove capacity building
constraints to create an enabling environment.
OCIA 2013-2018 Strategic Plan
24 | P a g e
4 Strategic Pillars
The strategies under each pillar are detailed below.
4.1 Pillar 1: Regulating and Coordination
Objective: Ensure internal audit function is established in laws, regulations and in ministries,
districts and budget agencies
4.1.1 Context of the pillar
Internal audit regulations establishing internal audit, internal control and audit committees are
in place and are currently being reviewed with a view of enhancing them to reflect current
environment, close gaps and incorporate best practices including risk management. There is
need to develop an implementation plan to ensure full compliance with the regulations in the
medium term. A proposal has been made to anchor internal audit, the Office of the Chief
Internal Auditor, risk management and audit committee in the Organic Law on State
Finances and Property which is currently undergoing review to enhance recognition of
internal audit role in public financial management similar to other commonwealth
jurisdictions. Approval and roll out of the risk management policy guidelines drafted by the
Office of the CIA will give auditors an opportunity to add more value in its implementation
and assist in adoption of risk based auditing.
Recent interviews with stakeholders indicated there was low stakeholders’ engagement both at
the OCIA and MDAS resulting in low awareness and support to internal audit activities. IA
and AC charters which delineate the role of IA and that of ACs and their relationships with
their stakeholders have been developed. Audit committees have been established in Local
Government but are yet to become effective. ACs have been appointed in some ministries. A
communication plan will be put in place to raise awareness on the role of internal audit and
where appropriate memorandum of understanding developed e.g. with the Auditor General
Office and National Public Prosecution Authority.
OCIA 2013-2018 Strategic Plan
25 | P a g e
The Office of the CIA has a due role of supervising internal audit units (including regulation,
consolidating reports, monitoring audit recommendations and capacity building) and
conducting internal audit assignments in MDA. At the time of developing this strategy the
OCIA team expended more effort in conducting assignments. The Office of the CIA has
started to centrally monitor implementation of internal audit recommendations to foster the
role of the Ministry of Finance and Economic Planning in monitoring the public financial
management system to ensure accountability and transparency in use of public funds. A
quarterly implementation report will be prepared and sent to the Minister with a copy to the
PS/ST.
There is need to ensure that the Office has adequate qualified and experienced staff who can
effectively supervise internal audit units and conduct capacity building while reducing
reliance on consultants. This may require a change in entry level for new staff and
departmentalization of the directorate based on specialized skills and roles to accelerate skills
development. At the moment all auditors perform the same tasks. The department also needs
to be more selective in choosing assignments to conduct e.g. where there are no internal
auditors, coaching of internal auditors, responding to management requests and assignments
requiring specialized skills. More focus also need to be laid on consolidating audit reports,
consolidating monitoring reports, and supervising and coordinating internal audit units.
4.1.2 Strategic Drivers
• Strengthening internal audit institutional capacity in line with its mandate (3).
• Consolidating audit reports and centrally monitor audit recommendations (6).
4.1.3 Strategic actions of this pillar & sub-activities
(1) Enhance and comply with regulations on internal audit, audit committee internal
control
a) Management, IA and AC role in risk management recognized in OL on State Finances
and Property to enhance compliance
OCIA 2013-2018 Strategic Plan
26 | P a g e
b) Update audit committee, internal audit charter and IA regulations to include roles in
risk management
c) Hold annual workshops and annual conference for internal auditors
(2) Operationalise internal audit, audit committee and mobilize stakeholders
a) Conduct training for various stakeholders to raise awareness on regulations, guidelines
and IA standards.
b) Establish audit committees in public entities and monitor audit committee in the
Government entities.
c) Develop and disseminate audit committee handbook and tools.
d) Provide continuous training to audit committees on their role in financial reporting,
risk management, internal and external audit, internal controls, stakeholder
relationships etc.
e) Annual audit committee report on AC responsibilities and performance, and opinion
on internal controls including internal audit.
(3) Increase internal audit visibility and integration in public governance
a) Develop effective relationship with other arms of government, development partners,
professional associations
b) Professional membership in Institute of Internal Auditors
c) Prepare publicity materials to promote awareness of the role of IA and AC in control,
risk management, governance , fraud detection etc
(4) Networking and Knowledge Sharing
a) Purchase reference books and subscribe to knowledge databases
b) Develop internal audit intranet, extranet, group emails etc for networking and
knowledge sharing
(5) Develop and implement quality assurance program
a) Implement an internal quality assurance review mechanism
b) External quality assurance review conducted by independent consultants
OCIA 2013-2018 Strategic Plan
27 | P a g e
4.2 Pillar 2: Organizational structure and internal audit responsibilities
4.2.1 Context of the pillar
The structure of the OCIA is not optimal and the office lacks adequate skills to undertake
specialized audits and build capacity of internal audit units across the country. Internal
auditors in MDAs are lowly ranked, and few in number, all ranked in the same position of
internal auditor making supervision difficult. Head of internal audit position although
envisaged in article 9 of the Ministerial Order has not been implemented. It is also been
challenging for the OCIA team to centrally supervise the large number of internal audit units.
Management in some entities exerts undue influence on internal auditors scope and reporting
to select less risk areas affects their objectivity. The OCIA and audit committees need to play
a more active role in recruitment, assessment and termination of auditors.
Although internal audit has adopted a risk based audit methodology, most internal auditors do
not conduct risk assessment in order to identify the audit areas to prioritize in the risk based
annual plans. Adoption of a risk management framework will facilitate risk based audit
approach. Internal audit currently lacks skills to undertake IT audits and fraud investigations
which carry significant risks. Internal audit spends significant amount of time in conducting
financial review and compliance audit, however quality improvement is needed. The OCIA
has proposed a structure that reflects the different roles and responsibilities and specialized
skills. See Annex 7.
Internal audit role should evolve to respond to management needs. Internal audit function can
also perform other responsibilities such as conducting inspections and risk management
facilitation.
4.2.2 Strategic Drivers
• Strengthening internal audit institutional capacity in line with its mandate (3).
• Promoting best practices in public financial management and accountability (9).
• Refocusing internal audit effort to areas of higher risk and to increase audit coverage (10).
OCIA 2013-2018 Strategic Plan
28 | P a g e
4.2.3 Strategic actions of this pillar & sub-activities
(1) Review organizational structure to match internal audit mandate
a) Review internal audit structure at OCIA and MDAs to ensure adequate internal audit
resources, skills and coverage
b) OCIA to allocate time appropriately between coordination, capacity building and audit
assignments
c) Attracting experienced and skilled people especially to OCIA
d) Develop capacity to provide specialized internal audit services within OCIA
e) Outsource review of IFMIS and other mission critical systems to specialized IT
consulting firms
f) Coach internal auditors to increase audit coverage
(2) Enhance independence of internal audit function
a) OCIA to advise in recruitment, performance and termination of employment of
internal auditors in MDAs
b) OCIA to review and follow up implementation of audit plans
c) OCIA consolidates Internal Auditors’ independence declaration forms
(3) Ensure appropriate internal audit focus
a) Increase number of system audits carried out as opposed to compliance and transaction
audits
b) Conduct annual risk assessment and develop risk based audit plans
(4) Provide consulting services and develop tools to improve risk management and
internal control systems
a) Obtain senior management approval and champion implementation of risk
management guidelines in MDAs
b) Promote implementation of international internal control framework e.g. COSO, PIFC,
COBIT
OCIA 2013-2018 Strategic Plan
29 | P a g e
c) Provide assurance reports and opinion on adequacy of risk management and internal
control systems
4.3 Pillar 3: Human Resources and Leadership
4.3.1 Context of the pillar
There is general lack of adequate accounting skills in particular internal audit skills in the
country. The Government has been sponsoring accountants and internal auditors to pursue
ACCA professional exams but the success rate has been low. The Government has also
undertaken to sponsor internal auditors in specialized internal audit professional qualifications
including Certified Internal Auditor (CIA), and office of the CIA team in Certified Fraud
Examiner (CFE) and Certified Information Systems Auditor (CISA). The Office of the CIA is
in the process of recruiting candidates for CIA exams from Ministries, Districts and Agencies.
This underscores the Government commitment to develop internal audit skills. Auditors from
semi-autonomous institutions are encouraged to seek the support of their entities in pursuing
similar professional trainings.
In addition the OCIA has identified a number of short term courses that it will offer to develop
key internal audit competencies. The courses are benchmarked to the Institute of Internal
Auditors and other service providers. The Office of the CIA needs to establish a training unit
as recommended by COWATER to coordinate the various trainings listed in the training
needs assessment, Annex 9.
It is equally important to have a strong cadre of internal audit leaders who can effectively
manage the internal audit units and effectively interact with management at all levels and
audit committees. The position of the CIA is the only full internal audit management position
in Central and Local Government. This makes it difficult to effectively support internal
auditors on operational issues and at the same time focus on strategic issues of the department
and effectively engage stakeholders.
OCIA 2013-2018 Strategic Plan
30 | P a g e
There is need to review internal audit organization structure both at the OCIA and internal
audit units in MDAs. The number, structure and grading can be considered with a view of
optimizing professional development and staff retention.
4.3.2 Strategic Drivers
• Strengthening internal audit institutional capacity in line with its mandate (3).
• Enhancing skills development through coaching and mentoring (4).
• Promoting professional qualifications such as CFE, CISA, CIA and ACCA etc (7).
4.3.3 Strategic actions of this pillar & sub-activities
(1) . Implement professional and competency development framework
a) Obtain approval and implement internal audit competency framework
b) Internal auditor Training and Development Plan implemented
c) Implement an internal audit leadership training program
(2). Enhance professional and skills training
a) Internal auditors to pursue ACCA, CIA professional training
b) Internal auditors to pursue technical professional qualifications including: CFE, CISA,
CRMA
c) Develop public sector internal audit diploma
d) Sponsor internal auditors to attend regional and international professional conferences
e) OCIA organizes short courses for internal auditors
(3). Develop internal audit technical skills resourcing partnerships
a) Co-source audit of technical areas where the Office of CIA and internal audit units do
not have the necessary skills and experience
OCIA 2013-2018 Strategic Plan
31 | P a g e
b) Develop partnership with other governments’ internal audit functions and capacity
building experts to build competency
4.4 Pillar 4: Audit Process, Tools and Techniques
4.4.1 Context of the pillar
The Office of the GCIA has developed and disseminated an internal audit procedures manual,
audit templates and guidelines on financial audit, performance audit, IT audit and risk
management, procurement audit, review of financial information and risk assessment among
others. More guidelines are earmarked to be developed and disseminated as part of the
capacity building programme.
MINECOFIN has invested in 10 IDEA data analysis tool and 50 CH Teammate audit
management licenses to increase internal audit efficiency. There are plans to increase the
number of Teammate licenses after the pilot implementation.
Most internal auditors have limited experience and learning new skills without coaching on
how to apply the new skills has proved to be challenging. The large number of internal audit
units, small size of internal audit units, high staff turnover and high number of new internal
auditors working alone has made it challenging for the Office of CIA to provide much needed
coaching and support.
Most internal auditors have not implemented the internal audit procedure manual and need to
develop a plan for implementing the manual and standards with support of the OCIA. On job
training and coaching will be key to ensuring successful implementation. Auditors also need
to develop skills in auditing in a computerized environment
OCIA 2013-2018 Strategic Plan
32 | P a g e
4.4.2 Strategic Drivers
• Complying with International Internal Auditing Standards and best practices (2).
• Enhancing skills development in MDAs through on the job training (4)
• Building the capacity of internal auditors to audit in a computerized environment (8).
• Automating audit process to increase audit efficiency (12).
4.4.3 Strategic Actions of this pillar & sub-activities
(1). Implement professional standards and code of ethics for internal auditors
a) Phased implementation of definition on internal auditing and international standards
b) Ensure all internal auditors sign the code of ethics and monitor compliance
(2). Develop and implement appropriate audit methodologies, tools and manuals to
improve audit effectiveness and efficiency
a) OCIA (supported by consultants) coach and mentor internal auditors to perform high
quality work and implement internal audit manual, guidelines and tools
b) Develop, communicate and implement internal audit guidelines and conduct training
in financial auditing, risk assessment, risk management, internal controls, corporate
governance, value for money auditing, IT auditing, consultancy services etc
c) Improve audit process efficiency and reduce assignment turnaround times
(3). Enhance audit automation
a) Pay annual CCH license maintenance and support fees and monitor utilization of
TeamMate licenses
b) Phased TeamMate audit management system to MDAs internal audit units based on
usage of existing licenses
c) Utilization of IDEA data analysis tool licenses
OCIA 2013-2018 Strategic Plan
33 | P a g e
4.5 Pillar 5: Communication and Reporting
4.5.1 Context of the pillar
Effective communication of audit recommendations and advice to the appropriate senior
management and supervisory board is essential to bringing management to take appropriate
action to resolve control weaknesses. In the past management had the discretion to resolve
control weaknesses or ignore audit recommendations. A process to monitor audit
recommendations was instituted in early 2012 and is being implemented. This process should
be strengthened at the entity and centrally by the OCIA to ensure internal audit and OAG
recommendations are implemented.
Audit committees were appointed in districts in 2011. ACs were appointed in ministries in
2013 although a few ministries and boards are yet to establish audit committees. These
committees need additional capacity building to effectively oversight PFM.
Internal auditors need to discuss their reports with senior management to ensure appropriate
action is taken. This would enhance internal audit effectiveness.
4.5.2 Strategic Drivers
• Reinforcing the positive Tone at the Top and work with various integrity stakeholders (5).
• Consolidation and monitoring of audit recommendations centrally (6).
• Strengthening audit committees’ oversight role (11).
• Strengthening internal audit capacity to deal with its stakeholders effectively (14).
4.5.3 Strategic Actions of this pillar & sub-activities
(1). Enhance the number of internal audit reports consolidated and monitored
a) Develop Consolidate internal audit reports
b) Coordinate with the Office of the Auditor General in implementation of audit
recommendations
OCIA 2013-2018 Strategic Plan
34 | P a g e
c) Internal auditors may raise significant risks accepted or not acted upon by
management with respective Board and/ MINECOFIN
d) Internal auditors to work with audit committees for resolution of audit findings
(2). Coordinate capacity building of internal audit stakeholders
a) Develop key stakeholders engagement plan and meet them regularly to monitor
progress in meeting respective responsibilities
b) Coordinate with the Office of the Auditor General in planning value for money audits
and other assignments to avoid duplication
c) Conduct regular satisfaction surveys to understand stakeholders’ needs and address
them
d) Capacity building of audit committees
4.6 Pillar 6. Performance Management and accountability
4.6.1 Context of the pillar
Capacity building efforts need to be sequenced and sustained until the target capability levels
are achieved. At the moment the Office of the CIA is using technical support to implement the
capacity building programme. Although the Office requires technical assistance in the short
term to implement the strategic plan, it should develop capacity to independently carry out
capacity building in the medium term. Adequate quality control measures should be put in
place to ensure activities are carried out on schedule and envisaged benefits are realized. The
SP activities should be cascaded to all auditors and an accountability system established to
track their contribution towards achieving the SP objectives.
The Office of the CIA has not been adequately exposed to other government internal audit
function to facilitate benchmarking and sharing of good practices. This is essential for the
department to learn from others and keep pace with changes in the profession.
4.6.2 Strategic Drivers
• Addressing gaps identified in different reviews including PEFA and COWATER (1).
OCIA 2013-2018 Strategic Plan
35 | P a g e
• Strengthening internal audit institutional capacity in line with its mandate (3)
• Focusing on managing change and overcoming staff and organizational barriers to change
(13).
4.6.3 Strategic actions of this pillar & sub-activities
(1). Develop an internal audit performance system and accountability
a) Develop a performance score card for Office of CIA and internal audit units
(2). Benchmark internal audit to regional governments with leading internal audit
practices
a) Conduct study tours to understudy best practices in other countries
(3). Implement and monitor the strategic plan
a) Obtain technical assistance to assist in the implementation of CBP and the strategic
plan
b) Develop performance indicators, monitor performance and prepare annual monitoring
report
c) Conduct mid -term review of the strategic plan
d) Conduct a closing review of the strategic plan
(4). Develop next strategic plan
a) Develop and publish 2018-2023 strategic plan.
OCIA 2013-2018 Strategic Plan
36 | P a g e
5. Strategy Implementation Plan
Oversight of the strategic plan The implementation of the strategic plan will be undertaken by the Office of the Chief Internal
Auditor team and the Chief Internal Auditor will provide oversight and take a lead role in
certain activities including initiating policy dialogue with key stakeholders. The CIA will
delegate activities to the OCIA team and/ a Consultant appointed to coordinate capacity
building efforts. When the proposed structure of the OCIA is implemented some of the roles
may be delegated. Some of the activities require support and coordination with internal audit
stakeholders.
The OCIA will prepare annual work plans consistent with the strategic plan and PFM reform
strategy and obtain approval from PFM secretariat before requests for funding is submitted to
participating development partners.
The CIA will appoint a monitoring and implementation coordinator from the team to assist in
monitoring the implementation of the work plans against target and indicators in order to
determine the impact and success, and review the plan on an annual rolling basis and during
the mid-term review to ensure the implementation of the SP is on track. The CIA will report
progress made to the PFM Steering Committee and periodically to the PS/ST.
The strategic plan recommends a number of changes that require policy action from internal
audit stakeholders as highlighted in the table below.
Strategy Activity Responsibility Timing
Pillar 1. Regulating and coordination
Legal and regulatory
framework
Management, IA and AC role in risk
management recognized in OL on State
Finances and Property
Update internal audit and audit committee
regulations
OCIA
MINECOFIN
2013/14
Audit committees Establish and monitor audit committees in CIA/Minister of 2013/14
OCIA 2013-2018 Strategic Plan
37 | P a g e
Strategy Activity Responsibility Timing
Central Government
Annual audit committee report
Finances and other
ministries
Memorandum of
understanding
Outline areas of cooperation with different
stakeholders
CIA
OAG
2013-2018
Quality assurance
program
Internal audit conducts external quality
assurance review to check compliance with
the standards
OCIA
MINECOFIN
2016/7
Pillar 2. Organisational structure and internal audit roles
Organization
structure
Review of OCIA and internal audit units
organizational structure
CIA
MINECOFIN
MIFOTRA
2013/14
IFMIS Conduct IT audit of IFMIS environment CIA
MINECOFIN
2014/15
Recruitment and
termination of
auditors
OCIA to track and advise on recruitment
and concur in termination internal auditors
CIA
MINECOFIN
MIFOTRA
2014/15
Risk management
guidelines in MDAs
Approval of risk management guidelines CIA
MINECOFIN
2014/15
Internal control
framework
Adoption of internal control framework CIA
MINECOFIN
2014/15
Pillar 3. Human Resources and Leadership
Internal audit
competency
framework
Approval of competency model and
performance appraisal tool
CIA
MINECOFIN
MIFOTRA
2013/14
Training coordinator An internal audit training resource person
or provider identified
CIA
MINECOFIN
MIFOTRA
2015-2016
Public sector internal
audit diploma
Develop post graduate diploma course in
public sector internal audit with a local
university
CIA
MINECOFIN
MINEDUC
2015-2016
Pillar 4. Audit process, tools and techniques
Code of ethics Approval of Ministerial Instruction CIA
MINECOFIN
2013/14
CCH Teammate Purchase of additional licences CIA
MINECOFIN
2013-2018
Pillar 5. Communication and Reporting
OCIA 2013-2018 Strategic Plan
38 | P a g e
Strategy Activity Responsibility Timing
Consolidation Entities submit audit reports for
consolidation
Public entities 2013-2018
Monitoring Entities submit implementation reports for
consolidation
Public entities 2013-2018
Coordination Coordinate with the Office of the Auditor
General
Auditor General 2013-2018
Pillar 6. Performance Management and accountability
Technical assistance Recruit a consultant to assist OCIA
implement capacity building programme
CIA
MINECOFIN
2013-2016
Performance score
card and performance
evaluation policy
Develop and roll out performance
indicators in internal audit and risk
management
CIA
MINECOFIN
MIFOTRA
2013/14
Conduct mid-term
review of the
strategic plan
Conduct mid-term review of the strategic
plan
IA stakeholders 2014/2015
5.1 Sequencing Implementation of the Strategic Plan
The following section provides an outline of key actions that will be necessary to ensure that
best practice internal audit practices are implemented within the GoR. These are categorized
as either short, medium or long term actions with short term related to the first two years,
medium term covering years 2 to 4, and long term, year 5 and onwards. This development
plan assumes that the necessary technical assistance programme will be in place.
The activities are sequenced such that foundation capabilities will be developed first to
provide the basis for successful development of advanced capabilities. A detailed sequencing
of implementation activities is attached as Annex 6.
Short term Activities (Year 1 -2)
The objective of the short term plan is to reposition the internal audit function to adopt best-
practice internal audit methodologies, practices and techniques, and full adoption of
international standards for the professional practice of internal audit. At the same time any
OCIA 2013-2018 Strategic Plan
39 | P a g e
barriers to internal audit independence and organization structural constraints will be
addressed to create an appropriate environment for further capacity building activities.
Specific activities will include:
1) Approval of Internal audit competency framework and performance appraisal tool;
2) Organizational review of internal audit function both in OCIA/MINECOFIN and
MDAS to reflect mandate;
3) Recruitment of additional staff and positions in line with the organizational review
recommendations;
4) Staff retention policy to stem the high staff turnover;
5) Operationalising audit committees in the central government entities;
6) Operationalization of internal audit reporting to the audit committees;
7) Updating of internal audit regulations to capture lessons learned and incorporate best
practices;
8) Publishing and implementation of code of ethics for internal auditors;
9) Phased implementation of international standards for the professional practice of
internal auditing;
10) Full analysis of auditable areas across all entities to establish multi- year internal audit
plan (three years) and to establish the optimum number of internal audit staff
required to meet these Plans;
11) Development of various internal audit policies, manuals, guidelines, audit programs,
templates and tools required for a professional internal audit function;
12) Monitoring of internal audit and OAG recommendations;
13) Phased implementation of internal audit procedure manuals;
14) Training on foundation internal audit skills for new internal auditors;
15) Providing “on the job” training through hands on involvement of technical assistance
in undertaking internal audit engagements to transfer skills to internal auditors
through coaching and mentoring;
OCIA 2013-2018 Strategic Plan
40 | P a g e
16) Sponsor internal auditors to pursue CIA professional qualification.
17) Coordination with the Office of the Auditor General and other stakeholders;
18) Awareness sessions to sensitize management on the roles and responsibilities of the
internal audit function and professional standards;
19) Investigating IT audit requirements and carrying out a review of general IT controls;
20) Identifying long term staffing requirements and the recruitment of appropriately
qualified personnel including the recruitment of specialist IT auditors and other
specialists.
21) Moving towards building capacity to carry out “Value-for-Money” audits.
22) Moving towards building capacity to carry out Fraud Investigations and inspection;
23) Implement IDEA and CCH TeamMate audit tools.
At the end of year 2 all internal auditors and internal audit units should be able to demonstrate
sustainable capabilities at level 3 of the public sector IA-CM.
Medium Term Activities (2 – 4 Years)
In the medium term, the main emphasis should be on the implementation of the Risk-based
Systems Audit Approach on a sustainable basis. By this time, staff in the Internal Audit
Department should have sufficient experience to perform the full range of best-practice
internal audit activities and full time technical assistance should no longer be required.
Specific activities will include:
1) Extend internal audit scope to cover all administrative areas;
2) Full implementation of risk based audit approach;
3) Full conformance with the audit regulations;
OCIA 2013-2018 Strategic Plan
41 | P a g e
4) Full conformance to international standards for the professional practice of internal
audit and the definition of internal auditing and code of ethics.
5) Developing consulting skills to assist management in implementation of internal
controls, risk management, IT and corporate governance frameworks;
6) Building capacity to provide assurance services not only in internal controls but also
risk management and corporate governance;
7) Development of internal audit capacity to carry out specialist audits including IT
audits, fiduciary risk assessment, value for money audits, inspections and forensic
investigations etc;
8) Focus on systems audits as opposed to transaction audits;
9) Training focusing on audit management and internal audit leadership development;
10) Staff trained in technical professional qualifications including CFE, CISA etc;
11) Establishment of a quality assurance review and improvement program;
12) Establishing a formal diploma programme in GOR and organising the delivery of this
programme; and
At the end of year 4 all internal auditors and internal audit units should be able to demonstrate
sustainable capabilities at level 4 of the public sector IA-CM.
Long Term Activities (Year 5 onwards)
In the long term the gains achieved will be consolidated and capacity building will be
undertaken by the OCIA team. An external review of the performance of the function will be
undertaken at the beginning of year five with the view of fast tracking any remaining activities
and mapping out the position of the function as a change agent within government.
OCIA 2013-2018 Strategic Plan
42 | P a g e
6. Resource mobilisation
6.1 Organisation structure and staffing levels The Office of the CIA is headed by the CIA who reports administratively to the PS/ST and
functionally to the Minister. Reporting to the CIA are 10 Internal Auditors organized into two
teams, local government and central government.
Internal audit units in Ministries and Districts are staffed by between 1 to 3 internal auditors,
all of the same rank. The auditors occupy the lowest rank in the organisation.
The current organization structure, grading and staffing levels are inadequate and continue to
hamper effective service delivery. Internal auditors conduct audit assignments in teams and
supervision and quality assurance review by more experienced and senior members is
required to ensure the quality of work carried out and also to train less experienced internal
auditors. A revised hierarchal organization structure has been proposed to reflect the internal
audit workflow and delegation of responsibilities.
The proposed structure establishes positions for specialized internal audit services such as IT,
value for money, forensic investigations and risk management and training at the Office of
CIA. The proposed structure will enable internal audit develop appropriate skills to fully
fulfill its mandate. The proposed structure and list of auditors in each organization is listed in
Annex 7
Below is the current and proposed manpower count for the Office of the CIA.
Current Positions # Proposed Positions #
Chief Internal Auditor 1 Chief Internal Auditor 1
Administrative assistant 1 Administrative assistant 1
Internal auditor/Team leaders (Central Government, Local Government)
2 Senior Principal internal auditor (Central Govt, Local Govt, inspection, risk management, IT, Training)
4
Principal internal auditor 6
Senior Internal Auditor 9
Internal Auditor 8 Internal Auditor 0
Total 12 21
OCIA 2013-2018 Strategic Plan
43 | P a g e
Proposed Position Responsibilities
Chief Internal Auditor Head of internal audit Function in Government. Deputy Chief Internal Auditor
Deputize Government Chief Internal Auditor and head teams supervising internal audit units
Senior Principal Internal Auditor
Head a specialized internal audit function or supervise cluster of internal audit units
Principal Internal Auditor Head of internal audit units in MDAs
Senior Internal Auditor Supervise internal audit units within the Office of the Government Chief Internal Auditor
Internal Auditor I Conduct internal audit assignments and lead audit teams
Below is the man count in Ministries and Districts. The number of auditors is determined by
the entity based on workload and guidelines issued by MIFOTRA.
Proposed Positions Ministry District
Director of Internal Audit /Senior Internal
Auditor
1 1
Internal Auditor 2 3
Although most of the human resource policies are centralized at MIFOTRA, it is prudent for
the Office of the CIA to formulate policies which address the specific needs and nature of
internal audit work. An Internal Audit competency framework and performance indicators
will be used to develop career development plans and roll out the courses identified in the
Training needs assessment in Annex 9.
6.2 Costing summary of the strategic plan The costing of the strategic plan represents the best estimate at the time of preparing this
document and should be reviewed at the time of conducting the mid-term review of the
strategic plan. Only those activities that require funding and are not directly funded by the
Government of Rwanda under recurrent costs have been costed. Details of the costing can be
obtained from the Office of the CIA. The amount for year one has been budgeted for under the
PFM reform basket fund.
OCIA 2013-2018 Strategic Plan
44 | P a g e
Most of the activities will be carried out during the first and second year of the SP and USD
430, 000 and USD 635,300 is estimated to be required during this period. This will be scaled
down to USD 338,000, USD 260,000 and USD 299,000 in the third, fourth and fifth year
respectively. This position is dependent upon budgetary allocation and continued support by
development partners.
In the second year an amount of USD 105,000 and in the third year an amount of USD 80,000
for year has been budgeted for coaching of internal auditors in Districts by consulting firms
and outsourcing of IFMIS IT Audit. The OCIA currently does not have adequate capacity for
these critical tasks as it still building its capacity.
Below are the summary costs of the strategic plan.
PILLARS AND STRATEGIC ACTIVITIES 2013/14 2014/15 2015/16 2016/17 2017/18
Pillar 1. Regulating and coordination
Strategy 1: Hold annual audit committee
workshop
23,200 23,200 23,200 23,200 23,200
Strategy 2: Annual training of audit committees 25,300 35,400 29,800 29,800 25,300
Strategy 3: Develop internal audit awareness
materials
0 2,000 500 2,000 500
Strategy 4: Purchase internal audit reference
materials
0 5,000 0 0 5,000
Strategy 5: Recruit a firm to conduct quality
assurance of Government internal audit
function
0 0 0 0 20,000
Pillar 2. Organisational structure and
internal audit responsibilities
Strategy 1: Coach internal auditors in MDAs 0 0 80,000 0 0
Strategy 2: Enhance independence of internal
audit function
Strategy 3: Ensure appropriate internal audit
focus
Strategy 4: Provide consulting services and
develop tools to improve risk management and
OCIA 2013-2018 Strategic Plan
45 | P a g e
internal control systems
Pillar 3. Human Resources and Leadership
Strategy 1: Internal audit leadership training
program
0 27,500 0 0 0
Strategy 2: Conduct short term and professional
skills training
155,000 194,200 145,200 145,200 145,200
Strategy 3: Develop internal audit technical
skills resourcing partnerships
Strategy 5: Manage knowledge
Pillar 4. Audit Process, Tools and Techniques
Strategy 1: Conduct training to implementation
of professional standards and code of ethics for
internal auditors
50,000
Strategy 2: Develop and implement appropriate
audit methodologies, tools, manuals and coach
internal auditors in MDAs
0 105,000 25,000 25,000 25,000
Strategy 3: Enhance audit automation 61,000 69,000 25,000 25,000 25,000
Pillar 5. Communication and Reporting
Strategy 1: Enhance the number of internal
audit reports consolidated and monitored
Strategy 2: Train internal audit stakeholders
Pillar 6. Performance Management and
accountability
Strategy 1: Develop internal audit and risk
management performance indicators
Strategy 2: Conduct study tours to benchmark
with regional governments
0 10,000 10,000 10,000 10,000
Strategy 3: Recruit Internal Audit Advisor to
support capacity building program and a
consultant to develop next strategic plan
164,000 164,000 0 0 20,000
Strategy 4: Develop next strategic plan
GRAND TOTAL 430,000 635,300 338,700 260,200 299,200
OCIA 2013-2018 Strategic Plan
46 | P a g e
7. Monitoring & Evaluation Monitoring will be a central feature of this strategic plan to ensure the targets are achieved
within the stipulated time, objectives are achieved and corrective measures are taken if
deviations arise. Periodic monitoring reports will be prepared.
7.1 Performance Indicators The Office aims to uplift these to level 4 of each model from current level 1. This is because
internal audit is relatively new and is at the lower level of maturity of most of the performance
indicators. In addition, some specific outputs for each pillar are indicated below. The success
of the strategic plan will be measured by the improvement of internal audit capability as
measured by:
• Internal audit capability maturity model;
• IT maturity model;
• Risk based maturity model;
• Risk management maturity model;
• Internal control maturity model;
• Risk management maturity model;
• Internal audit competency framework;
• Internal audit process maturity model; and
• Quality assurance maturity model.
The performance indicators will be cascaded to the lowest level possible through action plans
and performance contracts to ensure they are acted upon.
7.2 Targeted outputs and outcomes The output and outcome of each activity would be measured against the performance measure
and strengthened until the desired level 4 maturity level of each performance indicator is
achieved. The Output, outcome and performance measure of each activity is listed in Annex
6.
OCIA 2013-2018 Strategic Plan
47 | P a g e
7.3 Risks and Mitigating Measures The threats that could prevent the achievement of objectives and mitigating measures are
listed in Annex 4. Setting time bound objectives and action plans will facilitate identification
and mitigation of risks to achieving the strategic objectives. A risk matrix will be developed
and updated on a continuous basis.
OCIA 2013-2018 Strategic Plan
48 | P a g e
Annex 1: Definitions
Add value – contribute to the organization objectives.
Audit Committee – A high level committee, comprising, where possible, independent, non-
executive members, with responsibility of overseeing the independent review of the
framework of internal control, monitoring the internal audit function and the external audit
processes.
Corporate governance - The combination of processes and structures implemented by the
supervisory board to inform, direct, manage, and monitor the activities of the organization
toward the achievement of its objectives.
Internal Auditing is an independent, objective assurance and consulting activity designed to
add value and improve an organization’s operations. It helps an organization accomplish its
objectives by bringing a systematic and disciplined approach to evaluate and improve the
effectiveness of the risk management, control and governance processes.
Internal control- A process, effected by an entity’s supervisory board, management, and
other personnel, designed to provide reasonable assurance regarding the achievement of
objectives in the following categories:
• Effectiveness and efficiency of operations.
• Reliability of financial reporting.
• Compliance with applicable laws and regulations.
IT General Controls - Controls used to manage the IT activities and computer environment,
covering the following areas: Maintenance of existing systems, Development and
implementation of new systems, information security, and computer operations.
Risk management - A process to identify, assess, manage, and control potential events or
situations to provide reasonable assurance regarding the achievement of the organization’s
objectives.
OCIA 2013-2018 Strategic Plan
49 | P a g e
Performance Audit - An approach to audit that aims to improve the economy, efficiency and
effectiveness of operations. The objective of performance audit is to improve the value of
money provided by a public entity.
Systems Audit – Systems audit is the structured analysis of internal control in relation to the
objectives of the organization. Systems audit should enable internal audit to make practical
recommendations to address any weaknesses that have been identified within the context of
risks to the achievement of objectives. It should also enable internal audit to form an opinion
on the adequacy and reliability of the organization’s internal control system.
OCIA 2013-2018 Strategic Plan
50 | P a g e
Annex 2: References
1. Organic Law N° 12/2013/OL of 12/09/2013 on State finances and property
2. Organic Law n° 37/2006 of 12/09/2006 on State Finances and Property
3. Ministerial Order n° 002/07 of 09/02/ 2007 relating to Financial Regulations
4. Public Expenditure and Financial Accountability (PEFA) Assessment, Public Financial Management
Performance Report, Final Report, June 2008, Ministry of Finance and Economic Development
5. Government of Rwanda Public Finance Management Reform Strategy 2008-2012, Ministry of Finance
and Economic Development
6. 2013-2018 Public Finance Management Sector Strategic Plan
7. Ministerial Order n° 002/09/10/GPIA of 12/02/2009 Setting Out Regulations for Internal Control &
Internal Audit in Government
8. Ministerial Instructions n° 004/09/10/min of 01/10/2009 for the Establishment of the Audit Committees
in Public Entities, Local Government Entities and Autonomous and Semi-autonomous Public Entities.
9. Internal Audit Charter, Government of Rwanda, July 2011
10. Internal Audit Procedure Manual, Government of Rwanda, July 2011
11. Audit Committee Charter, Government of Rwanda, July 2011
12. Draft Code of ethics for internal auditors, Government of Rwanda
13. Chief Internal Auditor, Handover report, July 2011
14. Capacity building programme, January 2011
15. Stakeholder interview report
16. Internal audit manual implementation report, May 2012
17. Imihigo
18. Various OCIA training reports
19. 2011 Internal Audit staff survey
20. MINECOFIN Strategic plan 2012-2015
21. MINECOFIN Single Action Plan 2011/12
22. COWATER Final report
OCIA 2013-2018 Strategic Plan
51 | P a g e
23. Office of the Auditor General, 2011 report
24. The Government Principal Internal Audit Unit, Strategic Plan of GIA in the Three Year Period
2010/2013.
25. The Government Principal Internal Audit Unit, Strategic Paper
26. The Government Principal Internal Audit Unit, Improvements Needed document
27. Public Internal Financial Control
28. COSO Internal Control Framework
29. COSO Risk management Framework
30. Internal Audit Capability Model for the Public Sector (published by the IIA)
31. Terms of reference for Resident Internal Audit Advisor
32. International Standards for the Professional Practice of Internal Auditing; by the Institute of Internal
Auditors
33. Developing the Internal Audit Strategic Plan, IIA Practice Guide, July 2012
OCIA 2013-2018 Strategic Plan
52 | P a g e
Annex 3: People and Institutions Consulted
No. Name and title Institution
1. Patrick Shyaka- Accountant General MINECOFIN
2. Enata Dusenge – Director General, Corporate Services MINECOFIN
3. Elias Baingana – Director General Budget MINECOFIN
4. John Munga – Deputy Accountant General, Public Accounts Unit MINECOFIN
5. Caleb Rwamuganza - Deputy Accountant General, Treasury MINECOFIN
6. Cyrille Hategekimana – Coordinator Government Business
Portfolio Unit
MINECOFIN
7. Jean Rurangirwa –IFMIS Coordinator MINECOFIN
8. Amin Miramago – PFM Manager MINECOFIN
9. David Nkusi- Director of Finance and Accounting MINECOFIN
10. Veneranda Mukakimenyi – Ag. Chief Internal Auditor MINECOFIN
11. George Mang’oka – Resident Internal Audit Advisor MINECOFIN
12. Dieudonne Kayombya – Team Leader Local Government Audit
Team
MINECOFIN
13. Chantal Zaninka - Team Leader Central Government Audit Team MINECOFIN
14. Internal Auditors MINECOFIN
OCIA 2013-2018 Strategic Plan
53 | P a g e
Annex 4: SWOT Analysis
SWOT Analysis - Strengths
Area Strengths How IA can capitalize on strength
Office of CIA, MINECOFIN
Office of CIA has the mandate of
carrying audits in any entity and
supervising IA in the country
− OCIA to play a role in recruitment,
performance assessment and exiting of auditors
− Develop tool for OCIA to assess internal
auditors
Internal audit units Internal audit units established in every
budget agency and have good
understanding of the entities
− Promote closer relationship between IA, AC
and management through site visits and joint
meetings
− Build capacity of IA and AC to carry out their
work effectively and independently
Internal audit reports Internal auditors communicate audit
reports to management
− Improve format and content of reports to
ensure they add value by providing insight,
foresight and hindsight
Consolidation reports OCIA prepares country –wide
consolidates internal audit report to
PS/ST, Minister and the Prime Minister
− Present report to recipients to emphasize
recommendations for action
Internal audit legal and
regulatory framework
Internal audit recognized in Organic
law and implemented through
Ministerial Order and Audit committee
Ministerial instruction
− Use legal mandate to build IA capacity
− Review and update legal and regulatory
framework
− Include penalties and sanctions in the
regulations to facilitate enforcement
Internal control legal
framework
Laws and regulations on procurement,
financial management, taxation, human
resource management etc established
− Assess compliance with laws and regulations
− Participate in the formulation and review of
legal and regulatory framework
Organizational Office of CIA is a directorate reporting − Use position to advocate for internal audit and
OCIA 2013-2018 Strategic Plan
54 | P a g e
Area Strengths How IA can capitalize on strength
independence of
OCIA
to the Minister of Finance, Permanent
Secretary and Secretary to the Treasury
promote the welfare of internal auditors
Organizational
independence of
internal audit units in
MDAs
Internal auditors in districts report to
the district council and in ministries to
the minister
− Use the reporting authority to obtain approval
to audit all areas without scope limitation
Access to information Financial and audit regulations and
charter authorize access to all records
− Use mandate to provide assurance in high risk
areas
− Establish procedure to access classified
information
Audit manuals and
standards
A number of audit manuals have been
developed
IA has adopted IIA international
standards for the professional practice
of internal auditing
− Develop remaining audit manuals and
guidelines
− Implementation support including training,
mentoring and coaching
PFM reform strategy Internal audit recognized as one of the
components in PFM reform strategy
− Implement agreed PFM reform strategy
activities
− Advocate internal audit to PFM stakeholders
− Contribute to reforms in all PFM components
Professional training
program
Government has a policy in place to
sponsor professional training
− Encourage staff to use the training facilities
− Pay subscription for membership to
professional associations e.g. IIA
IA Mission IA is mandated to provide consulting
services and assurance services on
internal controls, governance and risk
management through six missions:
value for money, compliance, system,
IT, financial audits and fraud
investigations
− Develop skills to provide high value audit
assignments
− Develop tools, methodologies etc for proving
internal audit assurance and consulting services
TeamMate audit
management software
MINECOFIN has invested in 50 pilot
TeamMate licenses
− Deepen use of software to achieve full
automation
OCIA 2013-2018 Strategic Plan
55 | P a g e
Area Strengths How IA can capitalize on strength
− Acquire and roll out additional licenses
− Sensitization of stakeholders on the importance
of using Teammate
IDEA data analysis
tool
OCIA has invested in 10 IDEA licenses − Train auditors on use of the software to
increase audit efficiency
Audit committees in
Districts and
semiautonomous
AC established in districts and
semiautonomous institutions
− Strengthen audit committees effectiveness
through capacity building
− Develop tools for AC
Internal Audit
Stakeholders
Internal audit has strong stakeholders
including Minister of Finance &
Economic planning, PS & ST, OAG,
Prosecutor General, Prime Minister
− Office of the CIA to work closely with
stakeholders
SWOT Analysis Weaknesses
Area Weakness How weakness can be addressed
Internal audit
visibility and
communication
Internal audit has not adequately
marketed its activities to its
stakeholders and is not a strong agenda
at the executive level
− Communication plan and stakeholder
engagement
Improve capability and positions of internal
auditors and leadership style
IA leadership and
succession planning
Concentration of authority due to lack
of internal audit manager positions
HIA positions not established in
Ministries and Districts
− Review internal audit structure to create
departments such as quality assurance, training,
forensic investigation etc
− Appoint HIA in budget agencies
Coaching and
mentoring
Inadequate coaching and mentoring due
to flat internal audit structure
− Increase hierarchy of internal auditors in line
with competency framework to increase
supervision and career development
Management of
internal auditors
OCIA not having control over
appointment and termination of
auditors
No effective oversight over internal
− OCIA should participating in interviews and
written exams on request, and concur on
termination of auditors
− OCIA should give guidelines on recruitment of
OCIA 2013-2018 Strategic Plan
56 | P a g e
Area Weakness How weakness can be addressed
auditors in MDAs internal auditors
− OCIA to exercise more control over IA in MDAs
Audit automation Inappropriate training methodologies
and short training duration leading to
low utilization of IDEA, IFMIS and
TeamMate systems.
− Refresher training on IFMIS, TeamMate and
IDEA
− Coaching and mentoring
− Readiness assessment to implement new software
− Development of user aids
Auditing in
computerized
environment
Lack of skills in evaluating internal
financial controls in computerized
environment
− Involve auditors in system development and
implementation
Specialized skills Inadequate skills in specialized areas
such as internal controls framework
implementation, risk management
framework implementation,
governance, IT audit, Value for money
audits, Forensic investigations among
others
− Provide training
− Co-outsource some work to facilitate skills
transfer
− Design and provide short training courses on
each type of work
− Develop and implement guidelines on each type
of assignment
− Develop a policy on coaching and mentoring of
auditors
International
standards for the
professional practice
of internal auditing
Low implementation of mandatory
guidance i.e. code of ethics, standards
and definition
− Approval and disseminate the code of ethics and
standards
− Training IA, AC and CBM on standards
− Continuous gap assessment and remediation
Internal audit
regulations
Non compliance with internal audit
regulations
− Regular self compliance review by IAU and
independent compliance review by OCIA and
external reviewers
Risk based audit
approach
Low adoption of risk based annual
planning and engagement planning
− Training on risk based auditing
− Coaching and mentoring of auditors
Consolidation Some government entities do not
submit internal audit reports for
− Include submission internal audit reports in
regulatory framework
OCIA 2013-2018 Strategic Plan
57 | P a g e
Area Weakness How weakness can be addressed
consolidation − Apply sanctions to non complying entities
Performance
management system
Weak performance management for
internal auditors (lack of appropriate
appraisal tools)
Lack of career development
− Develop a customized performance management
tools for internal auditors
− Career development plan for internal auditors
Change management Resistance to change
Stiff learning curve
− Use of authority to enforce
− Training, coaching and mentoring
Quality assurance and
improvement
program
Lack of quality assurance and
improvement program
− Develop and implement a quality assurance and
improvement program
− Create a QAIP section in OCIA
Best practices Lack of exposure to best practices and
failure to promote best practices such
as risk management and internal
control frameworks
− Internal audit capacity to champion emerging
trends and best practices
Coordination Lack of coordination with OAG,
Prosecutor and other integrity bodies
− Develop memorandum of understanding with
stakeholders to exploit opportunities available in
coordinating
Capacity building Lack of continuous capacity building
and training leading to slow
implementation of training curriculum
− Recruit a full time training coordinator
− Acquire technical support from qualified
consultants
Organizational
independence
I.A units in MDAs are not financially
independent, and some report to CBMs
due to absence of audit committees.
Auditors are not independent in
developing audit plan and determining
the audit scope
− Appointment of audit committees in central
government
− Raise awareness on the role of internal audit
Monitoring of audit
recommendation
Lack of process to monitor implement
of audit recommendations
− OCIA to monitor audit recommendations
centrally using TeamCentral
− Include implementation of OAG and IA
recommendations in managers performance
contracts
OCIA 2013-2018 Strategic Plan
58 | P a g e
Area Weakness How weakness can be addressed
Professional
qualifications
Low professional qualifications is an
hindrance in giving audit opinion on
internal controls
− Government sponsoring ACCA, CIA, CISA and
CFE
− Adequate time should be given to study
Audit procedures Low implementation of audit manual
procedures. More professional
discipline and effort is required by the
new audit manual.
− Change management for auditors
− Support from stakeholders
Number of internal
auditors
Number of internal auditors are not
enough to cover the audit universe and
scope adequately
− Increase the number of internal auditors
especially in districts
Audit committees Audit committee members do not have
capacity to analyze reports
Audit committees not appointed in
ministries
− Training of audit committees
− Appointment of audit committees in central
government
Internal audit
database
Lack of database on audit programs,
reports, best practice − Develop audit programs to guide internal auditors
− Develop knowledge sharing database
SWOT Analysis - Opportunities
Area Opportunity − How opportunity can be exploited
Legal and regulatory
framework
Implement 2013 Organic Law on State
Finances and Property and subsequent
Ministerial Orders
− Incorporate enough clauses to promote
independence of internal audit and the
role of audit committees
− Another relevant requirement (eg.
consolidation of internal audit reports )
− Help IAs and ACs understand the laws,
rules and procedures which govern
government MDAs activities
Tone at the top Advocacy by top leadership for
accountability and transparency and zero
tolerance to corruption culture
− Require entities to submit report on
implementation of audit recommendations
− Advocacy of internal audit through
OCIA 2013-2018 Strategic Plan
59 | P a g e
Area Opportunity − How opportunity can be exploited
Greater public awareness in issues of
accountability, transparency and value for
money.
newspaper articles, magazines and other
media
Computerization of
government operations
Future IFMIS project study being conducted
Integrated Payroll Processing system
− OCIA team to be involved at every stage
of the new project to ensure controls are
well designed
− Log in access by auditors
− Provide assurance on IT controls and use
data analysis tools to increase audit
efficiency
Performance audits More requests for performance audit
assignments received from management
− Perform more performance audits
− Develop technical skills in performance
audit
− Greater public awareness on issues of
value for money
Internal audit competency
model
Internal audit competency developed − Hold discussions with MIFOTRA on
restructuring on internal audit in hierarchy
levels
Training needs assessment Training needs assessment conducted
− Develop and implement training calendar
Support from development
partners
Development partners ongoing support for
PFM reform programme
− Enhance cooperation and lobby for
additional support
Professional associations ICPAR and IIA Rwanda (in formation) to
expand the accounting and auditing skills in
the country
− Use training opportunities to enhance
accounting and internal audit skills
− Play a professional leadership role
−
ncourage I.As to be members of
professional bodies
Enterprise risk
management
Risk management guidelines drafted for
approval and implementation
− Spearhead approval and implementation
− Advocate setting up of risk management
committees in public enterprises
OCIA 2013-2018 Strategic Plan
60 | P a g e
Area Opportunity − How opportunity can be exploited
Corporate governance Formulation of public sector governance in
GBEs offers an opportunity to develop
similar principles for central government
− Provide assurance and assist in
development and implementation of
various governance tools
Public Internal Financial
Control (PIFC)
This frameworks gives a model for
coordination of public sector internal control
− Work with OAG and other integrity
organs to promote and coordinate internal
control environment
Audit committee annual
report
Regulations require AC to issue a statement
together with the annual financial statements
− Build capacity of AC to report annually
Chief budget manager
statement on internal
controls
CBM statements on internal controls should
be supported by internal audit annual opinion
on internal control and should be reviewed
by the AC
− Build capacity of internal auditors to issue
annual report on internal controls
− Capacity building of CBM
Entity performance report Proposed entity performance report gives
auditors an opportunity to audit performance
information
− Build capacity of auditors to audit
performance information once framework
is put in place
Quality of reports Better communication with auditees − Issue quality audit reports
Relationship with auditees Raise awareness on the role of internal audit − Capacity building
Government policies Advise on developments and implementation
of government policies
− Market consulting role to management
SWOT Analysis - Threats
Area Threat How threat can be prevented
Internal audit
Leadership and
management skills
Lack of leadership and audit management skills − International leadership development
program to increase exposure
Communication Failure to secure executive management and
stakeholders engagement commitment to strategic
plan and implementation of audit recommendations
− Marketing of internal audit to management
through regular senior management
presentations
− Organize workshops and produce brochures
OCIA 2013-2018 Strategic Plan
61 | P a g e
to inform stakeholders of its mission
Staff turnover High staff turnover due to better terms outside,
performance and independence challenges
− Review internal audit structure through
MIFOTRA
− Introduce annual recruitment of graduates to
factor in staff turnover.
- Introduce career path
Organization
structure
Review of IA structure dependent on approval of
MIFOTRA
As above
Professional
qualifications
Internal audit grade is unable to attract experienced
and qualified professional
As above
IA independence
and objectivity
Internal auditors intimidated by fear of losing
employment and are influenced in selecting audit
assignments
OCIA to participate in evaluation and
termination of IAs
Awareness workshops
Consulting
services
IA are at the lowest rank in their organizations and
not highly regarded to give consultancy services
As above
VPN connectivity TeamMate users are not connected remotely to
MINECOFIN server
Follow up with ICT department for resolution
or use work around
Internal control
environment
Weak internal control environment in public sector Identify cross cutting issues and develop
interventions including training with IA
stakeholders
Awareness of the
role of internal
audit
Low awareness by management on how internal
audit can be used to add value to their organizations
Raise awareness on the role of internal
auditing in different forums
Financial support Inadequate financial support to sustain capacity
building
Budget for required resources as appropriate
IFMIS control
environment
Lack of adequate audit trail, inadequate input
controls and database integrity
Play an advisory role in IFMIS
implementation.
Change in
government policy
Influence by elected and appointed officials Recognize internal audit in legal framework
Raise awareness through presentations,
magazine
Employment
terms
Internal auditors employed on contract influence
objectivity and independence
Lobby for reversal of contract employment
except where auditors are working on project
OCIA 2013-2018 Strategic Plan
62 | P a g e
to enhance independence.
Audit committees Audit committees still new. These were set up in
districts in 20111 and in central government in 2013.
− Provide allowance to ACs
− Training of audit committees
− Monitor performance of AC
Appointment of audit committees in central
government
Goals and
objectives
Failure to agree on common goals and objectives
with stakeholders
− Market the role of internal audit
− Discuss strategic plan and action plan with
stakeholders
Benchmarking
with other
Governments’
internal audit
functions
Lack of exposure to techniques employed by auditors
in other governments
− Study tours
Change
management
Failure to implement audit procedures by some
auditors
− Develop change management strategies to
overcome personal barriers to change and
manage benefits
OCIA 2013-2018 Strategic Plan
63 | P a g e
Annex 5: Public Sector Internal Audit Capability Model Matrix The model below is developed by the Global Institute of Internal Auditors and shows best practices that should be institutionalised at different maturity levels.
Services and
Role of IA
People Management Professional
Practices
Performance
Management
and
Accountability
Organizational
Relationships
and Culture
Governance
Structures
Level 5 –
Optimizing
IA Recognized
as Key Agent of
Change
Leadership
Involvement with
Professional Bodies
Workforce Projection
Continuous
Improvement in
Professional Practices
Strategic IA Planning
Public Reporting
of IA
Effectiveness
Effective and
Ongoing
Relationships
Independence,
Power, and
Authority of the
IA Activity
Level 4 –
Managed
Overall
Assurance on
Governance,
Risk
Management,
and Control
IA Contributes to
Management
Development
IA Activity Supports
Professional Bodies
Workforce Planning
Audit Strategy
Leverages
Organization’s
Management of Risk
Integration of
Qualitative and
Quantitative
Performance
Measures
CAE Advises and
Influences Top-
level
Management
Independent
Oversight of the
IA Activity
CAE Reports to
Top-level
Authority
Level 3 –
Integrated
Advisory
Services
Performance/V
alue-for-Money
Audits
Team Building and
Competency
Professionally
Qualified Staff
Workforce
Coordination
Quality Management
Framework
Risk-based Audit
Plans
Performance
Measures
Cost Information
IA Management
Reports
Coordination
with Other
Review Groups
Integral
Component of
Management
Team
Management
Oversight of the
IA Activity
Funding
Mechanisms
Level 2 –
Infrastructure
Compliance
Auditing
Individual
Professional
Development
Skilled People
Identified and
Recruited
Professional Practices
and Processes
Framework
Audit Plan Based on
Management/
Stakeholder Priorities
IA Operating
Budget
IA Business Plan
Managing within
the IA Activity
Full Access to the
Organization’s
Information,
Assets, and
People
Reporting
Relationship
Established
Level 1 –
Initial
Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs
dependent upon the skills of specific individuals holding the position; no specific professional practices established other than those
provided by professional associations; funding approved by management, as needed; absence of infrastructure; auditors likely part of a
larger organizational unit; no established capabilities; therefore, no specific key process areas
OCIA 2013-2018 Strategic Plan
64 | P a g e
Annex 6: Detailed sequencing of implementation
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
Pillar 1. Regulating and coordination
Objective: Ensure internal audit function is established in laws, regulations and in ministries, districts and budget agencies
Strategy 1: Enhance and comply with regulations on internal audit, audit committee internal control
a) Update OL on State Finances
and Property (OBL) to reflect IA
and AC mandate and enhance
compliance
IA and AC mandate
reflected in revised
Organic Law on state
finances and
property (OBL)
Institutional
capacity of internal
audit, audit
committees and
independence
strengthened
Adoption of internal
control and risk
management
frameworks.
Compliance with
regulations
1) organic law
updated (2)
Internal audit
regulations
gazette and
internal audit
units conforms
to the
regulations
2016/17 OCIA
b) Update audit committee,
internal audit charter and IA
regulations to include roles in
risk management
Revised IA
regulations, IA and
AC charter
(1) Revised
Internal Audit
and Audit
Committee
Charters
published and
signed (2)
Review the
adequacy of the
Internal Audit
and Audit
Committee
Charters
annually and
report adequacy
2013/14 OCIA
OCIA 2013-2018 Strategic Plan
65 | P a g e
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
in the internal
audit annual
report
c) Hold local workshops and
annual conference for all
internal auditors
Regional workshops
and annual
conference
Benchmarking and
sharing of
experience
Conference
/workshop held
annually
2013 -
2018
OCIA
Strategy 2: Operationalise internal audit, audit committee and mobilize stakeholders
a) Conduct training for various
stakeholders to raise awareness
on regulations, guidelines and IA
standards.
Awareness sessions
with DGs, Directors
etc
Stakeholders
support,
independence
Presentations at
stakeholders
forums
2014 - -
2015
OCIA
HIA
b) Establish audit committees in
central government and monitor
Government entities
Appointment and
induction of audit
committees
Enhanced oversight
by audit committee
members
80% Quarterly
Internal Audit
committee
reports and
annual Audit
Committee
Report obtained
and analyzed
2013-
2014
CIA/Minister
and
ministries.
c) Develop audit committee
guidelines and tools
AC guidelines and
tools developed and
disseminated
Training workshop
More effective audit
committees
Audit committee
handbook and
tools developed
and
communicated
2013/14 OCIA
d) Provide continuous training to
audit committees on their role in
financial reporting, risk
management, internal and
external audit, internal controls,
stakeholder relationships etc
Annual training
of audit
committee
2013-
2018
OCIA
e) Annual audit committee report Annual audit Improved 40% Audit 2016- Audit
OCIA 2013-2018 Strategic Plan
66 | P a g e
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
on AC responsibilities and
performance, and opinion on
internal controls including
internal audit
committee report
published with
financial statements
accountability and
transparency
committees
issue annual
audit committee
report as part of
entity annual
report issued
together with
annual financial
statements
2017 committees
Strategy 3: Increase internal audit visibility and integration in public governance
a) Develop effective relationship
with other arms of government,
development partners and
professional associations
Communication plan
and stakeholder
engagement plan,
MOU, meetings,
reports
Stakeholder needs
met
Positive image of IA
enhanced
Develop and
implement a
stakeholders’
communication
plan and regular
contact program
2013-
2014
OCIA
b) Professional membership in
Institute of Internal Auditors
Membership in
institute of internal
auditors
Exposure and career
development for
internal auditors
Membership in
IIA
2013-
2017
OCIA &
MINECOFIN
c) Prepare publicity materials for
IA and AC on IA and AC in
control, risk management,
governance , fraud detection etc
Brochures, articles,
workshops,
presentations etc
Awareness on role
of IA, AC
Publicity
materials
distributed semi-
annually
2013-
2017
OCIA
Strategy 4: Networking and knowledge sharing
a) Purchase reference books and
subscribe to knowledge
databases
library and electronic
database
Increase in research
capacity
Books acquired
and available for
borrowing
2013-
2014
OCIA &
MINECOFIN
b) Develop internal audit intranet,
extranet, group emails etc for
networking and knowledge
sharing
Knowledge and
networking sharing
tools deployed
Knowledge sharing Establish and
maintain
electronic
networking and
reference
2014/15 OCIA &
MINECOFIN
OCIA 2013-2018 Strategic Plan
67 | P a g e
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
resources for
internal auditors.
E.g. social media,
knowledge
databases (2)
Intranet
developed
Strategy 5: Develop and implement quality assurance program
a) Implement an internal quality
assurance review mechanism
Quality assurance
review reports and
recommendations
Improve the quality
of internal audit
1) All
assignments
reviewed by
second auditor
(2) OCIA
conducts quality
assurance
reviews in a
representative
number of
internal audit
units annually
2013 -
2018
OCIA
HIA
b) Conduct external quality
assurance review by
independent consultants
External quality
assurance
reviews
conducted every
five years and
report submitted
to MINECOFIN
senior
management
2016/7 OCIA
MINECOFIN
OCIA 2013-2018 Strategic Plan
68 | P a g e
Pillar Objective/Activities Output Outcome Performance
Indicator
Timing Responsibilities
Pillar 2. Organisational structure and internal audit responsibilities
Objective: Internal audit has an appropriate organization structure to effectively discharge its mandate and engage its stakeholders
Strategy 1: Review organizational structure to match internal audit mandate
a) Review internal audit structure
at OCIA and MDAs to ensure
adequate internal audit
resources
OCIA re-organized to
create specialized
team.
Functions and
activities aligned
to mandate.
(1) MINECOFIN
proposes review of
organizational
structure by
2013/14 (2)
Organizational
structure review
conducted and
adequacy of
structure and
number of internal
audit resources
established
2014/15 CIA ,
MIFOTRA,
CBMs
b) OCIA to allocate time
appropriately between
coordination and capacity
building
Action plan
rebalanced and roles
properly assigned
Enhanced
coordination,
capacity and
communication
1) 75% satisfaction
reported in
feedback received
from coaching
internal auditors,
support and
training (2) 70% of
internal audit
reports for
consolidated
quarterly and
feedback provided
2014-
2015
OCIA
& PS/ST
c) Develop capacity to provide
specialized internal audit
services within OCIA
Increase specialized
skills
Specialized
assignment
conducted using
relevant
OCIA conducts
assignments in
specialized areas
such as risk
2014/15 MINECOFIN
MIFOTRA
OCIA 2013-2018 Strategic Plan
69 | P a g e
Pillar Objective/Activities Output Outcome Performance
Indicator
Timing Responsibilities
standards. management
d) Attracting experienced and
skilled people especially to OCIA
Improved terms of
reference
Position IA to
provide value
added services
Job description
revised
2013-
2018
MINECOFIN
MIFOTRA
e) Outsource review of IFMIS and
other mission critical systems to
specialized IT consulting firms
Increase in scope
coverage
Risks minimized
Skills transfer to
OCIA team
Approval for
outsourcing IA
services
2014/15 CIA
PS/ST
Strategy 2: Enhance independence of internal audit function
a) OCIA to participate in
recruitment and concur in
termination internal auditors
Independence of
internal auditors
Protection of
internal auditors
1) Provide
technical support
in recruitment of
internal auditors
where necessary
(2) OCIA reviews
recruitment and
termination of
internal auditors in
MDAs and
prepares an annual
report.
2013-
2018
OCIA
MINECOFIN
MIFOTRA
b) OCIA to review and approve
audit plans
Risk based audit
plans
Audit effort
focused on higher
risk areas
Consolidate 50%
annual action plans
2014-
2015
OCIA
c) OCIA consolidates independence
declaration forms Internal
Auditors
OCIA consolidates
independence
declaration forms
from 60% of
internal auditors
2015/16 OCIA
Strategy 3: Ensure appropriate internal audit focus
a) Increase number of system
audits carried out as opposed to
compliance and transaction
Focus on high risk
areas
Improved control
environment
Number of system
audit conducted
2013-
2018
OCIA and all
auditors
OCIA 2013-2018 Strategic Plan
70 | P a g e
Pillar Objective/Activities Output Outcome Performance
Indicator
Timing Responsibilities
audits
b) Conduct annual risk assessment
and develop risk based audit
plans
Prioritization of audit
universe
Risk based audit
plan
50% of internal
audit units
preparing multi
year and annual
audit plans based
on documented
annual risk
assessments
2014-
2015
OCIA and all
auditors
Strategy 4: Provide consulting services and develop tools to improve risk management and internal control systems
a) Obtain senior management
approval and champion
implementation of risk
management guidelines in
MDAs
RM guidelines
approved
Capacity building
provided.
Improved public
financial
management
Risk management
guidelines
published and
piloted in 3 entities
2014-
2015
OCIA and
Managemen
t
b) Promote adoption of internal
control framework e.g. PIFC,
COBIT
Awareness
workshops,
Guidelines and tools
Policy on adoption of
internal control
framework
Improvement in
internal control
environment
(1) OCIA develops
and publishes
piloted in 3 entities
(2) Internal control
monitoring
guidelines and
implementation
monitor annually
2015-
2016
OCIA and
Managemen
t
c) Provide assurance reports and
opinion on adequacy of risk
management and internal
control systems
Assurance reports
and opinion on
controls
Assurance on
internal control
environment
annual internal
audit reports
issued
2014-
2015
OCIA
OCIA 2013-2018 Strategic Plan
71 | P a g e
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
Pillar 3. Human Resources and
Leadership
Objective: Internal audit is staffed with the adequate, skilled and competent staff to provide quality internal audit services and meet
stakeholders’ expectations.
Strategy 1: Implement professional and competency development framework
a) Finalise and obtain approval for
internal audit competency
framework and monitor its
implementation
Career development
plans developed and
monitored, training
needs assessment
Improved internal
audit skills and
reduced turnover
(1) MINECOFIN
proposes
internal audit
competency
framework (2)
Internal audit
competency
framework and
revised
organization
structure
adopted by
MIFOTRA) (3)
Annual report on
implementation
of internal audit
competency
framework
2013/14
2014/20
15
OCIA
Senior MGT-
MINECOFIN
b) Internal auditor Training and
development plan implemented
(1)Internal
auditors Training
and
development
plan approved
(2)Training and
development
plans
implemented
2014/5
2015/16
OCIA
OCIA 2013-2018 Strategic Plan
72 | P a g e
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
c) Implement an internal audit
leadership training program
Training program Audit management
skills developed
Training
program
approved
2014/15 OCIA
Strategy 2: Enhance professional and skills training
a) Internal auditors pursue ACCA,
CIA professional training
Professional training
and qualifications
Technical skills
leading to better
service delivery
Reduced turnover
(1)Two
recruitments per
year held for CIA
training
(2)Lobby
MIFOTRA to
include
professional
qualification in
accounting and
audit in job
specifications
2014-
2017
Internal
auditors
b) Internal auditors to pursue
specialised professional
qualifications including: CFE,
CISA, CRMA
40 Number of
internal auditors
enrolled in
specialized
professional
courses after
qualifying in
either CIA or
ACCA
2013-
2018
Internal
Auditors
MINECOFIN
c) Develop public sector internal
audit diploma
(1) Policy on
public sector
internal audit
diploma
approved (2)
Service provider
recruited and
internal auditors
2014-
2015
2015/20
16
MINECOFIN
MINEDUC
OCIA 2013-2018 Strategic Plan
73 | P a g e
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
annually trained
on public sector
internal audit
diploma
provided
d) Sponsor internal auditors to
attend regional and
international professional
conferences
Development of
internal auditors
competency and
professional skills
Capacity for
auditors enhanced
Skills to audit in a
computerized
environment
Internal auditors
attend
international
conferences
annually and
regional semi
annually internal
auditing
2013
-2018
MINECOFIN
EMPLOYERS
Internal
Auditors
e) Organize short courses for
internal auditors
Each internal
auditor receives
at least one
week training
per year
2013-
2018
OCIA
MINECOFIN
Strategy 3:Develop internal audit technical skills resourcing partnerships
a) Co-source audit of technical
areas where the Office of CIA
and internal audit units do not
have the necessary skills and
experience
Increase audit scope
Risk mitigation
Skills transfer
Policy on
outsourcing
internal audit
services
approved and
budget approved
2014/20
15
OCIA
MINECOFIN
Partner
institutions
b) Develop partnership with other
governments’ assurance
functions e.g. RPPA,
Ombudsman, Monitoring and
Evaluation etc and capacity
building experts to build
competency
Study tours and
capacity building
support
Skills transfer and
maturity of internal
audit function
Develop and
implement a
coordination
framework (or
MoU) with other
Government
assurance
providers
2014-
2016
OCIA
MINECOFIN
OCIA 2013-2018 Strategic Plan
74 | P a g e
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
Pillar 4. Audit Process Tools and Techniques
Objective: To ensure efficiency and effectiveness in the audit process by employing efficient audit procedures and techniques
Strategy 1: Implement professional standards and code of ethics for internal auditors
a) Phased implementation of
international internal audit
standards
Compliance to
professional
standards
Quality internal
audit service
(1)
Communicating
IPPF, internal
audit charter
and manual (2)
Annual survey
on compliance
status (3)
Satisfaction
survey
conducted
annually
2014/15 OCIA
All auditors
b) Ensure all internal auditors sign
the code of ethics for internal
auditors and monitor
compliance
Code of ethics signed
Conflict of interest
avoided
Auditors with
professional
behavior
100% of auditors
sign the code of
ethics of internal
auditors by
2014/15.
(2)Annual report
on compliance
to code of ethics
2014/15
OCIA
Strategy 2: Develop and implement appropriate audit methodologies, tools and manuals to improve audit effectiveness and
efficiency
a) OCIA (supported by consultants)
to coach and mentor internal
auditors in MDAs to perform
high quality work and
implement internal audit
manual
Coaching and
mentoring internal
auditors
Quality of work and
reporting enhanced
1) All newly
recruited
internal auditors
coached by OCIA
team and other
experienced
2013 -
2018
OCIA Team
OCIA 2013-2018 Strategic Plan
75 | P a g e
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
internal auditors
in MDAs within
the first 6
months (2)
Number of
internal auditors
coached by more
experienced
personnel.
b) Develop, communicate and
implement internal audit
guidelines, tools and programs
in financial auditing, risk
assessment, risk management,
internal controls, corporate
governance, value for money
auditing, IT auditing,
consultancy services etc
Guidelines developed
and trainings
conducted
Auditors able to
execute their
mandate.
Develop and
implement a
timetable for
this activity
2013 -
2014
OCIA team.
c) Improve audit process efficiency
and reduce assignment
turnaround times
Value addition of
interval audit
Skills transfer
leading to high
quality work and
reports
Individual
Performance
evaluation
considers
achievement of
agreed
assignment
turnaround
times
2013-
2015
All internal
auditors
Strategy 3: Enhance audit automation
a) Pay annual CCH license
maintenance and support fees
and monitor utilization of
TeamMate licenses
System upgrades and
support
Audit automation Support and
updates
implemented
2013 -
2018
MINECOFIN
b) Phased roll out of TeamMate Additional teammate Increased efficiency Number of new 2013 - OCIA Team
OCIA 2013-2018 Strategic Plan
76 | P a g e
Pillar Objective/Activities Output Outcome Performance
indicator
Timing Responsibilities
audit management system to
MDAs internal audit units based
on usage of existing licenses
users of the audit process teammate
licenses acquired
and
implemented
2018 Internal
auditors
c) Utilization of TeamMate licenses Trained auditors
using Teammate
Internal auditors
that have license
use Teammate
appropriately
Number of
auditors using
IDEA to conduct
tests.
2013 -
2018
OCIA Team
Internal
auditors
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
Pillar 5. Communication and Reporting
Objective: To ensure that the results of the audit work are fully understood and appropriately acted upon to facilitate improvement
of internal control environment
Strategy 1: Enhance the number of internal audit reports consolidated
a) Consolidate internal audit
reports
Consolidated audit
report
Improved
transparency and
accountability
70% of internal
audit reports for
consolidated
quarterly and
feedback
provided
2014/15 OCIA
All Auditors
b) Coordinate with the Office of
the Auditor General in
implementation of audit
recommendations
Consolidated
implementation
report
Communicate with
impact
70% of internal
audit and OAG
reports followed
up on a quarterly
basis and
consolidated
2014/15 OCIA
All Auditors
OCIA 2013-2018 Strategic Plan
77 | P a g e
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
c) Internal auditors may raise
significant risks accepted or not
acted upon by management
with respective Board and/
MINECOFIN
Risk assessment Risk mitigation Un-acceptable
risks not acted
upon by
management for
more than six
months are
reported to
respective Board
and/ MINECOFIN
2013-
2018
OCIA
All Auditors
d) Internal auditors to work with
audit committees for resolution
of audit findings
Audit committee
quarterly reports
Clean audit opinion
(1) All internal
audit units
present their
report to Audit
Committees (2)
Annual report on
implementation
of audit
committee
recommendatio
ns
2013-
2018
All Auditors
Strategy 2: Build capacity to effectively engage senior management and audit committee, and external auditors effectively
a) Develop key stakeholders
engagement plan and meet
them regularly to monitor
progress in meeting respective
responsibilities
Memorandum of
understanding with
OAG etc
Coordination and
information sharing
Stakeholders
engagement
plan
implemented,
monitored and
updated
annually
2013/4 OCIA
Stakeholder
s
b) Coordination with OAG, in
planning value for money audits
and other assignments to avoid
duplication
Improved
communication
Efficiency in risk
assessment and
monitoring of
controls
OCIA shares
annual audit
plans with OAG
2013 -
2018
OCIA
OAG
c) Conduct regular satisfaction Overlaps reduced Increased audit Satisfaction 2013- OCIA
OCIA 2013-2018 Strategic Plan
78 | P a g e
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
surveys to understand their
needs and address them
Conduct joint
projects
coverage
Skills transfer
survey
conducted
annually to
understand
stakeholder’s
needs
2014 MINECOFIN
MDAs
d) Capacity building of audit
committees
Performance
feedback
Improved relations
with auditees
Audit committee
established and
trained
2013 -
2018
OCIA
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
Pillar 6. Performance Management and accountability
Objective: Strategic plan successfully implemented
Strategy 1: Develop an internal audit performance system and accountability
a) Develop a customized
performance score card for
Office of CIA and internal audit
units
Accountability for
internal audit
performance
Improved internal
audit performance
Customized
performance
score card
developed and
implemented
2015/16 OCIA
Strategy 2: Benchmark internal audit to regional governments with leading internal audit practices
a) Conduct study tours to
understudy best practices in
other countries
Study tours
conducted
Best practices
identified
Capacity enhanced
Study tours
conducted at
least every two
years
2013-
2018
OCIA &
MINECOFIN
Strategy 3: Implement the strategic plan
a) Obtain technical assistance to
assist in the implementation of
Consultant recruited 1) IAU achieve level
4 of IA-CM
Technical
assistance
2013-
2018
OCIA &
MINECOFIN
OCIA 2013-2018 Strategic Plan
79 | P a g e
Pillar Objective/Activities Output Outcome Measurement
criteria
Timing Responsibilities
CBP and the strategic plan model
2) Transfer of
ownership of
CPB
obtained
b) Conduct a validation workshop Mid-term review
report
Relevance of
strategic plan
validated
Performance
indicators
developed and
annual
monitoring
reported
2014/15, OCIA
c) Conduct mid-term review of the
strategic plan
Mid-term review
report
Status of
implementation
known and
priorities re
established
Mid-term review
report
2015/16, OCIA
d) Conduct a closing review of the
strategic plan
End of strategic plan
review report
New strategic plan
developed
Strategic
engagement &
Stakeholder
engagement and
commitment
Closing review
report
2018-2023
strategic plan
published
2017 OCIA /
External
reviewer
Strategy 4: Develop next strategic plan
a) Conduct a closing review of the
strategic plan and develop 2018-
2023 strategic plan
End of strategic plan
review report
New strategic plan
developed
Strategic
engagement &
Stakeholder
engagement and
commitment
2018-2023
internal strategic
plan developed
and approved
2017/8 OCIA
OCIA 2013-2018 Strategic Plan
80 | P a g e
Annex 7: Proposed Internal Audit Structure Proposed Structure for District
Notes:
(i.) The proposed structure introduces the position of Director of Internal Audit to enhance supervision lacking in current structure;
(ii.) There is also an increase by one extra internal auditor to address the high volume of work particularly relating to subsidiary entities.
Proposed structure for Ministries:
OCIA 2013-2018 Strategic Plan
81 | P a g e
Notes:
(i.) The proposed structure introduces the position of Director of Internal Audit to empower the internal audit units to be more independent, enhance supervision lacking in current structure and one extra internal auditor to enhance coverage within including single project units, inspections and risk management.
(ii.) Complex/large government entities such as boards and higher learning institutions and major spending ministries can negotiate directly with MIFOTRA for a more robust structure depending on the complexity of the entity.
(iii.) In small ministries and other budget agencies internal audit units will have two internal auditors and will be headed by senior internal auditor.
Proposed structure for Office of the Chief Internal Auditor in MINECOFIN:
Notes:
(i) The proposed structure increase number of Office of the Chief Internal Auditor staff from ten (10) to nineteen (21);
(ii) The increase is aimed to introduce a level of supervision and coverage
OCIA 2013-2018 Strategic Plan
82 | P a g e
(iii) The central government and local government teams will in charge of consolidating audit reports from all public entities and also conducting performance audits and building capacity of internal auditors in other public entities.
(iv) The Inspection and risk management team will lead inspection and forensic audit assignments in high risk institutions and build the capacity of public entities to implement institutional risk management frameworks.
(v) The specialized audit team will conduct value for money assignments; IT Audits on IFMIS and IPPS and other core government systems; other management requests; and support other auditors in implementation of automated audit tools such as TeamMate and IDEA.
(vi) The Quality assurance, capacity building and governance team will monitor the performance of audit committees, coordinate training of all internal auditors and review the quality of reports prepared by the department.
OCIA 2013-2018 Strategic Plan
83 | P a g e
Annex 8: Number of Internal Auditors per Entity
CENTRAL GOVERNMENT
#
Budget Agencies No of Internal auditors per entity
1. SENATE 1
2. Supreme Court 1
3. Prime Minister’s Office 1
4. Ministry of Defense 4
5. Ministry of Education (MINEDUC) 3
6. Ministry of East Africa Community (MINEAC) 1
7. Ministry of Sports and Culture (MINISPOC) 1
8. Ministry of Youth (MINIYOUTH) 1
9. Ministry of Justice (MINIJUST) 1
10. Ministry of Health (MINISANTE) 12
11. 1 Ministry of Trade and Industry (MINICOM)
12. Ministry of Finance and Economic Planning (MINECOFIN) 1
13. Ministry of Public Service and Labour (MIFOTRA) 1
14. Ministry for Infrastructure (MININFRA) 1
15. Ministry of Foreign Affairs (MINAFFET) 1
16. Ministry of Internal Security (MININTER) 1
17. Ministry of Agriculture (MINAGRI) 1
18. Ministry of Disaster Management and Refugees
(
1
MIDIMAR)
19. 1 Ministry of Local Government (MINALOC)
20. Ministry of Natural Resources (MINIRENA) 1
21. Rwanda Institute of Administration and Management
(RIAM)
1
22. Single project Unit /MINICOM 1
OCIA 2013-2018 Strategic Plan
84 | P a g e
23. Rwanda Agricultural Board (RAB) 2
24. National Electoral Commission (NEC) 1
25. Rwanda Public Procurement Authority (RPPA) 1
26. ISAE Busogo 1
27. Integrated Polytechnic Regional Center (IPRC)
South/Kavumu
1
28. Kavumu College 1
29. Kigali Institute of Education (KIE) 1
30. Kigali Institute of Science and Technology (KIST) 2
31. National Curriculum Development Centre 1
32. Rwanda Education Board (REB) 2
33. RBS 1
34. National Agriculture and Export Board (NAEB) 3
35. RBC 5
36. School of Finance and Banking (SFB) 2
37. Student Financing Agency of Rwanda (SFAR) 1
38. Institute of Legal Practice Development (ILPD) 1
39. National Human Rights Commission (NHRC) 1
40. National Public Prosecution Authority (NPPA) 1
41. RURA 4
42. National Police 3
43. Kigali Health Institute 1
44. Kigali University Teaching Hospital (CHUK) 1
45. CHUB 1
46. National Reference Laboratory 1
47. HNP-Ndera ( Mental Hospital) 1
48. NSS - Internal Security 1
49. Rwanda Development Board (RDB) 1
50. 1 Rwanda Natural Resources Authority
51. National Commission for the Fight Against Genocide
(CNLG)
1
52. RCA 1
53. Rwanda Transport Agency 1
OCIA 2013-2018 Strategic Plan
85 | P a g e
54. OMBUDSMAN’office 1
55. Rwanda Housing Authority (RHA) 1
56. NSS - Immigration/Emigration 1
57. CDF 2
58. Kicukiro Integrated Polytechnic 1
59. UMUTARA Polytechnic 1
60. REMA 1
61. Support Project to the Strategic Plan for the Transformation
of Agriculture in Rwanda (PAPSTA)
1
62. PMU-Global Fund/WB 6
63. RRA 10
64. NUR 8
65. SSFR 10
66. EWSA 5
67. ORINFOR 2
68. Gender Monitoring Office 1
69. Institute of National Museums of Rwanda ( INRMR) 1
70. 1 Public Service Commission
71. Workforce Development Authority (WDA) 1
72. RSSP&LWH 1
73. Special Guarantee fund 1
TOTAL 140
LOCAL GOVERNMENT
#
Province/ District No. of internal Auditors per entity
1. GATSIBO 1
2. RWAMAGANA 2
3. KAYONZA 2
4. NGOMA 2
5. NYAGATARE 2
OCIA 2013-2018 Strategic Plan
86 | P a g e
6. KIREHE 2
7. BUGESERA 2
8. EASTERN PROVINCE 1
9. NORTHERN PROVINCE 1
10. GAKENKE 2
11. RULINDO 2
12. MUSANZE 2
13. GICUMBI 2
14. BURERA 2
15. WESTERN PROVINCE 1
16. NGORORERO 2
17. RUTSIRO 2
18. NYABIHU 2
19. RUBAVU 2
20. KARONGI 2
21. RUSIZI 2
22. NYAMASHEKE 2
23. GASABO 3
24. NYARUGENGE 2
25. KICUKIRO 2
26. KIGALI CITY COUNCIL 1
27. SOUTHERN PROVINCE 1
28. KAMONYI 2
29. MUHANGA 2
30. RUHANGO 2
31. NYANZA 2
32. HUYE 2
33. GISAGARA 2
34. NYARUGURU 2
35. NYAMAGABE 2
TOTAL 65
OCIA 2013-2018 Strategic Plan
87 | P a g e
Annex 9: Internal Audit Training Needs Assessment
Course Days Frequency Last
held
No.
trained
Balance 2013/
2014
2014/
2015
2015/
2016
2016/
2017
2017/
2018
1. Standards and procedures
courses
a) Implementation of IPPF 4 2 yrs
b) Internal audit manual 5 Annual 2011
c) Report writing 3 2 yrs
d) Developing audit programs 3 2 yrs
e) Teammate 5 2 yrs 2011
f) Interpersonal skills
g) Audit committee effectiveness 3 2 yrs
h) IDEA 3 2 yrs 2011
i) IPSAS
j) Risk based auditing 4 2 yrs 2010
k) IFMIS 5 2 yrs 2011
2. Graduated level training
courses
a) Beginner auditors 10 Annual 2011
b) Internal auditor in charge
training
5 2 yrs
c) Internal audit managers
training
d) CAE Development program 5 2 yrs
3. Audit missions courses
a) IT general controls auditing 4 2 yrs 2010
b) Fraud and investigations 4 2 yrs 2010
c) Performance auditing 4 2 yrs 2010
d) Financial audits 4 2 yrs 2010
e) Compliance audit
f) System (operational) auditing 3
g) Audit of Capital projects 4 2 yrs
h) Procurement audit 2 yrs 2010
OCIA 2013-2018 Strategic Plan
88 | P a g e
Course Days Frequency Last
held
No.
trained
Balance 2013/
2014
2014/
2015
2015/
2016
2016/
2017
2017/
2018
i) Contract auditing
j) Control self assessment
k) Auditing performance
information
l) Payroll audit 3 2 yrs 2010
4. IT Specialised Courses
a) Introduction to IT audits
b) Process Audit
c) System implementation audit
d) Business continuity
management
e) Auditing databases
f) Auditing operating systems
g) IT Governance
h) IT security
5. Audit committees training
a) Audit committee induction 2 3 yrs 2011
b) Annual audit committee
workshop
2 Annual
6. Internal audit technical skills
courses
a) Evaluation of governance
frameworks
4 3 yrs
b) Facilitation skills for trainers 4 3 yrs
c) Evaluating risk management
frameworks
4 3 yrs
d) Consulting skills for auditors
e) Internal quality assurance
review
f) External quality assurance
review
4 3 yrs
7. Conferences
a) Government auditors annual
conference
3 Annual
b) Local government workshop 2 Annual
c) Central government workshop 2 Annual
OCIA 2013-2018 Strategic Plan
89 | P a g e
Course Days Frequency Last
held
No.
trained
Balance 2013/
2014
2014/
2015
2015/
2016
2016/
2017
2017/
2018
d) Professional associations 2 Annual
8. Leadership training
a) Secondment to other countries 5 2 yrs
b) CAE executive programme
c) Advanced internal audit degree
9. Professional certifications
a) ACCA
b) CIA
c) CFE,
d) CISA
e) CMRA
f) CGAP
g) Diploma in public sector
internal auditing