OCIA 2013-2018 Strategic Plan - MINECOFIN · Situation Analysis ... OCIA 2013-2018 Strategic Plan 1 | Page ... Human Resources and Leadership • Internal audit competency framework

OCIA 2013-2018 Strategic Plan

1 | P a g e

REPUBLIC OF RWANDA

MINISTRY OF FINANCE AND ECONOMIC PLANNING

P.O.BOX 158 KIGALI

Prepared by:

Office of Chief Internal Auditor

June 2014


Theme: Transforming Internal Audit Function to Promote Public Accountability


3 | P a g e

TABLE OF CONTENTS

Executive summary ............................................................................................................................................ 1

Abbreviations ..................................................................................................................................................... 5

1. Introduction ............................................................................................................................................... 7

1.1 Background information .................................................................................................................... 7

1.2 Legal Framework and Mandate ......................................................................................................... 7

1.3 Vision and Mission Statements .......................................................................................................... 8

1.4 Key Objectives .................................................................................................................................... 8

1.5 Core values ......................................................................................................................................... 9

1.6 Internal Audit Organization structure ................................................................................................ 9

1.7 Key strategic issues .......................................................................................................................... 10

2. Situation Analysis ..................................................................................................................................... 10

2.1 Internal audit value proposition ...................................................................................................... 11

2.2. Drivers of change ............................................................................................................................. 12

3 Strategy Formulation ............................................................................................................................... 20

3.1 Basis for developing the strategic plan ............................................................................................ 20

3.2 Steps followed in developing the strategic plan .............................................................................. 22

3.3 Monitoring Key Performance Indicators .......................................................................................... 23

4 Strategic Pillars ......................................................................................................................................... 24

4.1 Pillar 1: Regulating and Coordination .............................................................................................. 24

4.2 Pillar 2: Organizational structure and internal audit responsibilities .............................................. 27

4.3 Pillar 3: Human Resources and Leadership ...................................................................................... 29

4.4 Pillar 4: Audit Process, Tools and Techniques .................................................................................. 31

4.5 Pillar 5: Communication and Reporting ........................................................................................... 33

4.6 Pillar 6. Performance Management and accountability .................................................................. 34

5. Strategy Implementation Plan ................................................................................................................. 36

Oversight of the strategic plan ..................................................................................................................... 36

5.1 Sequencing Implementation of the Strategic Plan .......................................................................... 38

6. Resource mobilisation .............................................................................................................................. 42

6.1 Organisation structure and staffing levels ............................................................................................. 42

6.2 Costing summary of the strategic plan .................................................................................................. 43


4 | P a g e

7. Monitoring & Evaluation .......................................................................................................................... 46

7.1 Performance Indicators .......................................................................................................................... 46

7.2 Targeted outputs and outcomes ...................................................................................................... 46

7.3 Risks and Mitigating Measures ........................................................................................................ 47

Annex 1: Definitions ......................................................................................................................................... 48

Annex 2: References ........................................................................................................................................ 50

Annex 3: People and Institutions Consulted .................................................................................................... 52

Annex 4: SWOT Analysis .................................................................................................................................. 53

Annex 5: Public Sector Internal Audit Capability Model Matrix ...................................................................... 63

Annex 6: Detailed sequencing of implementation .......................................................................................... 64

Annex 7: Proposed OCIA Structure .................................................................................................................. 80

Annex 8: Number of Internal Auditors per Entity ............................................................................................ 83

Annex 9: Internal Audit Training Needs Assessment ....................................................................................... 87


1 | P a g e

Executive summary

i. Introduction

Internal Audit in Government of Rwanda (GoR) was established in 2006 after the enactment of the Organic Law No. 37/2006 of 12th

September 2006 on State Finances and Property. This Strategic Plan builds on the improvements accomplished in strengthening internal audit in GoR through capacity building initiatives undertaken since 2010.

The Minister in charge of Finance has the responsibility under Organic Law N° 12/2013/OL of 12/09/2013 on State finances and property to ensure the adequacy of internal audit, to know and monitor risks related to management and internal audit arrangements. International standards for the professional practice of internal auditing (2060) require the Head of Internal Audit to periodically report to Senior Management and the Board on internal audit’s purpose, authority, responsibility, and performance. The Organic Law requires the Chief Internal Auditor to provide indicators for internal audit and risk management and monitor and coordinate services of internal auditors in public entities. This strategic plan has been developed to fulfill this responsibility. The strategic plan (2013-2018) sets the goals and strategies that the Office of the CIA will pursue over the next five years. It is a commitment by the OCIA to improve internal audit function in GoR in line with aspirations set in MINECOFIN and the PFM sector strategic plans. The strategy aims at transforming internal audit into a sustainable internal audit function capable of being a change agent in Government and is based on the internationally recognized Public Sector Internal Audit Capability Model developed by the Institute of Internal Auditors (Annex 5). Capacity building efforts undertaken to date have yielded positive results and build a solid foundation for further capacity building. However various assessments show that the Internal Audit professional skills in the country remained low and reforms needed to be deepened to mainstream best practice in internal audit units in MDAs.

To speed up the pace in transforming internal audits on the job training and other change management techniques will be used to impart technical and behavioral and audit management skills.

ii. Mission, vision and values

The OCIA vision is “to improve the effectiveness of IA functions for the purpose of strengthening internal controls in financial management and reliability of reporting by MDAs.” The mission of the Internal Audit Units is to help Ministries, Districts and Agencies (MDAs) satisfy their statutory and fiduciary responsibilities; and use public resources efficiently. This vision and mission is aimed at promoting the highest standards of accountability and transparency in public financial management in line with the PFM reform 2008-2012 strategy and 2013-2018 PFM SSP. To complement the vision and mission and ensure ethical professional behavior of internal auditors, the Office of the CIA has identified the following as its core values: Integrity; Objectivity; Professional Competence and Confidentiality.


2 | P a g e

Internal auditors are also guided by international standards for the professional practice of internal auditing developed by the institute of internal auditors, the code of ethics for internal auditors, internal audit charter and the internal audit procedure manual when carrying out their work.

iii. Strategic priorities and pillars

The following strategic priorities were identified by analyzing the current situation, IA mandate and the strategic issues facing internal auditing:

1) To address gaps identified in different reviews including PEFA 2010 and COWATER 2010; 2) To comply with International Internal Auditing Standards and best practices; 3) To strengthen internal audit institutional capacity in line with its mandate; 4) To enhance skills development through coaching and mentoring; 5) To reinforce the positive Tone at the Top and promote good governance; 6) To consolidate audit reports and centrally monitor audit recommendations; 7) To promote professional qualifications such as CFE, CISA, CIA and ACCA; 8) To build the capacity of internal auditors to audit in a computerized environment; 9) To promote best practices in public financial management and accountability; 10) To refocus internal audit effort to areas of higher risk and to increase audit coverage; 11) To strengthen audit committees’ oversight role; 12) To automate audit process to increase audit efficiency; 13) To focus on managing change and overcoming staff and organizational barriers to change; and 14) To strengthen internal audit capacity to deal with its stakeholders effectively. These priorities have been summarized into the following six pillars each with a strategic objective to assist in assigning responsibilities.

1) Ensure internal audit function is established in laws, regulations and in ministries, districts and budget agencies (Regulating and coordination pillar).

2) Internal audit has an appropriate organization structure to effectively discharge its mandate and engage its stakeholder (Organisational structure and internal audit roles pillar).

3) Internal audit is staffed with the adequate, skilled and competent staff to provide quality internal audit services and meet stakeholders’ expectations (Human Resources and Leadership pillar).

4) To ensure efficiency and effectiveness in the audit process by employing efficient audit procedures and techniques (Working practices pillar).

5) To ensure that the results of the audit work are fully understood and appropriately acted upon to facilitate improvement of internal control environment (Communication and Reporting pillar).

6) To successfully implement the Strategic Plan (Performance Management and accountability pillar).


3 | P a g e

iv. Policy Actions

The approval and implementation of the following activities require policy dialogue with internal audit stakeholders. Adequate planning and resources will be essential for successful implementation.

Pillar 1: Regulating and coordination

• Role of internal audit and audit committees in risk management included in Organic Law on State Finances and property.

• Establishing and monitoring audit committees in Central Government. • Implementation of a quality assurance and improvement programme and recruitment of an

external quality assurance reviewer every five years.

Pillar 2: Organisational structure and internal audit roles

• Review of OCIA and internal audit units’ organizational structure and number of internal auditors.

• Outsource review of IFMIS and audit of other areas of significant risk where internal audit cadre lack adequate skills.

• Clarify role of OCIA in performance appraisal of internal auditors in MDAs. • Design and implement Ministerial Instructions on enterprise risk management. • Implement internal control monitoring framework.

Pillar 3: Human Resources and Leadership

• Internal audit competency framework approved and implemented. • Internal audit skills development plans approved and implemented.

Pillar 4: Audit process, tools and techniques

• Internal audit and audit committee regulations updated in line with Organic Law on State Finances and Property and financial regulations.

• Purchase of additional CCH Teammate licenses to facilitate audit automation

Pillar 5: Communication and Reporting

• Submission of internal audit reports by entities for consolidation • Submission of reports on implementation of external audit and internal audit recommendations

for consolidation.

Pillar 6: Performance Management and accountability

• Recruitment of technical assistance to support capacity building program. • Develop and monitor internal audit performance indicators. • Review of the strategic plan implementation and develop of next strategic plan.


4 | P a g e

v) Human and Financial requirements To assist in implementing the strategic plan financial and human resources required have been identified and estimated. The Office of the CIA plans to use capacity building technical assistance during the first two years of implementation of the plan to ensure skills transfer to enable the core team continue implementing the capacity building programme. However, to reach over 200 internal auditors and a similar number of audit committee members in a shorter time, the Office proposes to extend technical assistance to include on the job training to internal auditors in MDAs to accelerate skills transfer. The table below summarizes proposed budget requirements over the five years. The budget for 2013/14 is included in PFM reform basket fund 2013/14 workplan. A detailed breakdown of the cost of each strategic activity is included in section 6.2.

Financial Year 2013/14 2014/15 2015/16 2016/17 2017/18

Estimated Budget USD 430,000 USD 656,000 USD 1,143,000 USD 842,000 USD 633,000

vi) Implementation and Monitoring A comprehensive implementation matrix has been developed to elaborate the strategies and activities aimed at achieving each objective and the expected outputs and outcomes. Activities have been prioritized and sequenced into short term (1-2 years), medium term (3-4 years) and long term (5 years onwards). The Office of the CIA will base its annual action plans on this strategic plan to ensure a seamless implementation. Internal auditors in MDAs will also be required to participate in activities targeting them. The strategic plan has been harmonized with the PFM sector strategic plan to facilitate monitoring by the Office of CIA and PFM secretariat.


5 | P a g e

Abbreviations AC Audit Committee

ACCA Association of Chartered Certified Accountants

CBM Chief Budget Managers

CBP Capacity Building Programme

CGAP Certified Government Audititing Professional

COBiT Control Objectives for Information and related Technology

CRMA Certification in Risk Management Assurance

COSO Committee of the Cosponsoring Organisations of the Tradeway Commission

EDPRS Economic Development and Poverty Reduction Strategy

GBE Government Business Enterprises

CIA Chief Internal Auditor

ERM Enterprise Risk Management

HIA Head of Internal Audit

IA Internal Audit

IA-CM Internal Audit – Capability Model

IAU Internal Audit Units

ICT Information and Communication Technology

IFMIS Integrated Financial Management Information System

IIA Institute of Internal Auditors

IMF International Monetary Fund

INTOSAI International Organization of Supreme Audit Institutions

IPPF International Professional Practice Framework (of the IIA)

ISACA Information Systems Audit and Control Association

IT Information Technology

MDAs Ministries, Districts and Agencies

MIFOTRA Ministry of Public Service and Labour

MINECOFIN Ministry of Finance and Economic Planning

MOU Memorandum of Understanding

OAG Office of the Auditor General

OCIA Office of Chief Internal Auditor


6 | P a g e

OL Organic Law

PEFA Public Expenditure and Financial Accountability

PFM Public Financial Management

PFIC Public Financial Internal Control

PS/ST Permanent Secretary and Secretary to the Treasury

RPPA Rwanda Public Procurement Authority

SP Strategic Plan

SSP Sector Strategic Plan

SWOT Strengths Weaknesses Opportunities and Threats

VPN Virtual Private Network


7 | P a g e

1. Introduction

1.1 Background information

Internal Auditors are mandated to provide independent, objective and systematic evaluation

and improvement of risk management, control and governance processes in government

entities. They accomplish this by providing the following assurance services in addition to

providing consulting services: Financial, Compliance, Value for Money, IT, Systems Audits

and Fraud Investigations.

Internal audit helps to promote accountability and transparency and effective management in

respect of revenue, expenditure, assets and liabilities by conducting audits to assess the health

of the public financial management system and report areas of improvement and misuse of

resources.

The Head of Internal Audit is required to periodically report to Senior Management and the

Board on internal audit’s purpose, authority, responsibility, and performance (Standard 2060:

Reporting to Senior Management and the Board).

By providing assurance on accountability of use of public resources and continuous

improvement, internal auditors play a critical role in assisting management and the boards

discharge their fiduciary responsibility and utilize funds effectively towards meeting the

Economic Development and Poverty Reduction Strategy (EDPRS2) targets, and ultimately

those of Vision 2020.

1.2 Legal Framework and Mandate

Internal audit in Rwanda is established by the Organic Law N° 12/2013/OL of 12/09/2013,

which replaced Organic Law No. 37/2006 of 12th September 2006, on State finances and

property. The function was established in 2006 and preceded by the “Inspection Générale de

Finances (IGF)” department in MINECOFIN. The Law requires the Minister in charge of


8 | P a g e

Finance “to ensure the adequacy of internal audit, to know and monitor risks related to

management and internal audit arrangements”.

Ministerial Order No. 002/07 of 15th

February 2007 relating to financial regulations devolved

internal control responsibilities to the budget agencies and each agency was required to set up

an internal audit unit. Article 36 of the Ministerial Order established the Internal Audit

Function and gave the Chief Internal Auditor the responsibility of supervising and developing

the internal audit function across all Government entities. The Organic Law N° 12/2013/OL of

12/09/2013 requires the Chief Internal Auditor to provide indicators for internal audit and risk

management and monitor and coordinate services of internal auditors in public entities.

Ministerial Order N°002/09/10/GPIA of 12/02/2009 setting out regulations internal control,

internal audit and Ministerial Instruction N° 004/09/10/MIN of 01/10/2009 established audit

committees in public entities, local government entities and autonomous and semi-autonomous

public entities, regulate internal audit and audit committees respectively.

1.3 Vision and Mission Statements

The OCIA vision is “to improve the effectiveness of IA function for the purpose of

strengthening internal controls in financial management and reporting by MDAs.” The

mission of the Internal Audit Units is to help Ministries, Districts and Agencies (MDAs)

satisfy their statutory and fiduciary responsibilities; and use public resources efficiently. This

vision and mission is aimed at promoting the highest standards of accountability and

transparency in public financial management in line with the PFM reform 2008-2012 strategy

and 2013-2018 PFM SSP.

1.4 Key Objectives

In line with the mission statement stated above, the key objectives of the Office of the CIA are

to:

a) Set up a strong and effective Government Internal Audit function;

b) Formulate and disseminate internal audit regulations, policies, guidelines etc;


9 | P a g e

c) Ensure capacity building for Internal Auditors and Audit Committees;

d) Provide guidance and supervise Internal Auditors in MDAs;

e) Initiate preventive and corrective measures to improve quality of Public Financial

Management;

f) Conduct audit assignments in any government entity to assess whether risks are

appropriately identified and managed;

g) Provide consulting services to management on internal controls, risk management and

corporate governance;

h) Monitor implementation of the audit recommendations and prepare quarterly reports;

i) Prepare quarterly consolidated internal audit report for all government entities to the

PS/ST, Minister in Charge of Finances and Prime Minister; and

j) Coordinate internal audit work with the Auditor General of State Finances.

1.5 Core values The core values of the Internal Auditors as highlighted in the (draft) code of conduct for

internal auditors are: Integrity; Objectivity; Professional Competence and Confidentiality.

1.6 Internal Audit Organization structure

The Office of the Chief Internal Auditor (Office of CIA) is responsible for regulating,

capacity building and coordinating internal audit units in ministries, districts and agencies, has

10 internal auditors and is headed by the Chief Internal Auditor (CIA) who reports

administratively to the Permanent Secretary and Secretary to the Treasury (PS & ST) and

functionally to the Minister in Charge of Finance. In addition, there are over 200 internal

auditors in 19 Ministries, 4 provinces and Kigali City, 30 Districts, projects and semi

autonomous entities. The number of internal auditors per entity is listed in Annex 8.

Except the CIA and auditors in a few GBEs, all other auditors are in the same rank. All

ministries and districts have between 1-3 auditors all at the same rank. OCIA team is


10 | P a g e

administratively divided into two teams, Local Government and Central Government, each

headed by a Team leasder.

1.7 Key strategic issues

The strategic plan seeks to address the following key questions to improve the effectiveness of

internal audit function in GoR:

a) Is internal audit meeting its key objectives?

b) What is the value proposition of internal audit to its stakeholders and is this value

being realized?

c) Does the current internal audit organization structure enable internal auditors to

effectively discharge their mandate?

d) Does internal audit legal framework enabling it to function effectively?

e) Is the current internal audit reporting line appropriately promoting its effectiveness?

f) Are internal auditors independent and objective?

g) Do internal auditors appropriately focus their effort in areas of higher risk?

h) What is the current internal audit skills levels in the country and are there gaps?

i) Is internal audit effectiveness measured using suitable performance indicators?

j) Is the core mandate of the Office of the Chief Internal Auditor clear and is it being

fulfilled?

These and other questions are addressed in this strategic plan.

2. Situation Analysis

This section reviews internal audit performance against internationally accepted public sector

standards and its mandate as stipulated in the internal audit regulations.


11 | P a g e

2.1 Internal audit value proposition

By definition, Internal Auditing is an independent, objective assurance and consulting activity

designed to add value and improve an organization’s operations. It helps an organization

accomplish its objectives by bringing a systematic and disciplined approach to evaluate and

improve the effectiveness of the risk management, control and governance processes.

The internal audit activity provides assurance to top management and the audit committee that

risks to the organization are understood and managed appropriately. IA reports and other

communications should provide hindsight on past performance, insight on effectiveness of

internal control, risk management and governance systems and foresight on risks that may

hinder achievement of objectives, to top management and the Executive/board/Council to

facilitate decision making. In addition, IAs are supposed to use the information they gather to

act as an in-house consultant to management.

Experience has shown that management and the board listens to or tends to ignore internal

audit depending on whether they are adding value to the entity. Internal auditors therefore

need to demonstrate how they add value to the organization objectives.

Internal auditors are charged with assisting the organization in the effective discharge of

responsibilities, promoting the establishment of cost-effective controls, assessing risks, and

recommending measures to mitigate those risks. As an integral part of the management team,

internal auditors furnish top management with analysis, appraisals, counsel, and information

on the activities they review. They also monitor organizational ethics.

Evaluating emerging technologies, analyzing opportunities, assessing quality, economy, and

efficiency, and providing accurate and timely communication are just some of the activities

internal auditors conduct on a daily basis. The comprehensive scope of their responsibilities

provides them with a broad perspective on the organization. And that, in turn, makes them a

valuable resource to executive management and the board of directors in accomplishing

overall goals and objectives, as well as strengthening internal control and governance.

However, this value proposition is directly related to the timeliness and quality of internal

audit reports, ability of internal audit to sell the results of its work to management, the ability


12 | P a g e

of management to implement audit recommendations and improve controls to reduce repeat

occurrences. This demands that internal auditors pro-actively focus on key risks that are of

concern to management and that audit recommendations address the root cause and not

symptoms of problems. Additionally, internal audit should monitor audit reports and hold

management accountable, not just churn out audit reports. Internal auditors must be vocal,

visible, have a customer focused approach and engage at the executive level to avoid getting

ignored by management. Internal auditors’ performance should be measured using indicators

that demonstrate the value they add including cost savings and other financial indicators.

Clearly, internal auditors cannot succeed on their own. Audit committees working together

with management play an important role in shaping internal audit focus. Ultimately the audit

committee and management are responsible for ensuring internal auditors are sufficient,

motivated and competent staff to deliver their services they are mandate. These relationships

need to be strengthened.

2.2. Drivers of change

This strategic plan has been informed by PFM reviews conducted in the recent past, the

SWOT analysis, Public Sector Internal Audit Capability Model and International Standards

for the Professional Practice of Internal Auditors, benchmarking with other Governments’

Internal Audit units and various consultations details of which are included in the SWOT in

Annex 4.

To achieve the envisaged transformational change, the following 14 priority areas were

identified.

1) Addressing gaps identified in different PFM reviews

Although formed in 2006, internal audit capacity building efforts started in earnest in 2010/11.

2010 Public Expenditure and Financial Accountability (PEFA) assessment rated internal audit

in Central Government at C. D is the lowest possible score while A is the highest. The Core

internal audit unit at MINECOFIN was understaffed at the time of the review. The function


13 | P a g e

was yet to fully meet international internal auditing standards, and needed to devote more time

to systems-audit as opposed to transaction audits.

Following this review, COWATER, an international firm was recruited to conduct training in

2010. Upon completing training and pilot audits, COWATER in their final report assessed the

capacity of IA in Rwanda to be between level 1 and 2 of the Institute of Internal

Auditors’(IIA) Public Sector Internal Audit Capability Model (IA-CM), Annex 5. The firm

recommended a more long term capacity building approach leading to the recruitment of the

Resident Internal Audit Advisor in 2011.

To date the following significant achievements have been realized through capacity building

efforts to mention but a few.

• Internal audit procedure manual, draft code of conduct for internal auditors, internal

audit charter and the audit committee charter have been developed and

communicated;

• International standards for the professional practice of internal auditing were

disseminated and are being implemented;

• Several trainings for auditors and audit committee members were conducted;

• 10 IDEA data analysis licenses were acquired.

• 50 CCH Teammate audit management software licenses were acquired;

• Audit guidelines and tools were developed and are being implemented; and

• Risk management guidelines were developed and disseminated to GBEs.

2) Complying with International Internal Auditing Standards and best practices

The Internal audit function partially conforms to the International professional practice

framework (IPPF) issued by the Institute of Internal Auditors according to a self assessment

carried out by internal auditors in 2013. Internal auditors have difficulties in complying with

independence and objectivity, quality assurance and improvement program, management of

internal audit activity, engagement planning and performing monitoring and acceptance of

management standards to mention but a few. In addition, internal auditors are also required to


14 | P a g e

comply with the code of ethics and professional standards issued by INTOSAI and ISACA

depending on the type of assignment being conducted.

A benchmark survey carried out against Uganda, Kenya, Tanzania, Malawi, Ethiopia and

Zanzibar during a conference sponsored by IMF in 2012 showed that Rwanda internal audit

function capability was less developed in a number of key areas compared to some of these

countries. During a East Africa PGM conference, Rwanda internal audit was rated at level 2

while Kenya and Tanzania was rated at level 3.

3) Strengthening IA institutional capacity in line with mandate

The Internal Audit regulations establishing internal audit units and audit committees in public

entities are undergoing review to capture lessons learnt and incorporate best practice. An

organizational review has proposed changes to internal audit structures and numbers and in

MDAs are enhance skills development to provide specialized services e.g. consulting services

over internal controls, risk management and public /corporate governance processes, IT, value

for money, review of financial information, system audits and forensic investigations and

scope coverage.

4) Enhancing skills development in MDAs through coaching and mentoring

Despite various trainings and availability of audit manuals, skills among internal auditors in

MDAs remains low compared to those in the Office of CIA. Due to high staff turnover, a high

number of auditors are recruited as fresh university graduates each year and require coaching

and mentoring to develop appropriate professional skills. The auditors have not been provided

with this support due to the small number of auditors in each entity and the limited capacity of

the OCIA team. On the job coaching will assist in overcoming the challenge auditors face in

implementing audit manuals and standards.

5) Reinforcing the positive Tone at the Top

The strong tone at the top established by the Country Leadership lays a strong foundation for

accountability, transparency and zero tolerance to corruption culture. This and a performance

management culture set the right environment for objective conduct of internal auditing and


15 | P a g e

implementation of audit recommendations by management. More awareness training on the

role of internal audit and engagement of IA’s stakeholders is needed to exploit this

opportunity.

6) Consolidating and monitoring audit recommendations centrally

The Office of the CIA is required to prepare quarterly consolidated reports to the Minister of

Finance and Economic Planning with a copy to the PS & ST, and the Prime Minister. Some

government entities do not submit internal audit reports to the Office of CIA for consolidation

for various reasons. The Office of the Chief Internal Auditor will monitor implementation of

Auditor Generals’ Office and Internal Audit recommendations to ensure issues do not reoccur

and provide feedback to entities where necessary.

7) Promoting professional qualifications

There are no internal auditors qualified in specialized audit skills such as IT Audits and

forensic investigations in the public sector. The country also has a low number of qualified

accountants. MINECOFIN will sponsor OCIA team members who wish to pursue CFE and

CISA professional courses after becoming ACCA or CIA qualified. This will assist in

reviewing risks that require specialized internal audit skills.

8) Building the capacity of internal auditors to audit in a computerized environment

The Government of Rwanda is committed to computerization of its operations to improve

efficiency in service delivery. Key Government operations including payroll processing and

public financial management have been automated. However internal auditors lack

appropriate skills to audit in a computerized environment and there is urgent need to develop

this capability.


16 | P a g e

9) Promoting best practices in public financial management and accountability

The OAG has in its 2010/2011 annual report highlighted that the public financial management

and accountability was still weak. The OAG also pointed out that there were weak internal

audit units and audit committees were lacking.

The Ministerial Order N°002/09/10/GPIA of 12/02/2009 setting out regulations for internal

control and internal audit in Government requires CBMs to sign an annual statement on the

adequacy of the internal control system and the Head of Internal Audit to give an annual

independent opinion on the internal control system (incorporating risk management).

Currently, there is no risk management framework in Government although guidelines have

been proposed. We propose to conduct an organizational review to assess which entities

require heads of internal auditors. Auditors are also not professionally qualified and there is

doubt as whether they are in a position to give an opinion on internal controls. The Public

Financial Internal Control (PFIC) recommends adoption of Internal Control Frameworks such

as COSO and consolidation of internal control information and capacity building by the

Ministry in charge of Finance.

10) Rebalancing internal audit effort

The Office of the CIA needs to rebalance its coordinating, monitoring and capacity building

role, and that of conducting audit assignments. This requires a review of the organization

structure and skills to develop capabilities to coordinate internal audit units and specialized

skills to conduct fraud investigations, IT and value for money audits. Internal auditors have

also been found to do more transaction audits as opposed to system audits to address

weaknesses in internal audit control design. Internal audit also needs to rebalance its efforts

between the different audit missions.

11) Strengthening audit committees’ oversight role


17 | P a g e

Audit committees comprised of independent members were established in districts in 2011.

Rwanda Governance Board in its’ Rwanda Governance Score Card 2010 and development

partners in the 2011/2012 Sector Performance Report highlighted the need to undertake audit

committee training and other capacity building efforts to make them more effective. Audit

Committtes have been appointed in some ministries but some ministries and boards are yet to

appoint audit committees. Internal auditors are required to report to audit committees in

addition to the District Council and Chief Budget Managers. Reporting to audit committees

will boost internal audit independence and ensure adequate attention is given by management

to resolution of audit recommendations. Audit committees periodically reports to the

supervisory board or executive authority as the case may be. Audit committees are further

required to give an annual statement indicating how they discharged their responsibilities

alongside the entity annual report.

12) Automating audit process to enhance audit efficiency

The Government has embraced computerization in service delivery and maintaining of

records. Internal auditors need audit tools to audit in an automated environment and to

increase their efficiency. Auditors will need to increase their proficiency to fully utilize CCH

Teammate and IDEA tools currently being implemented.

13) Focusing on managing change and overcoming personal and organizational barriers

to change

The internal audit function is undergoing transformational change. This will create some

turbulence as new positions and responsibilities are assigned and new skills and capabilities

developed. This also endanger some uncertainty and resistance to change. Dealing with these

issues on a reactive, case-by-case basis puts speed, morale, and results at risk. There is need to

have a structured change management approach to ensure that changes are seamlessly

institutionalized to achieve lasting benefit. The Office of the CIA will play a key role in

directing and influencing the speed of change.

14) Strengthening capacity to deal with stakeholders effectively


18 | P a g e

Internal audit has a number of stakeholders with different level of power, influence, and

requirements. IA should continuously identify the interests, roles/responsibilities and areas of

collaboration with its stakeholders and engage in order to improve its effectiveness.

Professional standards require that “When issued, an opinion or conclusion must take into the

account of the expectations of senior management, the board, and other stakeholders”. Easy

flow of information to and from concerned parties promotes accountability and internal audit

effectiveness. Currently internal audit is not highly regarded by stakeholders and concerted

efforts are needed to create a more positive image.

Below is a list of some of the stakeholders and their responsibilities. Stakeholder Area of collaboration Role / responsibility What the stakeholder can

do for IA

1. The Minister of Finance and

Economic Planning

Quarterly consolidated and

monitoring reports

Reporting line

Tone at the top

Budgetary support

Request for audit

assignments

Resolution of audit findings

Appointment ministerial

audit committees

Policy decisions

2. Permanent

Secretary/Secretary to the

Treasury

3. Executive management /

District council / Boards

Internal control and risk

management

Resolution of risks Ownership of internal control

and risk management

4. Audit committees Quarterly reports

Audit plan approval

Functional reporting

Monitoring of audit findings

Promote internal audit

independence, approve action

plans

5 .Chief Budget Managers Appointment and appraisal Administrative reporting

Monitor resolution of audit

findings

6. Projects Coordinators and

Heads of Departments

Coordinate audit

assignment

Auditee, provide access to

information

Implement audit

recommendations

7. Internal auditors in MDAS Training, audit plan

approval, Quarterly audit

reports, coaching

Supervision, capacity

building and reporting

Implementation of internal

audit policies, joint audits

8. MINECOFIN /Public

Financial Management

Coordinating capacity

building efforts

Capacity budgeting and

procurement support

Mobilise resources to

implement strategic plan

9. MINECOFIN/ Public

Accounts Unit

Records and financial

statements

Supervise public sector

accounting

Monitor resolution of

financial audit findings

10. MINECOFIN/

Government Portfolio

Risk management, training

for CBM, directors and

Supervise government

investments Capacity

Facilitate implementation of

audit committee and internal


19 | P a g e

Stakeholder Area of collaboration Role / responsibility What the stakeholder can

do for IA

Management unit audit committees building of board of

directors and CBMs

Monitor effectiveness of

audit committees, risk

management and controls

audit regulations

Promote implementation of

risk management and internal

control frameworks

11.MINECOFIN/Treasury

department

Implementation of audit

findings

Payments and funds transfer Assist in implementing

sanctions for non compliance

12.MINECOFIN/ ICT unit Use of CCH TeamMate

audit management

software.

ICT support TeamMate implementation

including VPN access

13.MINECOFIN/ IFMIS

Project

System controls, data

access, IFMIS training

Data base management and

training

Provide read only access

rights to auditors and training

External Stakeholders

14. The Prime Minister Quarterly consolidated and

monitoring reports

Stakeholder meetings

Tone at the top Set performance target on

audit committees and internal

audit

15. Cabinet Legal framework

Organization structure

Approval of Regulations

Appointment of GCIA

Approval of staffing levels

Approve ministerial orders

and staffing policy proposals

16. Members of Parliament PAC Legislation

Oversight

Approve laws

17. Office of the Auditor

General

Audit of internal controls

Monitoring of audit

recommendations

Review IA and audit

committee effectiveness

Promote role of internal audit

and audit committees,

coordinate value for money

and financial audits

18. Development Partners Joint sector review Programme and technical

support

Technical and financial

assistance

19. Rwanda Governance

Board

Governance score card Monitoring of governance

performance

Promote role of internal audit

and audit committees

Promote adoption of best

practices in public

governance

20. Rwanda Public

Prosecution Authority

Forensic investigations Prosecution of criminal

offenses

Prosecution fraud cases

following fraud investigation

21. Rwanda National Police Forensic investigations Law and order, Fraud investigations


20 | P a g e

Stakeholder Area of collaboration Role / responsibility What the stakeholder can

do for IA

investigations

22. Ombudsman Code of ethics monitoring Corruption and ethical code Handling whistle blowing

incidences

23. Rwanda Public

Procurement Authority

Training, monitoring of

procurement review

findings

Regulation of public

procurement

Capacity building and

monitoring of audit

recommendations

24. Institute of internal

auditors

Membership and

certifications

Standards and quality

control

Public awareness on the role

of internal audit

25. Institute of Certified

Accountants of Rwanda and

ACCA

Membership and

certifications

Regulation of accounting

profession and training

Training of auditors on

CPA(R) qualification

26. Media Articles and features Dissemination of

information

Raise awareness on internal

auditing, risks, controls

27. Consultants Advise, assignments Technical support and

training

Implementation of strategic

plan

3 Strategy Formulation

3.1 Basis for developing the strategic plan

Experience and lessons learnt in implementing the 2010 – 2013 OCIA strategic plan and the

implementing 2011-2013 Capacity Building Program, various studies and reviews, internal

consultations and consultations with various stakeholders, have indicated that internal audit

skills in the country were still low and radical measures were needed to entrench internal audit

reforms and enhance its effectiveness towards international practices. In particular, auditors

from MDAs were found to lag behind in implementing skills imparted during trainings and

were unable to effectively use manuals and tools provided, mainly due to lack of coaching.

Auditors at the OCIA being a larger team received constant coaching and supervision from

the CIA and Resident Internal Audit Advisor and also share experience more. This disparity in

skills transfer poses a significant threat to the capacity building program at the decentralized

level.


21 | P a g e

To remedy the situation, it was found necessary to craft a multi faceted and broad based

internal audit reform strategy that builds and sustains the gains realized by the capacity

building initiatives undertaken to date and addresses impediments to change, while

introducing new techniques. This SP presents a systematic and broach based approach that

draws in expectations and support of internal audit stakeholders to take up their governance

role in promoting internal audit effectiveness.

This strategic plan lays a clear roadmap to building a sustainable internal audit function that is

a change agent in public financial management and has the capacity and momentum to

spearhead internal audit capacity building efforts while reducing reliance on technical

assistance from consultants.

The areas of strategic focus identified above were mapped into the following six broad pillars

that cover all the aspects public sector internal audit practice.

1) Regulating and Coordination - the establishment, development and coordination of

internal audit function in government to ensure it contributes to an effective and

efficient public financial management system

2) Organizational structure and internal audit responsibilities - the way that Internal

Audit is structured and supported by the organisation to allow it to deliver its terms of

reference

3) Human Resources and Leadership - the availability (both in terms of quality and

quantity) and management of audit resources to allow internal audit to deliver its remit

4) Audit process, tools and techniques - the processes, tools and techniques in place that

ensure the efficient and effective completion of audit work

5) Communication and Reporting - the way that the function interacts with the

organisation and third parties to ensure that the results of the audit work are fully

understood and appropriately acted upon;

6) Performance Management and accountability - the procedures in place to ensure that

audit work is of a consistently high quality and that internal audit continuously


22 | P a g e

monitors (and reports) its performance to ensure and evidence that it meets its set

objectives.

3.2 Steps followed in developing the strategic plan

Development of the strategic plan followed a systematic approach based on practice guide on

Developing the Internal Audit Strategic Plan issued by the Institute of Internal Auditors in

July 2012 whose key steps are outlined below.

The strategic plan was has been informed by several studies including:

• PEFA assessment and assessments by various consultants;

• SWOT analysis conducted by the Office of the GCIA team Annex 4,

• A gap analysis against Public Sector Internal Audit Capability Model

• A gap analysis against International Standards for the Professional Practice of Internal

Auditors

• Benchmarking with Internal Audit units of Governments

• Interviews with 10 MINECOFIN senior managers

• Survey of 65 internal auditors conducted in January 2012

• Training impact assessment survey of 16 internal audit units

• Discussions in various internal audit forums

• Feedback obtained from internal auditors, audit committee and chief budget managers

• Stakeholders consultations including development partners and other.

A two day strategy workshop was held by the Office of the GCIA team before the SP was

presented to MINECOFIN senior management and stakeholders for validation.

Industry & Objectives

Standards & Guidance

Stakeholders Expectations

Stakeholders Expectations

Vision Critical success factors

SWOT Analysis

Key initiatives


23 | P a g e

3.3 Monitoring Key Performance Indicators

Internal audit function in Government of Rwanda is a relatively young function that is yet to

mature. This is also the reality of the accountancy profession in the country in general and

auditing in particular.

The overall objective of the strategy is to transforming the internal audit function from

between level 1 and 2 of the IA-CM to level 4 by the end of five years. Key performance

indicators and a monitoring framework has been developed. This will be attained when the

following key performance indicators are achieved

a) Full compliance with the GoR internal audit regulations by the end of year three.

b) Full conformance to International Standards for the professional practice of internal

auditors, code of ethics, and the internal audit definition by the end of year four.

c) Attaining and maintaining PEFA score A rating by the end of year four

d) Creating a critical mass of professionally qualified internal auditors in ACCA and CIA by

the end of five years.

e) Commence developing specialized audit skills including CFE and CISA at the start of year

three.

These targets assumes that the activities indicated in this strategic plan will be implemented

without undue delay and that policy actions will be taken to remove capacity building

constraints to create an enabling environment.


24 | P a g e

4 Strategic Pillars

The strategies under each pillar are detailed below.

4.1 Pillar 1: Regulating and Coordination

Objective: Ensure internal audit function is established in laws, regulations and in ministries,

districts and budget agencies

4.1.1 Context of the pillar

Internal audit regulations establishing internal audit, internal control and audit committees are

in place and are currently being reviewed with a view of enhancing them to reflect current

environment, close gaps and incorporate best practices including risk management. There is

need to develop an implementation plan to ensure full compliance with the regulations in the

medium term. A proposal has been made to anchor internal audit, the Office of the Chief

Internal Auditor, risk management and audit committee in the Organic Law on State

Finances and Property which is currently undergoing review to enhance recognition of

internal audit role in public financial management similar to other commonwealth

jurisdictions. Approval and roll out of the risk management policy guidelines drafted by the

Office of the CIA will give auditors an opportunity to add more value in its implementation

and assist in adoption of risk based auditing.

Recent interviews with stakeholders indicated there was low stakeholders’ engagement both at

the OCIA and MDAS resulting in low awareness and support to internal audit activities. IA

and AC charters which delineate the role of IA and that of ACs and their relationships with

their stakeholders have been developed. Audit committees have been established in Local

Government but are yet to become effective. ACs have been appointed in some ministries. A

communication plan will be put in place to raise awareness on the role of internal audit and

where appropriate memorandum of understanding developed e.g. with the Auditor General

Office and National Public Prosecution Authority.


25 | P a g e

The Office of the CIA has a due role of supervising internal audit units (including regulation,

consolidating reports, monitoring audit recommendations and capacity building) and

conducting internal audit assignments in MDA. At the time of developing this strategy the

OCIA team expended more effort in conducting assignments. The Office of the CIA has

started to centrally monitor implementation of internal audit recommendations to foster the

role of the Ministry of Finance and Economic Planning in monitoring the public financial

management system to ensure accountability and transparency in use of public funds. A

quarterly implementation report will be prepared and sent to the Minister with a copy to the

PS/ST.

There is need to ensure that the Office has adequate qualified and experienced staff who can

effectively supervise internal audit units and conduct capacity building while reducing

reliance on consultants. This may require a change in entry level for new staff and

departmentalization of the directorate based on specialized skills and roles to accelerate skills

development. At the moment all auditors perform the same tasks. The department also needs

to be more selective in choosing assignments to conduct e.g. where there are no internal

auditors, coaching of internal auditors, responding to management requests and assignments

requiring specialized skills. More focus also need to be laid on consolidating audit reports,

consolidating monitoring reports, and supervising and coordinating internal audit units.

4.1.2 Strategic Drivers

• Strengthening internal audit institutional capacity in line with its mandate (3).

• Consolidating audit reports and centrally monitor audit recommendations (6).

4.1.3 Strategic actions of this pillar & sub-activities

(1) Enhance and comply with regulations on internal audit, audit committee internal

control

a) Management, IA and AC role in risk management recognized in OL on State Finances

and Property to enhance compliance


26 | P a g e

b) Update audit committee, internal audit charter and IA regulations to include roles in

risk management

c) Hold annual workshops and annual conference for internal auditors

(2) Operationalise internal audit, audit committee and mobilize stakeholders

a) Conduct training for various stakeholders to raise awareness on regulations, guidelines

and IA standards.

b) Establish audit committees in public entities and monitor audit committee in the

Government entities.

c) Develop and disseminate audit committee handbook and tools.

d) Provide continuous training to audit committees on their role in financial reporting,

risk management, internal and external audit, internal controls, stakeholder

relationships etc.

e) Annual audit committee report on AC responsibilities and performance, and opinion

on internal controls including internal audit.

(3) Increase internal audit visibility and integration in public governance

a) Develop effective relationship with other arms of government, development partners,

professional associations

b) Professional membership in Institute of Internal Auditors

c) Prepare publicity materials to promote awareness of the role of IA and AC in control,

risk management, governance , fraud detection etc

(4) Networking and Knowledge Sharing

a) Purchase reference books and subscribe to knowledge databases

b) Develop internal audit intranet, extranet, group emails etc for networking and

knowledge sharing

(5) Develop and implement quality assurance program

a) Implement an internal quality assurance review mechanism

b) External quality assurance review conducted by independent consultants


27 | P a g e

4.2 Pillar 2: Organizational structure and internal audit responsibilities


The structure of the OCIA is not optimal and the office lacks adequate skills to undertake

specialized audits and build capacity of internal audit units across the country. Internal

auditors in MDAs are lowly ranked, and few in number, all ranked in the same position of

internal auditor making supervision difficult. Head of internal audit position although

envisaged in article 9 of the Ministerial Order has not been implemented. It is also been

challenging for the OCIA team to centrally supervise the large number of internal audit units.

Management in some entities exerts undue influence on internal auditors scope and reporting

to select less risk areas affects their objectivity. The OCIA and audit committees need to play

a more active role in recruitment, assessment and termination of auditors.

Although internal audit has adopted a risk based audit methodology, most internal auditors do

not conduct risk assessment in order to identify the audit areas to prioritize in the risk based

annual plans. Adoption of a risk management framework will facilitate risk based audit

approach. Internal audit currently lacks skills to undertake IT audits and fraud investigations

which carry significant risks. Internal audit spends significant amount of time in conducting

financial review and compliance audit, however quality improvement is needed. The OCIA

has proposed a structure that reflects the different roles and responsibilities and specialized

skills. See Annex 7.

Internal audit role should evolve to respond to management needs. Internal audit function can

also perform other responsibilities such as conducting inspections and risk management

facilitation.



• Promoting best practices in public financial management and accountability (9).

• Refocusing internal audit effort to areas of higher risk and to increase audit coverage (10).


28 | P a g e


(1) Review organizational structure to match internal audit mandate

a) Review internal audit structure at OCIA and MDAs to ensure adequate internal audit

resources, skills and coverage

b) OCIA to allocate time appropriately between coordination, capacity building and audit

assignments

c) Attracting experienced and skilled people especially to OCIA

d) Develop capacity to provide specialized internal audit services within OCIA

e) Outsource review of IFMIS and other mission critical systems to specialized IT

consulting firms

f) Coach internal auditors to increase audit coverage

(2) Enhance independence of internal audit function

a) OCIA to advise in recruitment, performance and termination of employment of

internal auditors in MDAs

b) OCIA to review and follow up implementation of audit plans

c) OCIA consolidates Internal Auditors’ independence declaration forms

(3) Ensure appropriate internal audit focus

a) Increase number of system audits carried out as opposed to compliance and transaction

audits

b) Conduct annual risk assessment and develop risk based audit plans

(4) Provide consulting services and develop tools to improve risk management and

internal control systems

a) Obtain senior management approval and champion implementation of risk

management guidelines in MDAs

b) Promote implementation of international internal control framework e.g. COSO, PIFC,

COBIT


29 | P a g e

c) Provide assurance reports and opinion on adequacy of risk management and internal

control systems

4.3 Pillar 3: Human Resources and Leadership


There is general lack of adequate accounting skills in particular internal audit skills in the

country. The Government has been sponsoring accountants and internal auditors to pursue

ACCA professional exams but the success rate has been low. The Government has also

undertaken to sponsor internal auditors in specialized internal audit professional qualifications

including Certified Internal Auditor (CIA), and office of the CIA team in Certified Fraud

Examiner (CFE) and Certified Information Systems Auditor (CISA). The Office of the CIA is

in the process of recruiting candidates for CIA exams from Ministries, Districts and Agencies.

This underscores the Government commitment to develop internal audit skills. Auditors from

semi-autonomous institutions are encouraged to seek the support of their entities in pursuing

similar professional trainings.

In addition the OCIA has identified a number of short term courses that it will offer to develop

key internal audit competencies. The courses are benchmarked to the Institute of Internal

Auditors and other service providers. The Office of the CIA needs to establish a training unit

as recommended by COWATER to coordinate the various trainings listed in the training

needs assessment, Annex 9.

It is equally important to have a strong cadre of internal audit leaders who can effectively

manage the internal audit units and effectively interact with management at all levels and

audit committees. The position of the CIA is the only full internal audit management position

in Central and Local Government. This makes it difficult to effectively support internal

auditors on operational issues and at the same time focus on strategic issues of the department

and effectively engage stakeholders.


30 | P a g e

There is need to review internal audit organization structure both at the OCIA and internal

audit units in MDAs. The number, structure and grading can be considered with a view of

optimizing professional development and staff retention.



• Enhancing skills development through coaching and mentoring (4).

• Promoting professional qualifications such as CFE, CISA, CIA and ACCA etc (7).


(1) . Implement professional and competency development framework

a) Obtain approval and implement internal audit competency framework

b) Internal auditor Training and Development Plan implemented

c) Implement an internal audit leadership training program

(2). Enhance professional and skills training

a) Internal auditors to pursue ACCA, CIA professional training

b) Internal auditors to pursue technical professional qualifications including: CFE, CISA,

CRMA

c) Develop public sector internal audit diploma

d) Sponsor internal auditors to attend regional and international professional conferences

e) OCIA organizes short courses for internal auditors

(3). Develop internal audit technical skills resourcing partnerships

a) Co-source audit of technical areas where the Office of CIA and internal audit units do

not have the necessary skills and experience


31 | P a g e

b) Develop partnership with other governments’ internal audit functions and capacity

building experts to build competency

4.4 Pillar 4: Audit Process, Tools and Techniques


The Office of the GCIA has developed and disseminated an internal audit procedures manual,

audit templates and guidelines on financial audit, performance audit, IT audit and risk

management, procurement audit, review of financial information and risk assessment among

others. More guidelines are earmarked to be developed and disseminated as part of the

capacity building programme.

MINECOFIN has invested in 10 IDEA data analysis tool and 50 CH Teammate audit

management licenses to increase internal audit efficiency. There are plans to increase the

number of Teammate licenses after the pilot implementation.

Most internal auditors have limited experience and learning new skills without coaching on

how to apply the new skills has proved to be challenging. The large number of internal audit

units, small size of internal audit units, high staff turnover and high number of new internal

auditors working alone has made it challenging for the Office of CIA to provide much needed

coaching and support.

Most internal auditors have not implemented the internal audit procedure manual and need to

develop a plan for implementing the manual and standards with support of the OCIA. On job

training and coaching will be key to ensuring successful implementation. Auditors also need

to develop skills in auditing in a computerized environment


32 | P a g e


• Complying with International Internal Auditing Standards and best practices (2).

• Enhancing skills development in MDAs through on the job training (4)

• Building the capacity of internal auditors to audit in a computerized environment (8).

• Automating audit process to increase audit efficiency (12).

4.4.3 Strategic Actions of this pillar & sub-activities

(1). Implement professional standards and code of ethics for internal auditors

a) Phased implementation of definition on internal auditing and international standards

b) Ensure all internal auditors sign the code of ethics and monitor compliance

(2). Develop and implement appropriate audit methodologies, tools and manuals to

improve audit effectiveness and efficiency

a) OCIA (supported by consultants) coach and mentor internal auditors to perform high

quality work and implement internal audit manual, guidelines and tools

b) Develop, communicate and implement internal audit guidelines and conduct training

in financial auditing, risk assessment, risk management, internal controls, corporate

governance, value for money auditing, IT auditing, consultancy services etc

c) Improve audit process efficiency and reduce assignment turnaround times

(3). Enhance audit automation

a) Pay annual CCH license maintenance and support fees and monitor utilization of

TeamMate licenses

b) Phased TeamMate audit management system to MDAs internal audit units based on

usage of existing licenses

c) Utilization of IDEA data analysis tool licenses


33 | P a g e

4.5 Pillar 5: Communication and Reporting


Effective communication of audit recommendations and advice to the appropriate senior

management and supervisory board is essential to bringing management to take appropriate

action to resolve control weaknesses. In the past management had the discretion to resolve

control weaknesses or ignore audit recommendations. A process to monitor audit

recommendations was instituted in early 2012 and is being implemented. This process should

be strengthened at the entity and centrally by the OCIA to ensure internal audit and OAG

recommendations are implemented.

Audit committees were appointed in districts in 2011. ACs were appointed in ministries in

2013 although a few ministries and boards are yet to establish audit committees. These

committees need additional capacity building to effectively oversight PFM.

Internal auditors need to discuss their reports with senior management to ensure appropriate

action is taken. This would enhance internal audit effectiveness.


• Reinforcing the positive Tone at the Top and work with various integrity stakeholders (5).

• Consolidation and monitoring of audit recommendations centrally (6).

• Strengthening audit committees’ oversight role (11).

• Strengthening internal audit capacity to deal with its stakeholders effectively (14).

4.5.3 Strategic Actions of this pillar & sub-activities

(1). Enhance the number of internal audit reports consolidated and monitored

a) Develop Consolidate internal audit reports

b) Coordinate with the Office of the Auditor General in implementation of audit

recommendations


34 | P a g e

c) Internal auditors may raise significant risks accepted or not acted upon by

management with respective Board and/ MINECOFIN

d) Internal auditors to work with audit committees for resolution of audit findings

(2). Coordinate capacity building of internal audit stakeholders

a) Develop key stakeholders engagement plan and meet them regularly to monitor

progress in meeting respective responsibilities

b) Coordinate with the Office of the Auditor General in planning value for money audits

and other assignments to avoid duplication

c) Conduct regular satisfaction surveys to understand stakeholders’ needs and address

them

d) Capacity building of audit committees

4.6 Pillar 6. Performance Management and accountability


Capacity building efforts need to be sequenced and sustained until the target capability levels

are achieved. At the moment the Office of the CIA is using technical support to implement the

capacity building programme. Although the Office requires technical assistance in the short

term to implement the strategic plan, it should develop capacity to independently carry out

capacity building in the medium term. Adequate quality control measures should be put in

place to ensure activities are carried out on schedule and envisaged benefits are realized. The

SP activities should be cascaded to all auditors and an accountability system established to

track their contribution towards achieving the SP objectives.

The Office of the CIA has not been adequately exposed to other government internal audit

function to facilitate benchmarking and sharing of good practices. This is essential for the

department to learn from others and keep pace with changes in the profession.


• Addressing gaps identified in different reviews including PEFA and COWATER (1).


35 | P a g e

• Strengthening internal audit institutional capacity in line with its mandate (3)

• Focusing on managing change and overcoming staff and organizational barriers to change

(13).


(1). Develop an internal audit performance system and accountability

a) Develop a performance score card for Office of CIA and internal audit units

(2). Benchmark internal audit to regional governments with leading internal audit

practices

a) Conduct study tours to understudy best practices in other countries

(3). Implement and monitor the strategic plan

a) Obtain technical assistance to assist in the implementation of CBP and the strategic

plan

b) Develop performance indicators, monitor performance and prepare annual monitoring

report

c) Conduct mid -term review of the strategic plan

d) Conduct a closing review of the strategic plan

(4). Develop next strategic plan

a) Develop and publish 2018-2023 strategic plan.


36 | P a g e

5. Strategy Implementation Plan

Oversight of the strategic plan The implementation of the strategic plan will be undertaken by the Office of the Chief Internal

Auditor team and the Chief Internal Auditor will provide oversight and take a lead role in

certain activities including initiating policy dialogue with key stakeholders. The CIA will

delegate activities to the OCIA team and/ a Consultant appointed to coordinate capacity

building efforts. When the proposed structure of the OCIA is implemented some of the roles

may be delegated. Some of the activities require support and coordination with internal audit

stakeholders.

The OCIA will prepare annual work plans consistent with the strategic plan and PFM reform

strategy and obtain approval from PFM secretariat before requests for funding is submitted to

participating development partners.

The CIA will appoint a monitoring and implementation coordinator from the team to assist in

monitoring the implementation of the work plans against target and indicators in order to

determine the impact and success, and review the plan on an annual rolling basis and during

the mid-term review to ensure the implementation of the SP is on track. The CIA will report

progress made to the PFM Steering Committee and periodically to the PS/ST.

The strategic plan recommends a number of changes that require policy action from internal

audit stakeholders as highlighted in the table below.

Strategy Activity Responsibility Timing

Pillar 1. Regulating and coordination

Legal and regulatory

framework

Management, IA and AC role in risk

management recognized in OL on State

Finances and Property

Update internal audit and audit committee

regulations

OCIA

MINECOFIN

2013/14

Audit committees Establish and monitor audit committees in CIA/Minister of 2013/14


37 | P a g e


Central Government

Annual audit committee report

Finances and other

ministries

Memorandum of

understanding

Outline areas of cooperation with different

stakeholders

CIA

OAG

2013-2018

Quality assurance

program

Internal audit conducts external quality

assurance review to check compliance with

the standards

OCIA

MINECOFIN

2016/7

Pillar 2. Organisational structure and internal audit roles

Organization

structure

Review of OCIA and internal audit units

organizational structure

CIA

MINECOFIN

MIFOTRA

2013/14

IFMIS Conduct IT audit of IFMIS environment CIA

MINECOFIN

2014/15

Recruitment and

termination of

auditors

OCIA to track and advise on recruitment

and concur in termination internal auditors

CIA

MINECOFIN

MIFOTRA

2014/15

Risk management

guidelines in MDAs

Approval of risk management guidelines CIA

MINECOFIN

2014/15

Internal control

framework

Adoption of internal control framework CIA

MINECOFIN

2014/15

Pillar 3. Human Resources and Leadership

Internal audit

competency

framework

Approval of competency model and

performance appraisal tool

CIA

MINECOFIN

MIFOTRA

2013/14

Training coordinator An internal audit training resource person

or provider identified

CIA

MINECOFIN

MIFOTRA

2015-2016

Public sector internal

audit diploma

Develop post graduate diploma course in

public sector internal audit with a local

university

CIA

MINECOFIN

MINEDUC

2015-2016

Pillar 4. Audit process, tools and techniques

Code of ethics Approval of Ministerial Instruction CIA

MINECOFIN

2013/14

CCH Teammate Purchase of additional licences CIA

MINECOFIN

2013-2018

Pillar 5. Communication and Reporting


38 | P a g e


Consolidation Entities submit audit reports for

consolidation

Public entities 2013-2018

Monitoring Entities submit implementation reports for

consolidation

Public entities 2013-2018

Coordination Coordinate with the Office of the Auditor

General

Auditor General 2013-2018

Pillar 6. Performance Management and accountability

Technical assistance Recruit a consultant to assist OCIA

implement capacity building programme

CIA

MINECOFIN

2013-2016

Performance score

card and performance

evaluation policy

Develop and roll out performance

indicators in internal audit and risk

management

CIA

MINECOFIN

MIFOTRA

2013/14

Conduct mid-term

review of the

strategic plan

Conduct mid-term review of the strategic

plan

IA stakeholders 2014/2015

5.1 Sequencing Implementation of the Strategic Plan

The following section provides an outline of key actions that will be necessary to ensure that

best practice internal audit practices are implemented within the GoR. These are categorized

as either short, medium or long term actions with short term related to the first two years,

medium term covering years 2 to 4, and long term, year 5 and onwards. This development

plan assumes that the necessary technical assistance programme will be in place.

The activities are sequenced such that foundation capabilities will be developed first to

provide the basis for successful development of advanced capabilities. A detailed sequencing

of implementation activities is attached as Annex 6.

Short term Activities (Year 1 -2)

The objective of the short term plan is to reposition the internal audit function to adopt best-

practice internal audit methodologies, practices and techniques, and full adoption of

international standards for the professional practice of internal audit. At the same time any


39 | P a g e

barriers to internal audit independence and organization structural constraints will be

addressed to create an appropriate environment for further capacity building activities.

Specific activities will include:

1) Approval of Internal audit competency framework and performance appraisal tool;

2) Organizational review of internal audit function both in OCIA/MINECOFIN and

MDAS to reflect mandate;

3) Recruitment of additional staff and positions in line with the organizational review

recommendations;

4) Staff retention policy to stem the high staff turnover;

5) Operationalising audit committees in the central government entities;

6) Operationalization of internal audit reporting to the audit committees;

7) Updating of internal audit regulations to capture lessons learned and incorporate best

practices;

8) Publishing and implementation of code of ethics for internal auditors;

9) Phased implementation of international standards for the professional practice of

internal auditing;

10) Full analysis of auditable areas across all entities to establish multi- year internal audit

plan (three years) and to establish the optimum number of internal audit staff

required to meet these Plans;

11) Development of various internal audit policies, manuals, guidelines, audit programs,

templates and tools required for a professional internal audit function;

12) Monitoring of internal audit and OAG recommendations;

13) Phased implementation of internal audit procedure manuals;

14) Training on foundation internal audit skills for new internal auditors;

15) Providing “on the job” training through hands on involvement of technical assistance

in undertaking internal audit engagements to transfer skills to internal auditors

through coaching and mentoring;


40 | P a g e

16) Sponsor internal auditors to pursue CIA professional qualification.

17) Coordination with the Office of the Auditor General and other stakeholders;

18) Awareness sessions to sensitize management on the roles and responsibilities of the

internal audit function and professional standards;

19) Investigating IT audit requirements and carrying out a review of general IT controls;

20) Identifying long term staffing requirements and the recruitment of appropriately

qualified personnel including the recruitment of specialist IT auditors and other

specialists.

21) Moving towards building capacity to carry out “Value-for-Money” audits.

22) Moving towards building capacity to carry out Fraud Investigations and inspection;

23) Implement IDEA and CCH TeamMate audit tools.

At the end of year 2 all internal auditors and internal audit units should be able to demonstrate

sustainable capabilities at level 3 of the public sector IA-CM.

Medium Term Activities (2 – 4 Years)

In the medium term, the main emphasis should be on the implementation of the Risk-based

Systems Audit Approach on a sustainable basis. By this time, staff in the Internal Audit

Department should have sufficient experience to perform the full range of best-practice

internal audit activities and full time technical assistance should no longer be required.

Specific activities will include:

1) Extend internal audit scope to cover all administrative areas;

2) Full implementation of risk based audit approach;

3) Full conformance with the audit regulations;


41 | P a g e

4) Full conformance to international standards for the professional practice of internal

audit and the definition of internal auditing and code of ethics.

5) Developing consulting skills to assist management in implementation of internal

controls, risk management, IT and corporate governance frameworks;

6) Building capacity to provide assurance services not only in internal controls but also

risk management and corporate governance;

7) Development of internal audit capacity to carry out specialist audits including IT

audits, fiduciary risk assessment, value for money audits, inspections and forensic

investigations etc;

8) Focus on systems audits as opposed to transaction audits;

9) Training focusing on audit management and internal audit leadership development;

10) Staff trained in technical professional qualifications including CFE, CISA etc;

11) Establishment of a quality assurance review and improvement program;

12) Establishing a formal diploma programme in GOR and organising the delivery of this

programme; and

At the end of year 4 all internal auditors and internal audit units should be able to demonstrate

sustainable capabilities at level 4 of the public sector IA-CM.

Long Term Activities (Year 5 onwards)

In the long term the gains achieved will be consolidated and capacity building will be

undertaken by the OCIA team. An external review of the performance of the function will be

undertaken at the beginning of year five with the view of fast tracking any remaining activities

and mapping out the position of the function as a change agent within government.


42 | P a g e

6. Resource mobilisation

6.1 Organisation structure and staffing levels The Office of the CIA is headed by the CIA who reports administratively to the PS/ST and

functionally to the Minister. Reporting to the CIA are 10 Internal Auditors organized into two

teams, local government and central government.

Internal audit units in Ministries and Districts are staffed by between 1 to 3 internal auditors,

all of the same rank. The auditors occupy the lowest rank in the organisation.

The current organization structure, grading and staffing levels are inadequate and continue to

hamper effective service delivery. Internal auditors conduct audit assignments in teams and

supervision and quality assurance review by more experienced and senior members is

required to ensure the quality of work carried out and also to train less experienced internal

auditors. A revised hierarchal organization structure has been proposed to reflect the internal

audit workflow and delegation of responsibilities.

The proposed structure establishes positions for specialized internal audit services such as IT,

value for money, forensic investigations and risk management and training at the Office of

CIA. The proposed structure will enable internal audit develop appropriate skills to fully

fulfill its mandate. The proposed structure and list of auditors in each organization is listed in

Annex 7

Below is the current and proposed manpower count for the Office of the CIA.

Current Positions # Proposed Positions #

Chief Internal Auditor 1 Chief Internal Auditor 1

Administrative assistant 1 Administrative assistant 1

Internal auditor/Team leaders (Central Government, Local Government)

2 Senior Principal internal auditor (Central Govt, Local Govt, inspection, risk management, IT, Training)

4

Principal internal auditor 6

Senior Internal Auditor 9

Internal Auditor 8 Internal Auditor 0

Total 12 21


43 | P a g e

Proposed Position Responsibilities

Chief Internal Auditor Head of internal audit Function in Government. Deputy Chief Internal Auditor

Deputize Government Chief Internal Auditor and head teams supervising internal audit units

Senior Principal Internal Auditor

Head a specialized internal audit function or supervise cluster of internal audit units

Principal Internal Auditor Head of internal audit units in MDAs

Senior Internal Auditor Supervise internal audit units within the Office of the Government Chief Internal Auditor

Internal Auditor I Conduct internal audit assignments and lead audit teams

Below is the man count in Ministries and Districts. The number of auditors is determined by

the entity based on workload and guidelines issued by MIFOTRA.

Proposed Positions Ministry District

Director of Internal Audit /Senior Internal

Auditor

1 1

Internal Auditor 2 3

Although most of the human resource policies are centralized at MIFOTRA, it is prudent for

the Office of the CIA to formulate policies which address the specific needs and nature of

internal audit work. An Internal Audit competency framework and performance indicators

will be used to develop career development plans and roll out the courses identified in the

Training needs assessment in Annex 9.

6.2 Costing summary of the strategic plan The costing of the strategic plan represents the best estimate at the time of preparing this

document and should be reviewed at the time of conducting the mid-term review of the

strategic plan. Only those activities that require funding and are not directly funded by the

Government of Rwanda under recurrent costs have been costed. Details of the costing can be

obtained from the Office of the CIA. The amount for year one has been budgeted for under the

PFM reform basket fund.


44 | P a g e

Most of the activities will be carried out during the first and second year of the SP and USD

430, 000 and USD 635,300 is estimated to be required during this period. This will be scaled

down to USD 338,000, USD 260,000 and USD 299,000 in the third, fourth and fifth year

respectively. This position is dependent upon budgetary allocation and continued support by

development partners.

In the second year an amount of USD 105,000 and in the third year an amount of USD 80,000

for year has been budgeted for coaching of internal auditors in Districts by consulting firms

and outsourcing of IFMIS IT Audit. The OCIA currently does not have adequate capacity for

these critical tasks as it still building its capacity.

Below are the summary costs of the strategic plan.

PILLARS AND STRATEGIC ACTIVITIES 2013/14 2014/15 2015/16 2016/17 2017/18


Strategy 1: Hold annual audit committee

workshop

23,200 23,200 23,200 23,200 23,200

Strategy 2: Annual training of audit committees 25,300 35,400 29,800 29,800 25,300

Strategy 3: Develop internal audit awareness

materials

0 2,000 500 2,000 500

Strategy 4: Purchase internal audit reference

materials

0 5,000 0 0 5,000

Strategy 5: Recruit a firm to conduct quality

assurance of Government internal audit

function

0 0 0 0 20,000

Pillar 2. Organisational structure and

internal audit responsibilities

Strategy 1: Coach internal auditors in MDAs 0 0 80,000 0 0

Strategy 2: Enhance independence of internal

audit function

Strategy 3: Ensure appropriate internal audit

focus

Strategy 4: Provide consulting services and

develop tools to improve risk management and


45 | P a g e

internal control systems

Pillar 3. Human Resources and Leadership

Strategy 1: Internal audit leadership training

program

0 27,500 0 0 0

Strategy 2: Conduct short term and professional

skills training

155,000 194,200 145,200 145,200 145,200

Strategy 3: Develop internal audit technical

skills resourcing partnerships

Strategy 5: Manage knowledge

Pillar 4. Audit Process, Tools and Techniques

Strategy 1: Conduct training to implementation

of professional standards and code of ethics for

internal auditors

50,000

Strategy 2: Develop and implement appropriate

audit methodologies, tools, manuals and coach

internal auditors in MDAs

0 105,000 25,000 25,000 25,000

Strategy 3: Enhance audit automation 61,000 69,000 25,000 25,000 25,000


Strategy 1: Enhance the number of internal

audit reports consolidated and monitored

Strategy 2: Train internal audit stakeholders

Pillar 6. Performance Management and

accountability

Strategy 1: Develop internal audit and risk

management performance indicators

Strategy 2: Conduct study tours to benchmark

with regional governments

0 10,000 10,000 10,000 10,000

Strategy 3: Recruit Internal Audit Advisor to

support capacity building program and a

consultant to develop next strategic plan

164,000 164,000 0 0 20,000

Strategy 4: Develop next strategic plan

GRAND TOTAL 430,000 635,300 338,700 260,200 299,200


46 | P a g e

7. Monitoring & Evaluation Monitoring will be a central feature of this strategic plan to ensure the targets are achieved

within the stipulated time, objectives are achieved and corrective measures are taken if

deviations arise. Periodic monitoring reports will be prepared.

7.1 Performance Indicators The Office aims to uplift these to level 4 of each model from current level 1. This is because

internal audit is relatively new and is at the lower level of maturity of most of the performance

indicators. In addition, some specific outputs for each pillar are indicated below. The success

of the strategic plan will be measured by the improvement of internal audit capability as

measured by:

• Internal audit capability maturity model;

• IT maturity model;

• Risk based maturity model;

• Risk management maturity model;

• Internal control maturity model;

• Risk management maturity model;

• Internal audit competency framework;

• Internal audit process maturity model; and

• Quality assurance maturity model.

The performance indicators will be cascaded to the lowest level possible through action plans

and performance contracts to ensure they are acted upon.

7.2 Targeted outputs and outcomes The output and outcome of each activity would be measured against the performance measure

and strengthened until the desired level 4 maturity level of each performance indicator is

achieved. The Output, outcome and performance measure of each activity is listed in Annex

6.


47 | P a g e

7.3 Risks and Mitigating Measures The threats that could prevent the achievement of objectives and mitigating measures are

listed in Annex 4. Setting time bound objectives and action plans will facilitate identification

and mitigation of risks to achieving the strategic objectives. A risk matrix will be developed

and updated on a continuous basis.


48 | P a g e

Annex 1: Definitions

Add value – contribute to the organization objectives.

Audit Committee – A high level committee, comprising, where possible, independent, non-

executive members, with responsibility of overseeing the independent review of the

framework of internal control, monitoring the internal audit function and the external audit

processes.

Corporate governance - The combination of processes and structures implemented by the

supervisory board to inform, direct, manage, and monitor the activities of the organization

toward the achievement of its objectives.

Internal Auditing is an independent, objective assurance and consulting activity designed to

add value and improve an organization’s operations. It helps an organization accomplish its

objectives by bringing a systematic and disciplined approach to evaluate and improve the

effectiveness of the risk management, control and governance processes.

Internal control- A process, effected by an entity’s supervisory board, management, and

other personnel, designed to provide reasonable assurance regarding the achievement of

objectives in the following categories:

• Effectiveness and efficiency of operations.

• Reliability of financial reporting.

• Compliance with applicable laws and regulations.

IT General Controls - Controls used to manage the IT activities and computer environment,

covering the following areas: Maintenance of existing systems, Development and

implementation of new systems, information security, and computer operations.

Risk management - A process to identify, assess, manage, and control potential events or

situations to provide reasonable assurance regarding the achievement of the organization’s

objectives.


49 | P a g e

Performance Audit - An approach to audit that aims to improve the economy, efficiency and

effectiveness of operations. The objective of performance audit is to improve the value of

money provided by a public entity.

Systems Audit – Systems audit is the structured analysis of internal control in relation to the

objectives of the organization. Systems audit should enable internal audit to make practical

recommendations to address any weaknesses that have been identified within the context of

risks to the achievement of objectives. It should also enable internal audit to form an opinion

on the adequacy and reliability of the organization’s internal control system.


50 | P a g e

Annex 2: References

1. Organic Law N° 12/2013/OL of 12/09/2013 on State finances and property

2. Organic Law n° 37/2006 of 12/09/2006 on State Finances and Property

3. Ministerial Order n° 002/07 of 09/02/ 2007 relating to Financial Regulations

4. Public Expenditure and Financial Accountability (PEFA) Assessment, Public Financial Management

Performance Report, Final Report, June 2008, Ministry of Finance and Economic Development

5. Government of Rwanda Public Finance Management Reform Strategy 2008-2012, Ministry of Finance

and Economic Development

6. 2013-2018 Public Finance Management Sector Strategic Plan

7. Ministerial Order n° 002/09/10/GPIA of 12/02/2009 Setting Out Regulations for Internal Control &

Internal Audit in Government

8. Ministerial Instructions n° 004/09/10/min of 01/10/2009 for the Establishment of the Audit Committees

in Public Entities, Local Government Entities and Autonomous and Semi-autonomous Public Entities.

9. Internal Audit Charter, Government of Rwanda, July 2011

10. Internal Audit Procedure Manual, Government of Rwanda, July 2011

11. Audit Committee Charter, Government of Rwanda, July 2011

12. Draft Code of ethics for internal auditors, Government of Rwanda

13. Chief Internal Auditor, Handover report, July 2011

14. Capacity building programme, January 2011

15. Stakeholder interview report

16. Internal audit manual implementation report, May 2012

17. Imihigo

18. Various OCIA training reports

19. 2011 Internal Audit staff survey

20. MINECOFIN Strategic plan 2012-2015

21. MINECOFIN Single Action Plan 2011/12

22. COWATER Final report


51 | P a g e

23. Office of the Auditor General, 2011 report

24. The Government Principal Internal Audit Unit, Strategic Plan of GIA in the Three Year Period

2010/2013.

25. The Government Principal Internal Audit Unit, Strategic Paper

26. The Government Principal Internal Audit Unit, Improvements Needed document

27. Public Internal Financial Control

28. COSO Internal Control Framework

29. COSO Risk management Framework

30. Internal Audit Capability Model for the Public Sector (published by the IIA)

31. Terms of reference for Resident Internal Audit Advisor

32. International Standards for the Professional Practice of Internal Auditing; by the Institute of Internal

Auditors

33. Developing the Internal Audit Strategic Plan, IIA Practice Guide, July 2012


52 | P a g e

Annex 3: People and Institutions Consulted

No. Name and title Institution

1. Patrick Shyaka- Accountant General MINECOFIN

2. Enata Dusenge – Director General, Corporate Services MINECOFIN

3. Elias Baingana – Director General Budget MINECOFIN

4. John Munga – Deputy Accountant General, Public Accounts Unit MINECOFIN

5. Caleb Rwamuganza - Deputy Accountant General, Treasury MINECOFIN

6. Cyrille Hategekimana – Coordinator Government Business

Portfolio Unit

MINECOFIN

7. Jean Rurangirwa –IFMIS Coordinator MINECOFIN

8. Amin Miramago – PFM Manager MINECOFIN

9. David Nkusi- Director of Finance and Accounting MINECOFIN

10. Veneranda Mukakimenyi – Ag. Chief Internal Auditor MINECOFIN

11. George Mang’oka – Resident Internal Audit Advisor MINECOFIN

12. Dieudonne Kayombya – Team Leader Local Government Audit

Team

MINECOFIN

13. Chantal Zaninka - Team Leader Central Government Audit Team MINECOFIN

14. Internal Auditors MINECOFIN


53 | P a g e

Annex 4: SWOT Analysis

SWOT Analysis - Strengths

Area Strengths How IA can capitalize on strength

Office of CIA, MINECOFIN

Office of CIA has the mandate of

carrying audits in any entity and

supervising IA in the country

− OCIA to play a role in recruitment,

performance assessment and exiting of auditors

− Develop tool for OCIA to assess internal

auditors

Internal audit units Internal audit units established in every

budget agency and have good

understanding of the entities

− Promote closer relationship between IA, AC

and management through site visits and joint

meetings

− Build capacity of IA and AC to carry out their

work effectively and independently

Internal audit reports Internal auditors communicate audit

reports to management

− Improve format and content of reports to

ensure they add value by providing insight,

foresight and hindsight

Consolidation reports OCIA prepares country –wide

consolidates internal audit report to

PS/ST, Minister and the Prime Minister

− Present report to recipients to emphasize

recommendations for action

Internal audit legal and

regulatory framework

Internal audit recognized in Organic

law and implemented through

Ministerial Order and Audit committee

Ministerial instruction

− Use legal mandate to build IA capacity

− Review and update legal and regulatory

framework

− Include penalties and sanctions in the

regulations to facilitate enforcement

Internal control legal

framework

Laws and regulations on procurement,

financial management, taxation, human

resource management etc established

− Assess compliance with laws and regulations

− Participate in the formulation and review of

legal and regulatory framework

Organizational Office of CIA is a directorate reporting − Use position to advocate for internal audit and


54 | P a g e


independence of

OCIA

to the Minister of Finance, Permanent

Secretary and Secretary to the Treasury

promote the welfare of internal auditors

Organizational

independence of

internal audit units in

MDAs

Internal auditors in districts report to

the district council and in ministries to

the minister

− Use the reporting authority to obtain approval

to audit all areas without scope limitation

Access to information Financial and audit regulations and

charter authorize access to all records

− Use mandate to provide assurance in high risk

areas

− Establish procedure to access classified

information

Audit manuals and

standards

A number of audit manuals have been

developed

IA has adopted IIA international

standards for the professional practice

of internal auditing

− Develop remaining audit manuals and

guidelines

− Implementation support including training,

mentoring and coaching

PFM reform strategy Internal audit recognized as one of the

components in PFM reform strategy

− Implement agreed PFM reform strategy

activities

− Advocate internal audit to PFM stakeholders

− Contribute to reforms in all PFM components

Professional training

program

Government has a policy in place to

sponsor professional training

− Encourage staff to use the training facilities

− Pay subscription for membership to

professional associations e.g. IIA

IA Mission IA is mandated to provide consulting

services and assurance services on

internal controls, governance and risk

management through six missions:

value for money, compliance, system,

IT, financial audits and fraud

investigations

− Develop skills to provide high value audit

assignments

− Develop tools, methodologies etc for proving

internal audit assurance and consulting services

TeamMate audit

management software

MINECOFIN has invested in 50 pilot

TeamMate licenses

− Deepen use of software to achieve full

automation


55 | P a g e


− Acquire and roll out additional licenses

− Sensitization of stakeholders on the importance

of using Teammate

IDEA data analysis

tool

OCIA has invested in 10 IDEA licenses − Train auditors on use of the software to

increase audit efficiency

Audit committees in

Districts and

semiautonomous

AC established in districts and

semiautonomous institutions

− Strengthen audit committees effectiveness

through capacity building

− Develop tools for AC

Internal Audit

Stakeholders

Internal audit has strong stakeholders

including Minister of Finance &

Economic planning, PS & ST, OAG,

Prosecutor General, Prime Minister

− Office of the CIA to work closely with

stakeholders

SWOT Analysis Weaknesses

Area Weakness How weakness can be addressed

Internal audit

visibility and

communication

Internal audit has not adequately

marketed its activities to its

stakeholders and is not a strong agenda

at the executive level

− Communication plan and stakeholder

engagement

Improve capability and positions of internal

auditors and leadership style

IA leadership and

succession planning

Concentration of authority due to lack

of internal audit manager positions

HIA positions not established in

Ministries and Districts

− Review internal audit structure to create

departments such as quality assurance, training,

forensic investigation etc

− Appoint HIA in budget agencies

Coaching and

mentoring

Inadequate coaching and mentoring due

to flat internal audit structure

− Increase hierarchy of internal auditors in line

with competency framework to increase

supervision and career development

Management of

internal auditors

OCIA not having control over

appointment and termination of

auditors

No effective oversight over internal

− OCIA should participating in interviews and

written exams on request, and concur on

termination of auditors

− OCIA should give guidelines on recruitment of


56 | P a g e


auditors in MDAs internal auditors

− OCIA to exercise more control over IA in MDAs

Audit automation Inappropriate training methodologies

and short training duration leading to

low utilization of IDEA, IFMIS and

TeamMate systems.

− Refresher training on IFMIS, TeamMate and

IDEA

− Coaching and mentoring

− Readiness assessment to implement new software

− Development of user aids

Auditing in

computerized

environment

Lack of skills in evaluating internal

financial controls in computerized

environment

− Involve auditors in system development and

implementation

Specialized skills Inadequate skills in specialized areas

such as internal controls framework

implementation, risk management

framework implementation,

governance, IT audit, Value for money

audits, Forensic investigations among

others

− Provide training

− Co-outsource some work to facilitate skills

transfer

− Design and provide short training courses on

each type of work

− Develop and implement guidelines on each type

of assignment

− Develop a policy on coaching and mentoring of

auditors

International

standards for the

professional practice

of internal auditing

Low implementation of mandatory

guidance i.e. code of ethics, standards

and definition

− Approval and disseminate the code of ethics and

standards

− Training IA, AC and CBM on standards

− Continuous gap assessment and remediation

Internal audit

regulations

Non compliance with internal audit

regulations

− Regular self compliance review by IAU and

independent compliance review by OCIA and

external reviewers

Risk based audit

approach

Low adoption of risk based annual

planning and engagement planning

− Training on risk based auditing

− Coaching and mentoring of auditors

Consolidation Some government entities do not

submit internal audit reports for

− Include submission internal audit reports in

regulatory framework


57 | P a g e


consolidation − Apply sanctions to non complying entities

Performance

management system

Weak performance management for

internal auditors (lack of appropriate

appraisal tools)

Lack of career development

− Develop a customized performance management

tools for internal auditors

− Career development plan for internal auditors

Change management Resistance to change

Stiff learning curve

− Use of authority to enforce

− Training, coaching and mentoring

Quality assurance and

improvement

program

Lack of quality assurance and

improvement program

− Develop and implement a quality assurance and

improvement program

− Create a QAIP section in OCIA

Best practices Lack of exposure to best practices and

failure to promote best practices such

as risk management and internal

control frameworks

− Internal audit capacity to champion emerging

trends and best practices

Coordination Lack of coordination with OAG,

Prosecutor and other integrity bodies

− Develop memorandum of understanding with

stakeholders to exploit opportunities available in

coordinating

Capacity building Lack of continuous capacity building

and training leading to slow

implementation of training curriculum

− Recruit a full time training coordinator

− Acquire technical support from qualified

consultants

Organizational

independence

I.A units in MDAs are not financially

independent, and some report to CBMs

due to absence of audit committees.

Auditors are not independent in

developing audit plan and determining

the audit scope

− Appointment of audit committees in central

government

− Raise awareness on the role of internal audit

Monitoring of audit

recommendation

Lack of process to monitor implement

of audit recommendations

− OCIA to monitor audit recommendations

centrally using TeamCentral

− Include implementation of OAG and IA

recommendations in managers performance

contracts


58 | P a g e


Professional

qualifications

Low professional qualifications is an

hindrance in giving audit opinion on

internal controls

− Government sponsoring ACCA, CIA, CISA and

CFE

− Adequate time should be given to study

Audit procedures Low implementation of audit manual

procedures. More professional

discipline and effort is required by the

new audit manual.

− Change management for auditors

− Support from stakeholders

Number of internal

auditors

Number of internal auditors are not

enough to cover the audit universe and

scope adequately

− Increase the number of internal auditors

especially in districts

Audit committees Audit committee members do not have

capacity to analyze reports

Audit committees not appointed in

ministries

− Training of audit committees

− Appointment of audit committees in central

government

Internal audit

database

Lack of database on audit programs,

reports, best practice − Develop audit programs to guide internal auditors

− Develop knowledge sharing database

SWOT Analysis - Opportunities

Area Opportunity − How opportunity can be exploited

Legal and regulatory

framework

Implement 2013 Organic Law on State

Finances and Property and subsequent

Ministerial Orders

− Incorporate enough clauses to promote

independence of internal audit and the

role of audit committees

− Another relevant requirement (eg.

consolidation of internal audit reports )

− Help IAs and ACs understand the laws,

rules and procedures which govern

government MDAs activities

Tone at the top Advocacy by top leadership for

accountability and transparency and zero

tolerance to corruption culture

− Require entities to submit report on

implementation of audit recommendations

− Advocacy of internal audit through


59 | P a g e


Greater public awareness in issues of

accountability, transparency and value for

money.

newspaper articles, magazines and other

media

Computerization of

government operations

Future IFMIS project study being conducted

Integrated Payroll Processing system

− OCIA team to be involved at every stage

of the new project to ensure controls are

well designed

− Log in access by auditors

− Provide assurance on IT controls and use

data analysis tools to increase audit

efficiency

Performance audits More requests for performance audit

assignments received from management

− Perform more performance audits

− Develop technical skills in performance

audit

− Greater public awareness on issues of

value for money

Internal audit competency

model

Internal audit competency developed − Hold discussions with MIFOTRA on

restructuring on internal audit in hierarchy

levels

Training needs assessment Training needs assessment conducted

− Develop and implement training calendar

Support from development

partners

Development partners ongoing support for

PFM reform programme

− Enhance cooperation and lobby for

additional support

Professional associations ICPAR and IIA Rwanda (in formation) to

expand the accounting and auditing skills in

the country

− Use training opportunities to enhance

accounting and internal audit skills

− Play a professional leadership role

−

ncourage I.As to be members of

professional bodies

Enterprise risk

management

Risk management guidelines drafted for

approval and implementation

− Spearhead approval and implementation

− Advocate setting up of risk management

committees in public enterprises


60 | P a g e


Corporate governance Formulation of public sector governance in

GBEs offers an opportunity to develop

similar principles for central government

− Provide assurance and assist in

development and implementation of

various governance tools

Public Internal Financial

Control (PIFC)

This frameworks gives a model for

coordination of public sector internal control

− Work with OAG and other integrity

organs to promote and coordinate internal

control environment

Audit committee annual

report

Regulations require AC to issue a statement

together with the annual financial statements

− Build capacity of AC to report annually

Chief budget manager

statement on internal

controls

CBM statements on internal controls should

be supported by internal audit annual opinion

on internal control and should be reviewed

by the AC

− Build capacity of internal auditors to issue

annual report on internal controls

− Capacity building of CBM

Entity performance report Proposed entity performance report gives

auditors an opportunity to audit performance

information

− Build capacity of auditors to audit

performance information once framework

is put in place

Quality of reports Better communication with auditees − Issue quality audit reports

Relationship with auditees Raise awareness on the role of internal audit − Capacity building

Government policies Advise on developments and implementation

of government policies

− Market consulting role to management

SWOT Analysis - Threats

Area Threat How threat can be prevented

Internal audit

Leadership and

management skills

Lack of leadership and audit management skills − International leadership development

program to increase exposure

Communication Failure to secure executive management and

stakeholders engagement commitment to strategic

plan and implementation of audit recommendations

− Marketing of internal audit to management

through regular senior management

presentations

− Organize workshops and produce brochures


61 | P a g e

to inform stakeholders of its mission

Staff turnover High staff turnover due to better terms outside,

performance and independence challenges

− Review internal audit structure through

MIFOTRA

− Introduce annual recruitment of graduates to

factor in staff turnover.

- Introduce career path

Organization

structure

Review of IA structure dependent on approval of

MIFOTRA

As above

Professional

qualifications

Internal audit grade is unable to attract experienced

and qualified professional

As above

IA independence

and objectivity

Internal auditors intimidated by fear of losing

employment and are influenced in selecting audit

assignments

OCIA to participate in evaluation and

termination of IAs

Awareness workshops

Consulting

services

IA are at the lowest rank in their organizations and

not highly regarded to give consultancy services

As above

VPN connectivity TeamMate users are not connected remotely to

MINECOFIN server

Follow up with ICT department for resolution

or use work around

Internal control

environment

Weak internal control environment in public sector Identify cross cutting issues and develop

interventions including training with IA

stakeholders

Awareness of the

role of internal

audit

Low awareness by management on how internal

audit can be used to add value to their organizations

Raise awareness on the role of internal

auditing in different forums

Financial support Inadequate financial support to sustain capacity

building

Budget for required resources as appropriate

IFMIS control

environment

Lack of adequate audit trail, inadequate input

controls and database integrity

Play an advisory role in IFMIS

implementation.

Change in

government policy

Influence by elected and appointed officials Recognize internal audit in legal framework

Raise awareness through presentations,

magazine

Employment

terms

Internal auditors employed on contract influence

objectivity and independence

Lobby for reversal of contract employment

except where auditors are working on project


62 | P a g e

to enhance independence.

Audit committees Audit committees still new. These were set up in

districts in 20111 and in central government in 2013.

− Provide allowance to ACs

− Training of audit committees

− Monitor performance of AC

Appointment of audit committees in central

government

Goals and

objectives

Failure to agree on common goals and objectives

with stakeholders

− Market the role of internal audit

− Discuss strategic plan and action plan with

stakeholders

Benchmarking

with other

Governments’

internal audit

functions

Lack of exposure to techniques employed by auditors

in other governments

− Study tours

Change

management

Failure to implement audit procedures by some

auditors

− Develop change management strategies to

overcome personal barriers to change and

manage benefits


63 | P a g e

Annex 5: Public Sector Internal Audit Capability Model Matrix The model below is developed by the Global Institute of Internal Auditors and shows best practices that should be institutionalised at different maturity levels.

Services and

Role of IA

People Management Professional

Practices

Performance

Management

and

Accountability

Organizational

Relationships

and Culture

Governance

Structures

Level 5 –

Optimizing

IA Recognized

as Key Agent of

Change

Leadership

Involvement with

Professional Bodies

Workforce Projection

Continuous

Improvement in

Professional Practices

Strategic IA Planning

Public Reporting

of IA

Effectiveness

Effective and

Ongoing

Relationships

Independence,

Power, and

Authority of the

IA Activity

Level 4 –

Managed

Overall

Assurance on

Governance,

Risk

Management,

and Control

IA Contributes to

Management

Development

IA Activity Supports

Professional Bodies

Workforce Planning

Audit Strategy

Leverages

Organization’s

Management of Risk

Integration of

Qualitative and

Quantitative

Performance

Measures

CAE Advises and

Influences Top-

level

Management

Independent

Oversight of the

IA Activity

CAE Reports to

Top-level

Authority

Level 3 –

Integrated

Advisory

Services

Performance/V

alue-for-Money

Audits

Team Building and

Competency

Professionally

Qualified Staff

Workforce

Coordination

Quality Management

Framework

Risk-based Audit

Plans

Performance

Measures

Cost Information

IA Management

Reports

Coordination

with Other

Review Groups

Integral

Component of

Management

Team

Management

Oversight of the

IA Activity

Funding

Mechanisms

Level 2 –

Infrastructure

Compliance

Auditing

Individual

Professional

Development

Skilled People

Identified and

Recruited

Professional Practices

and Processes

Framework

Audit Plan Based on

Management/

Stakeholder Priorities

IA Operating

Budget

IA Business Plan

Managing within

the IA Activity

Full Access to the

Organization’s

Information,

Assets, and

People

Reporting

Relationship

Established

Level 1 –

Initial

Ad hoc and unstructured; isolated single audits or reviews of documents and transactions for accuracy and compliance; outputs

dependent upon the skills of specific individuals holding the position; no specific professional practices established other than those

provided by professional associations; funding approved by management, as needed; absence of infrastructure; auditors likely part of a

larger organizational unit; no established capabilities; therefore, no specific key process areas


64 | P a g e

Annex 6: Detailed sequencing of implementation

Pillar Objective/Activities Output Outcome Performance

indicator

Timing Responsibilities


Objective: Ensure internal audit function is established in laws, regulations and in ministries, districts and budget agencies

Strategy 1: Enhance and comply with regulations on internal audit, audit committee internal control

a) Update OL on State Finances

and Property (OBL) to reflect IA

and AC mandate and enhance

compliance

IA and AC mandate

reflected in revised

Organic Law on state

finances and

property (OBL)

Institutional

capacity of internal

audit, audit

committees and

independence

strengthened

Adoption of internal

control and risk

management

frameworks.

Compliance with

regulations

1) organic law

updated (2)

Internal audit

regulations

gazette and

internal audit

units conforms

to the

regulations

2016/17 OCIA

b) Update audit committee,

internal audit charter and IA

regulations to include roles in

risk management

Revised IA

regulations, IA and

AC charter

(1) Revised

Internal Audit

and Audit

Committee

Charters

published and

signed (2)

Review the

adequacy of the

Internal Audit

and Audit

Committee

Charters

annually and

report adequacy

2013/14 OCIA


65 | P a g e


indicator


in the internal

audit annual

report

c) Hold local workshops and

annual conference for all

internal auditors

Regional workshops

and annual

conference

Benchmarking and

sharing of

experience

Conference

/workshop held

annually

2013 -

2018

OCIA

Strategy 2: Operationalise internal audit, audit committee and mobilize stakeholders

a) Conduct training for various

stakeholders to raise awareness

on regulations, guidelines and IA

standards.

Awareness sessions

with DGs, Directors

etc

Stakeholders

support,

independence

Presentations at

stakeholders

forums

2014 - -

2015

OCIA

HIA

b) Establish audit committees in

central government and monitor

Government entities

Appointment and

induction of audit

committees

Enhanced oversight

by audit committee

members

80% Quarterly

Internal Audit

committee

reports and

annual Audit

Committee

Report obtained

and analyzed

2013-

2014

CIA/Minister

and

ministries.

c) Develop audit committee

guidelines and tools

AC guidelines and

tools developed and

disseminated

Training workshop

More effective audit

committees

Audit committee

handbook and

tools developed

and

communicated

2013/14 OCIA

d) Provide continuous training to

audit committees on their role in

financial reporting, risk

management, internal and

external audit, internal controls,

stakeholder relationships etc

Annual training

of audit

committee

2013-

2018

OCIA

e) Annual audit committee report Annual audit Improved 40% Audit 2016- Audit


66 | P a g e


indicator


on AC responsibilities and

performance, and opinion on

internal controls including

internal audit

committee report

published with

financial statements

accountability and

transparency

committees

issue annual

audit committee

report as part of

entity annual

report issued

together with

annual financial

statements

2017 committees

Strategy 3: Increase internal audit visibility and integration in public governance

a) Develop effective relationship

with other arms of government,

development partners and

professional associations

Communication plan

and stakeholder

engagement plan,

MOU, meetings,

reports

Stakeholder needs

met

Positive image of IA

enhanced

Develop and

implement a

stakeholders’

communication

plan and regular

contact program

2013-

2014

OCIA

b) Professional membership in

Institute of Internal Auditors

Membership in

institute of internal

auditors

Exposure and career

development for

internal auditors

Membership in

IIA

2013-

2017

OCIA &

MINECOFIN

c) Prepare publicity materials for

IA and AC on IA and AC in

control, risk management,

governance , fraud detection etc

Brochures, articles,

workshops,

presentations etc

Awareness on role

of IA, AC

Publicity

materials

distributed semi-

annually

2013-

2017

OCIA

Strategy 4: Networking and knowledge sharing

a) Purchase reference books and

subscribe to knowledge

databases

library and electronic

database

Increase in research

capacity

Books acquired

and available for

borrowing

2013-

2014

OCIA &

MINECOFIN

b) Develop internal audit intranet,

extranet, group emails etc for

networking and knowledge

sharing

Knowledge and

networking sharing

tools deployed

Knowledge sharing Establish and

maintain

electronic

networking and

reference

2014/15 OCIA &

MINECOFIN


67 | P a g e


indicator


resources for

internal auditors.

E.g. social media,

knowledge

databases (2)

Intranet

developed

Strategy 5: Develop and implement quality assurance program

a) Implement an internal quality

assurance review mechanism

Quality assurance

review reports and

recommendations

Improve the quality

of internal audit

1) All

assignments

reviewed by

second auditor

(2) OCIA

conducts quality

assurance

reviews in a

representative

number of

internal audit

units annually

2013 -

2018

OCIA

HIA

b) Conduct external quality

assurance review by

independent consultants

External quality

assurance

reviews

conducted every

five years and

report submitted

to MINECOFIN

senior

management

2016/7 OCIA

MINECOFIN


68 | P a g e


Indicator


Pillar 2. Organisational structure and internal audit responsibilities

Objective: Internal audit has an appropriate organization structure to effectively discharge its mandate and engage its stakeholders

Strategy 1: Review organizational structure to match internal audit mandate

a) Review internal audit structure

at OCIA and MDAs to ensure

adequate internal audit

resources

OCIA re-organized to

create specialized

team.

Functions and

activities aligned

to mandate.

(1) MINECOFIN

proposes review of

organizational

structure by

2013/14 (2)

Organizational

structure review

conducted and

adequacy of

structure and

number of internal

audit resources

established

2014/15 CIA ,

MIFOTRA,

CBMs

b) OCIA to allocate time

appropriately between

coordination and capacity

building

Action plan

rebalanced and roles

properly assigned

Enhanced

coordination,

capacity and

communication

1) 75% satisfaction

reported in

feedback received

from coaching

internal auditors,

support and

training (2) 70% of

internal audit

reports for

consolidated

quarterly and

feedback provided

2014-

2015

OCIA

& PS/ST

c) Develop capacity to provide

specialized internal audit

services within OCIA

Increase specialized

skills

Specialized

assignment

conducted using

relevant

OCIA conducts

assignments in

specialized areas

such as risk

2014/15 MINECOFIN

MIFOTRA


69 | P a g e


Indicator


standards. management

d) Attracting experienced and

skilled people especially to OCIA

Improved terms of

reference

Position IA to

provide value

added services

Job description

revised

2013-

2018

MINECOFIN

MIFOTRA

e) Outsource review of IFMIS and

other mission critical systems to

specialized IT consulting firms

Increase in scope

coverage

Risks minimized

Skills transfer to

OCIA team

Approval for

outsourcing IA

services

2014/15 CIA

PS/ST

Strategy 2: Enhance independence of internal audit function

a) OCIA to participate in

recruitment and concur in

termination internal auditors

Independence of

internal auditors

Protection of

internal auditors

1) Provide

technical support

in recruitment of

internal auditors

where necessary

(2) OCIA reviews

recruitment and

termination of

internal auditors in

MDAs and

prepares an annual

report.

2013-

2018

OCIA

MINECOFIN

MIFOTRA

b) OCIA to review and approve

audit plans

Risk based audit

plans

Audit effort

focused on higher

risk areas

Consolidate 50%

annual action plans

2014-

2015

OCIA

c) OCIA consolidates independence

declaration forms Internal

Auditors

OCIA consolidates

independence

declaration forms

from 60% of

internal auditors

2015/16 OCIA

Strategy 3: Ensure appropriate internal audit focus

a) Increase number of system

audits carried out as opposed to

compliance and transaction

Focus on high risk

areas

Improved control

environment

Number of system

audit conducted

2013-

2018

OCIA and all

auditors


70 | P a g e


Indicator


audits

b) Conduct annual risk assessment

and develop risk based audit

plans

Prioritization of audit

universe

Risk based audit

plan

50% of internal

audit units

preparing multi

year and annual

audit plans based

on documented

annual risk

assessments

2014-

2015

OCIA and all

auditors

Strategy 4: Provide consulting services and develop tools to improve risk management and internal control systems

a) Obtain senior management

approval and champion

implementation of risk

management guidelines in

MDAs

RM guidelines

approved

Capacity building

provided.

Improved public

financial

management

Risk management

guidelines

published and

piloted in 3 entities

2014-

2015

OCIA and

Managemen

t

b) Promote adoption of internal

control framework e.g. PIFC,

COBIT

Awareness

workshops,

Guidelines and tools

Policy on adoption of

internal control

framework

Improvement in

internal control

environment

(1) OCIA develops

and publishes

piloted in 3 entities

(2) Internal control

monitoring

guidelines and

implementation

monitor annually

2015-

2016

OCIA and

Managemen

t

c) Provide assurance reports and

opinion on adequacy of risk

management and internal

control systems

Assurance reports

and opinion on

controls

Assurance on

internal control

environment

annual internal

audit reports

issued

2014-

2015

OCIA


71 | P a g e

Pillar Objective/Activities Output Outcome Measurement

criteria


Pillar 3. Human Resources and

Leadership

Objective: Internal audit is staffed with the adequate, skilled and competent staff to provide quality internal audit services and meet

stakeholders’ expectations.

Strategy 1: Implement professional and competency development framework

a) Finalise and obtain approval for

internal audit competency

framework and monitor its

implementation

Career development

plans developed and

monitored, training

needs assessment

Improved internal

audit skills and

reduced turnover

(1) MINECOFIN

proposes

internal audit

competency

framework (2)

Internal audit

competency

framework and

revised

organization

structure

adopted by

MIFOTRA) (3)

Annual report on

implementation

of internal audit

competency

framework

2013/14

2014/20

15

OCIA

Senior MGT-

MINECOFIN

b) Internal auditor Training and

development plan implemented

(1)Internal

auditors Training

and

development

plan approved

(2)Training and

development

plans

implemented

2014/5

2015/16

OCIA


72 | P a g e


criteria


c) Implement an internal audit

leadership training program

Training program Audit management

skills developed

Training

program

approved

2014/15 OCIA

Strategy 2: Enhance professional and skills training

a) Internal auditors pursue ACCA,

CIA professional training

Professional training

and qualifications

Technical skills

leading to better

service delivery

Reduced turnover

(1)Two

recruitments per

year held for CIA

training

(2)Lobby

MIFOTRA to

include

professional

qualification in

accounting and

audit in job

specifications

2014-

2017

Internal

auditors

b) Internal auditors to pursue

specialised professional

qualifications including: CFE,

CISA, CRMA

40 Number of

internal auditors

enrolled in

specialized

professional

courses after

qualifying in

either CIA or

ACCA

2013-

2018

Internal

Auditors

MINECOFIN

c) Develop public sector internal

audit diploma

(1) Policy on

public sector

internal audit

diploma

approved (2)

Service provider

recruited and

internal auditors

2014-

2015

2015/20

16

MINECOFIN

MINEDUC


73 | P a g e


criteria


annually trained

on public sector

internal audit

diploma

provided

d) Sponsor internal auditors to

attend regional and

international professional

conferences

Development of

internal auditors

competency and

professional skills

Capacity for

auditors enhanced

Skills to audit in a

computerized

environment

Internal auditors

attend

international

conferences

annually and

regional semi

annually internal

auditing

2013

-2018

MINECOFIN

EMPLOYERS

Internal

Auditors

e) Organize short courses for

internal auditors

Each internal

auditor receives

at least one

week training

per year

2013-

2018

OCIA

MINECOFIN

Strategy 3:Develop internal audit technical skills resourcing partnerships

a) Co-source audit of technical

areas where the Office of CIA

and internal audit units do not

have the necessary skills and

experience

Increase audit scope

Risk mitigation

Skills transfer

Policy on

outsourcing

internal audit

services

approved and

budget approved

2014/20

15

OCIA

MINECOFIN

Partner

institutions

b) Develop partnership with other

governments’ assurance

functions e.g. RPPA,

Ombudsman, Monitoring and

Evaluation etc and capacity

building experts to build

competency

Study tours and

capacity building

support

Skills transfer and

maturity of internal

audit function

Develop and

implement a

coordination

framework (or

MoU) with other

Government

assurance

providers

2014-

2016

OCIA

MINECOFIN


74 | P a g e


indicator


Pillar 4. Audit Process Tools and Techniques

Objective: To ensure efficiency and effectiveness in the audit process by employing efficient audit procedures and techniques

Strategy 1: Implement professional standards and code of ethics for internal auditors

a) Phased implementation of

international internal audit

standards

Compliance to

professional

standards

Quality internal

audit service

(1)

Communicating

IPPF, internal

audit charter

and manual (2)

Annual survey

on compliance

status (3)

Satisfaction

survey

conducted

annually

2014/15 OCIA

All auditors

b) Ensure all internal auditors sign

the code of ethics for internal

auditors and monitor

compliance

Code of ethics signed

Conflict of interest

avoided

Auditors with

professional

behavior

100% of auditors

sign the code of

ethics of internal

auditors by

2014/15.

(2)Annual report

on compliance

to code of ethics

2014/15

OCIA

Strategy 2: Develop and implement appropriate audit methodologies, tools and manuals to improve audit effectiveness and

efficiency

a) OCIA (supported by consultants)

to coach and mentor internal

auditors in MDAs to perform

high quality work and

implement internal audit

manual

Coaching and

mentoring internal

auditors

Quality of work and

reporting enhanced

1) All newly

recruited

internal auditors

coached by OCIA

team and other

experienced

2013 -

2018

OCIA Team


75 | P a g e


indicator


internal auditors

in MDAs within

the first 6

months (2)

Number of

internal auditors

coached by more

experienced

personnel.

b) Develop, communicate and

implement internal audit

guidelines, tools and programs

in financial auditing, risk

assessment, risk management,

internal controls, corporate

governance, value for money

auditing, IT auditing,

consultancy services etc

Guidelines developed

and trainings

conducted

Auditors able to

execute their

mandate.

Develop and

implement a

timetable for

this activity

2013 -

2014

OCIA team.

c) Improve audit process efficiency

and reduce assignment

turnaround times

Value addition of

interval audit

Skills transfer

leading to high

quality work and

reports

Individual

Performance

evaluation

considers

achievement of

agreed

assignment

turnaround

times

2013-

2015

All internal

auditors

Strategy 3: Enhance audit automation

a) Pay annual CCH license

maintenance and support fees

and monitor utilization of

TeamMate licenses

System upgrades and

support

Audit automation Support and

updates

implemented

2013 -

2018

MINECOFIN

b) Phased roll out of TeamMate Additional teammate Increased efficiency Number of new 2013 - OCIA Team


76 | P a g e


indicator


audit management system to

MDAs internal audit units based

on usage of existing licenses

users of the audit process teammate

licenses acquired

and

implemented

2018 Internal

auditors

c) Utilization of TeamMate licenses Trained auditors

using Teammate

Internal auditors

that have license

use Teammate

appropriately

Number of

auditors using

IDEA to conduct

tests.

2013 -

2018

OCIA Team

Internal

auditors


criteria



Objective: To ensure that the results of the audit work are fully understood and appropriately acted upon to facilitate improvement

of internal control environment

Strategy 1: Enhance the number of internal audit reports consolidated

a) Consolidate internal audit

reports

Consolidated audit

report

Improved

transparency and

accountability

70% of internal

audit reports for

consolidated

quarterly and

feedback

provided

2014/15 OCIA

All Auditors

b) Coordinate with the Office of

the Auditor General in

implementation of audit

recommendations

Consolidated

implementation

report

Communicate with

impact

70% of internal

audit and OAG

reports followed

up on a quarterly

basis and

consolidated

2014/15 OCIA

All Auditors


77 | P a g e


criteria


c) Internal auditors may raise

significant risks accepted or not

acted upon by management

with respective Board and/

MINECOFIN

Risk assessment Risk mitigation Un-acceptable

risks not acted

upon by

management for

more than six

months are

reported to

respective Board

and/ MINECOFIN

2013-

2018

OCIA

All Auditors

d) Internal auditors to work with

audit committees for resolution

of audit findings

Audit committee

quarterly reports

Clean audit opinion

(1) All internal

audit units

present their

report to Audit

Committees (2)

Annual report on

implementation

of audit

committee

recommendatio

ns

2013-

2018

All Auditors

Strategy 2: Build capacity to effectively engage senior management and audit committee, and external auditors effectively

a) Develop key stakeholders

engagement plan and meet

them regularly to monitor

progress in meeting respective

responsibilities

Memorandum of

understanding with

OAG etc

Coordination and

information sharing

Stakeholders

engagement

plan

implemented,

monitored and

updated

annually

2013/4 OCIA

Stakeholder

s

b) Coordination with OAG, in

planning value for money audits

and other assignments to avoid

duplication

Improved

communication

Efficiency in risk

assessment and

monitoring of

controls

OCIA shares

annual audit

plans with OAG

2013 -

2018

OCIA

OAG

c) Conduct regular satisfaction Overlaps reduced Increased audit Satisfaction 2013- OCIA


78 | P a g e


criteria


surveys to understand their

needs and address them

Conduct joint

projects

coverage

Skills transfer

survey

conducted

annually to

understand

stakeholder’s

needs

2014 MINECOFIN

MDAs

d) Capacity building of audit

committees

Performance

feedback

Improved relations

with auditees

Audit committee

established and

trained

2013 -

2018

OCIA


criteria


Pillar 6. Performance Management and accountability

Objective: Strategic plan successfully implemented

Strategy 1: Develop an internal audit performance system and accountability

a) Develop a customized

performance score card for

Office of CIA and internal audit

units

Accountability for

internal audit

performance

Improved internal

audit performance

Customized

performance

score card

developed and

implemented

2015/16 OCIA

Strategy 2: Benchmark internal audit to regional governments with leading internal audit practices

a) Conduct study tours to

understudy best practices in

other countries

Study tours

conducted

Best practices

identified

Capacity enhanced

Study tours

conducted at

least every two

years

2013-

2018

OCIA &

MINECOFIN

Strategy 3: Implement the strategic plan

a) Obtain technical assistance to

assist in the implementation of

Consultant recruited 1) IAU achieve level

4 of IA-CM

Technical

assistance

2013-

2018

OCIA &

MINECOFIN


79 | P a g e


criteria


CBP and the strategic plan model

2) Transfer of

ownership of

CPB

obtained

b) Conduct a validation workshop Mid-term review

report

Relevance of

strategic plan

validated

Performance

indicators

developed and

annual

monitoring

reported

2014/15, OCIA

c) Conduct mid-term review of the

strategic plan

Mid-term review

report

Status of

implementation

known and

priorities re

established

Mid-term review

report

2015/16, OCIA

d) Conduct a closing review of the

strategic plan

End of strategic plan

review report

New strategic plan

developed

Strategic

engagement &

Stakeholder

engagement and

commitment

Closing review

report

2018-2023

strategic plan

published

2017 OCIA /

External

reviewer

Strategy 4: Develop next strategic plan

a) Conduct a closing review of the

strategic plan and develop 2018-

2023 strategic plan

End of strategic plan

review report

New strategic plan

developed

Strategic

engagement &

Stakeholder

engagement and

commitment

2018-2023

internal strategic

plan developed

and approved

2017/8 OCIA


80 | P a g e

Annex 7: Proposed Internal Audit Structure Proposed Structure for District

Notes:

(i.) The proposed structure introduces the position of Director of Internal Audit to enhance supervision lacking in current structure;

(ii.) There is also an increase by one extra internal auditor to address the high volume of work particularly relating to subsidiary entities.

Proposed structure for Ministries:


81 | P a g e

Notes:

(i.) The proposed structure introduces the position of Director of Internal Audit to empower the internal audit units to be more independent, enhance supervision lacking in current structure and one extra internal auditor to enhance coverage within including single project units, inspections and risk management.

(ii.) Complex/large government entities such as boards and higher learning institutions and major spending ministries can negotiate directly with MIFOTRA for a more robust structure depending on the complexity of the entity.

(iii.) In small ministries and other budget agencies internal audit units will have two internal auditors and will be headed by senior internal auditor.

Proposed structure for Office of the Chief Internal Auditor in MINECOFIN:

Notes:

(i) The proposed structure increase number of Office of the Chief Internal Auditor staff from ten (10) to nineteen (21);

(ii) The increase is aimed to introduce a level of supervision and coverage


82 | P a g e

(iii) The central government and local government teams will in charge of consolidating audit reports from all public entities and also conducting performance audits and building capacity of internal auditors in other public entities.

(iv) The Inspection and risk management team will lead inspection and forensic audit assignments in high risk institutions and build the capacity of public entities to implement institutional risk management frameworks.

(v) The specialized audit team will conduct value for money assignments; IT Audits on IFMIS and IPPS and other core government systems; other management requests; and support other auditors in implementation of automated audit tools such as TeamMate and IDEA.

(vi) The Quality assurance, capacity building and governance team will monitor the performance of audit committees, coordinate training of all internal auditors and review the quality of reports prepared by the department.


83 | P a g e

Annex 8: Number of Internal Auditors per Entity

CENTRAL GOVERNMENT

#

Budget Agencies No of Internal auditors per entity

1. SENATE 1

2. Supreme Court 1

3. Prime Minister’s Office 1

4. Ministry of Defense 4

5. Ministry of Education (MINEDUC) 3

6. Ministry of East Africa Community (MINEAC) 1

7. Ministry of Sports and Culture (MINISPOC) 1

8. Ministry of Youth (MINIYOUTH) 1

9. Ministry of Justice (MINIJUST) 1

10. Ministry of Health (MINISANTE) 12

11. 1 Ministry of Trade and Industry (MINICOM)

12. Ministry of Finance and Economic Planning (MINECOFIN) 1

13. Ministry of Public Service and Labour (MIFOTRA) 1

14. Ministry for Infrastructure (MININFRA) 1

15. Ministry of Foreign Affairs (MINAFFET) 1

16. Ministry of Internal Security (MININTER) 1

17. Ministry of Agriculture (MINAGRI) 1

18. Ministry of Disaster Management and Refugees

(

1

MIDIMAR)

19. 1 Ministry of Local Government (MINALOC)

20. Ministry of Natural Resources (MINIRENA) 1

21. Rwanda Institute of Administration and Management

(RIAM)

1

22. Single project Unit /MINICOM 1


84 | P a g e

23. Rwanda Agricultural Board (RAB) 2

24. National Electoral Commission (NEC) 1

25. Rwanda Public Procurement Authority (RPPA) 1

26. ISAE Busogo 1

27. Integrated Polytechnic Regional Center (IPRC)

South/Kavumu

1

28. Kavumu College 1

29. Kigali Institute of Education (KIE) 1

30. Kigali Institute of Science and Technology (KIST) 2

31. National Curriculum Development Centre 1

32. Rwanda Education Board (REB) 2

33. RBS 1

34. National Agriculture and Export Board (NAEB) 3

35. RBC 5

36. School of Finance and Banking (SFB) 2

37. Student Financing Agency of Rwanda (SFAR) 1

38. Institute of Legal Practice Development (ILPD) 1

39. National Human Rights Commission (NHRC) 1

40. National Public Prosecution Authority (NPPA) 1

41. RURA 4

42. National Police 3

43. Kigali Health Institute 1

44. Kigali University Teaching Hospital (CHUK) 1

45. CHUB 1

46. National Reference Laboratory 1

47. HNP-Ndera ( Mental Hospital) 1

48. NSS - Internal Security 1

49. Rwanda Development Board (RDB) 1

50. 1 Rwanda Natural Resources Authority

51. National Commission for the Fight Against Genocide

(CNLG)

1

52. RCA 1

53. Rwanda Transport Agency 1


85 | P a g e

54. OMBUDSMAN’office 1

55. Rwanda Housing Authority (RHA) 1

56. NSS - Immigration/Emigration 1

57. CDF 2

58. Kicukiro Integrated Polytechnic 1

59. UMUTARA Polytechnic 1

60. REMA 1

61. Support Project to the Strategic Plan for the Transformation

of Agriculture in Rwanda (PAPSTA)

1

62. PMU-Global Fund/WB 6

63. RRA 10

64. NUR 8

65. SSFR 10

66. EWSA 5

67. ORINFOR 2

68. Gender Monitoring Office 1

69. Institute of National Museums of Rwanda ( INRMR) 1

70. 1 Public Service Commission

71. Workforce Development Authority (WDA) 1

72. RSSP&LWH 1

73. Special Guarantee fund 1

TOTAL 140

LOCAL GOVERNMENT

#

Province/ District No. of internal Auditors per entity

1. GATSIBO 1

2. RWAMAGANA 2

3. KAYONZA 2

4. NGOMA 2

5. NYAGATARE 2


86 | P a g e

6. KIREHE 2

7. BUGESERA 2

8. EASTERN PROVINCE 1

9. NORTHERN PROVINCE 1

10. GAKENKE 2

11. RULINDO 2

12. MUSANZE 2

13. GICUMBI 2

14. BURERA 2

15. WESTERN PROVINCE 1

16. NGORORERO 2

17. RUTSIRO 2

18. NYABIHU 2

19. RUBAVU 2

20. KARONGI 2

21. RUSIZI 2

22. NYAMASHEKE 2

23. GASABO 3

24. NYARUGENGE 2

25. KICUKIRO 2

26. KIGALI CITY COUNCIL 1

27. SOUTHERN PROVINCE 1

28. KAMONYI 2

29. MUHANGA 2

30. RUHANGO 2

31. NYANZA 2

32. HUYE 2

33. GISAGARA 2

34. NYARUGURU 2

35. NYAMAGABE 2

TOTAL 65


87 | P a g e

Annex 9: Internal Audit Training Needs Assessment

Course Days Frequency Last

held

No.

trained

Balance 2013/

2014

2014/

2015

2015/

2016

2016/

2017

2017/

2018

1. Standards and procedures

courses

a) Implementation of IPPF 4 2 yrs

b) Internal audit manual 5 Annual 2011

c) Report writing 3 2 yrs

d) Developing audit programs 3 2 yrs

e) Teammate 5 2 yrs 2011

f) Interpersonal skills

g) Audit committee effectiveness 3 2 yrs

h) IDEA 3 2 yrs 2011

i) IPSAS

j) Risk based auditing 4 2 yrs 2010

k) IFMIS 5 2 yrs 2011

2. Graduated level training

courses

a) Beginner auditors 10 Annual 2011

b) Internal auditor in charge

training

5 2 yrs

c) Internal audit managers

training

d) CAE Development program 5 2 yrs

3. Audit missions courses

a) IT general controls auditing 4 2 yrs 2010

b) Fraud and investigations 4 2 yrs 2010

c) Performance auditing 4 2 yrs 2010

d) Financial audits 4 2 yrs 2010

e) Compliance audit

f) System (operational) auditing 3

g) Audit of Capital projects 4 2 yrs

h) Procurement audit 2 yrs 2010


88 | P a g e


held

No.

trained

Balance 2013/

2014

2014/

2015

2015/

2016

2016/

2017

2017/

2018

i) Contract auditing

j) Control self assessment

k) Auditing performance

information

l) Payroll audit 3 2 yrs 2010

4. IT Specialised Courses

a) Introduction to IT audits

b) Process Audit

c) System implementation audit

d) Business continuity

management

e) Auditing databases

f) Auditing operating systems

g) IT Governance

h) IT security

5. Audit committees training

a) Audit committee induction 2 3 yrs 2011

b) Annual audit committee

workshop

2 Annual

6. Internal audit technical skills

courses

a) Evaluation of governance

frameworks

4 3 yrs

b) Facilitation skills for trainers 4 3 yrs

c) Evaluating risk management

frameworks

4 3 yrs

d) Consulting skills for auditors

e) Internal quality assurance

review

f) External quality assurance

review

4 3 yrs

7. Conferences

a) Government auditors annual

conference

3 Annual

b) Local government workshop 2 Annual

c) Central government workshop 2 Annual


89 | P a g e


held

No.

trained

Balance 2013/

2014

2014/

2015

2015/

2016

2016/

2017

2017/

2018

d) Professional associations 2 Annual

8. Leadership training

a) Secondment to other countries 5 2 yrs

b) CAE executive programme

c) Advanced internal audit degree

9. Professional certifications

a) ACCA

b) CIA

c) CFE,

d) CISA

e) CMRA

f) CGAP

g) Diploma in public sector

internal auditing

Documents

OCIA 2013-2018 Strategic Plan - MINECOFIN · Situation Analysis ... OCIA 2013-2018 Strategic Plan 1 | Page ... Human Resources and Leadership • Internal audit competency framework