Quality Assurance And Improvement Programme Guideline For Internal .
Quality Assurance andImprovement ProgrammeGuideline for Internal AuditServices of RGoBMinistry of FinanceDecember 2019
Quality Assurance and ImprovementProgramme Guideline for Internal AuditServices of RGoBMinistry of FinanceDecember 2019
QualityAssurance andImprovementGuidelinefor RGoBAuditInternalAuditofServiceQuality Assuranceand ImprovementProgrammeGuidelinefor InternalServicesRGoB ͳ ʹͲʹͲ ͳ ʹͲʹͲ ሺ ሻ ǡ ሺ ሻ ሺ ሻ ǡ ሺ ǡ ሻ ǡ ǡ ǡ Ǥ Ǥ Ǥ Ǥ Ƭ Ǧ “Public Ƭ Ǧ “Public ሺ Ǧ ሻ Ǥ ሺ Ǧ ሻ Ǥ Ǥ Ǥ he hestakeholders’ ǡ ǡ stakeholders’ Ǥ ǡ Ǥ ǡ ǡ ǡ ǡ ǡ Ǥ Ǥ (IIA)International s’ s’(IIA)International ሺ ሻǤ ሺ ሻǤ ǡ ǡ ǡ ǡ ǡ ǡ Ǥ Ǥ Ǥ Ǥ Ǩ Ǩ Post Box No 117. Tel # PABX: 00975-2- 322271/322285/322223/322514/327763. Fax: 323154. www.mof.gov.btPost Box No 117. Tel # PABX: 00975-2- 322271/322285/322223/322514/327763. Fax: 323154. ance,DecemberDecember20192019@CCA,PageiiPage
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBTable of ContentsPreface. vAbbreviations.viiChapter 1: About the guideline. 11.1. Background.21.2. Quality in Internal Audit.31.3. Requirements and Characteristics of QAIP.4Chapter 2: Establishment of Quality Assurance and Improvement Programme. 72.1. Considerations in Developing a QAIP.82.2. Responsibility of QAIP.92.3. Objective of the QAIP.92.4. QAIP Framework. 102.5. Some International Best Practices on QAIP. 102.6. International Standards on QAIP. 132.7. Components of QAIP. 14Chapter 3: Internal Assessment.173.1. Implementation of Internal Assessment. 183.2. Benefits of Internal Assessment. 183.3. Ongoing Monitoring . 193.4. Periodic Self-Assessment. 223.5. Considerations for Demonstrating Conformance. 27Chapter 4: External Assessment.294.1. External Assessment. 304.2. Implementation of External Assessment. 314.3. Full External Assessment. 324.4. Self-Assessment with Independent Validation. 38Chapter 5: Reporting and Follow-up of QAIP.435.1. Overview of QAIP reporting . 455.2. Activities of Quality Assurance and Improvement Programme ReportingTimelines. 455.3. Consideration for reporting QAIP. 465.4. Periodic Internal Assessment Report Contents. 495.5. External Assessment Report Contents. 495.6. Review of the QAIP. 50Chapter 6: Measuring Internal Audit Effectiveness and Efficiency.516.1. Internal Audit Stakeholders. 526.2. Measuring Internal Audit Effectiveness and Efficiency. 536.3. Performance Measures / Key Performance Indicators. 536.4. Characteristics of Performance Measures: Quantitative vs. Qualitative. 536.5. Types of Performance Measures. 546.6. Monitoring and Reporting of Internal Audit Effectiveness and Efficiency.596.7. Internal Audit Capability Model (IA-CM) . 60@CCA, Ministry of Finance, December 2019Page iii
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBChapter 7: Measuring Internal Audit Effectiveness and Efficiency.63Appendix 1: QAIP Components. 64Appendix 2: Checklist on Ongoing Monitoring. 66Appendix 3: Example of Stakeholder Survey sent after Internal Audit is completed. 70Appendix 4: Checklist on Periodic Self-Assessment. 72Appendix 5: Self-Assessment QAIP Report. 78Appendix 6: Full External Assessment Reporting Template. 79Appendix 7: Self-Assessment with Independent Validation QAIP Report. 84Appendix 8: Examples of Internal Audit Effectiveness and Efficiency Metrics. 86Appendix 9: Example of Reporting Internal Audit Effectiveness and Efficiency Dashboard. 88Appendix 10: Guidance on Internal Audit Self-Assessment Methodology. 89Appendix 11: Internal Audit Capability Model Matrix. 91Appendix 12: Internal Audit Capability Model Levels. 93Appendix 13: Internal Audit Maturity Assessment. 95Appendix 14: Standard Conformance Evaluation Summary (Table) Template. 100Appendix 15: Standard Conformance Evaluation Summary Template. 101Appendix 16: Standard Rating Criteria. 103Appendix 17: Checklist on External Quality Assessment. 104Reference Material. 153Page iv@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBPrefaceThe RGoB has recognised the strengthening of quality assurance system of the public sectorinternal audit activity as a priority area. It also specified development of quality assuranceguidelines as a part of “Strengthening the Effectiveness and Capacity of Internal Audit inthe Royal Government of Bhutan”. The project is supported by Multi Donor Grant Funds “Public Financial Management Multi Donor Fund (PFM-MDF) and administered by WorldBank.A critical asset for an internal audit activity is its credibility with stakeholders. As acoordinating agency for Internal Audit Service under the RGoB, the Central CoordinatingAgency under Ministry of Finance must develop and maintain a Quality Assurance andImprovement Programme that covers all aspects of the internal audit activity. Chief InternalAuditor of CCA needs assurance that their internal audit activity and each internal auditorconforms to all mandatory elements of the IIA’s International Professional PracticesFramework (IPPF), and they need to demonstrate this conformance to their stakeholders.The only way to meet these expectations is with a comprehensive QAIP that comprises ofconducting internal assessment for internal audit units under the RGoB including ongoingmonitoring of performance, periodic internal assessments, along with external assessmentconducted in IAUs every five years by a qualified and independent assessor/team fromoutside the organization.The QAIP guideline is developed based on IIA’s International Professional PracticesFramework (IPPF). It explains various components of QAIP such as Internal Assessment,External Assessment, Performance Monitoring of Internal Auditors, etc and how to applythese components without compromising conformance with the Standards. Particularly, itpresents and discusses the 1300 series of the Standards that deal specifically with qualityassurance.@CCA, Ministry of Finance, December 2019Page v
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBThe guideline comprises 7 chapters which set out the entire requirement of implementingthe effective Quality Assurance and Improvement Programme. It includes templates, a setof forms, practical examples and checklists. The structure of the Quality Assurance andImprovement Programme guideline is as follows: This guideline will fulfil the objectives and demonstrates the commitment of RGoB toimprove the Internal Audit services in the country. The RGoB hopes that users will findit valuable for establishing and / or improving the quality assurance and improvementprogramme for internal auditing in the public sector.This guideline will bring out a uniform procedure for quality assurance in the Internal Auditwhich will help in achieving the objectives of Internal Audit. Users of this guideline areexpected to have a comprehensive understanding of the International standards on InternalAudit and guidelines, policies & procedures, regulations and rules as issued by the InternalAudit Services of RGoB.The guideline is designed to be flexible and unrestrictive. The Internal Auditors areencouraged to exercise professional judgment where they face any difficulty in understandingor complying with the guideline, and then seek appropriate clarifications or assistance fromCCA.The Central Coordinating Agency for Internal Audit Services is expected to keep updatingthis guideline regularly and incorporate any suggestions or modify the contents of theguideline as and when required.Page vi@CCA, Ministry of Finance, December 2019
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of AARGoBFull FormAnti-Corruption CommissionAudit Management SystemAudit CommitteeBhutan Government Internal Audit StandardComputer Assisted Audit TechniquesCentral Coordinating AgencyController General of IndiaChief Internal AuditorCommission on AuditContinuing Professional EducationControl Self-AssessmentDepartment of Budget and ManagementDoes not ConformDepartment SecretaryEuropean UnionGuides to the Assessment of IT RiskGoverning BoardGenerally ConformsGood GovernanceGlobal Technology Audit GuidesHead of AgencyHead of Internal AuditInternal Audit / Internal AuditorInternal Audit Capability ModelInternal Audit ServiceInternal Audit UnitInternal Audit WingInstitute of Internal AuditorInternational Professional Practices FrameworkInternational Standards for the Professional Practice of Internal AuditingInformation TechnologyKey Performance IndicatorMinistry of FinanceNational Internal Control FrameworkPartially ConformsQuality Assurance and Improvement ProgrammeRoyal Audit AuthorityRoyal Government of Bhutan@CCA, Ministry of Finance, December 2019Page vii
CHAPTER 1Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBPage viii@CCA, Ministry of Finance, December 2019
1About theguideline@CCA, Ministry of Finance, December 2019Page 1CHAPTER 1Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CHAPTER 1Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBChapter 1: About the guideline1.1BackgroundThe Internal Audit Service was first instituted in the Royal Government of Bhutan withseventeen internal auditors spread across seven ministries in the year 2000 ensuing theGood Governance initiatives undertaken by the Government. The IA service was furtherreinforced and the 86th session of National Assembly, June 2007, passed a resolution to haveinternal auditors in all Dzongkhags. The Public Finance Act came into force in the year 2007.With the enactment of the Public Finance Act 2007, the responsibility of administering theInternal Audit service was vested to the Ministry of Finance. Accordingly, MoF establishedthe Central Coordinating Agency (CCA) in the year 2010.The Ministry of Finance in keeping with the principle of transparency, accountability,efficiency and professionalism enunciated in the GG Plus (2005), published the NationalInternal Control Framework (NICF) in December 2013. As part of paradigm shift in theinternal audit approach based on the NICF document, theme-based audit approach was alsoinitiated from the fiscal year 2015-16. In order to ensure that the internal audit servicesare provided in a professional manner and in accordance with best international practices,the Ministry of Finance adopted the International Professional Practices Framework (IPPF),issued by the Institute of Internal Auditors to regulate the work of the IAS. Accordingly, theyissued Internal Audit guidelines and Standards in line with the IPPF framework.The expansion of scope and reach of internal auditing requires that Internal Auditorsdemonstrate high level of credibility to the stakeholders. The Chief Internal Auditor (CIA)needs assurance that their internal audit activity and each member of their staff conformsto all mandatory elements of the IPPF, and they need to demonstrate this conformance totheir stakeholders. Further, the IPPF was recently updated in the year 2017 and it statesthat evaluating risk management and governance processes is much more challengingand meaningful than control alone. It requires internal audit to operate at a higher, morestrategic level. To operate at this level, internal auditors need a higher level of credibilitywith their stakeholders.The requirements and characteristics of quality in an internal audit activity are defined bythe IPPF, which includes mandatory and recommended guidance, all provided within thecontext of the Mission of Internal Audit as defined in the IPPF. Further, the Internal AuditingStandards and the Manual of RGoB require the implementation of a Quality Assurance andImprovement Programme (QAIP) to ensure conformance with the Definition of InternalAudit, the Code of Ethics for Internal Auditors and the Auditing Standards. The only wayto meet these is with a comprehensive quality assurance and improvement programme(QAIP) that includes ongoing monitoring of performance, periodic internal assessments,external assessments conducted by a qualified, independent assessor or assessment teamfrom outside the organization, and communication of the results.Page 2@CCA, Ministry of Finance, December 2019
1.2Quality in Internal AuditQuality in internal audit is guided by both an obligation to meet stakeholder expectationsas well as professional responsibilities inherent in conforming to the Standards. Qualityin internal audit begins with the structure and organization of the audit activity. The QAIPshould measure whether internal audit is meeting its own objectives, as well as those of thebroader organization.Internal Auditing Standards 1300 through 1312 on Internal Audit issued by IIA specificallyrequire the Chief Internal Auditor to develop a QAIP, incorporating both internal (self)assessments and external assessments. However, beyond these specific standards, internalaudit as a profession should maintain a formal and structured approach to quality. Thisincludes operating with proficiency and due professional care, undertaking continuingprofessional development, and conforming to a set of recognized standards.Under the QAIP, an internal audit activity need not assess whether each individualengagement conforms to the Standards or not. Rather, engagements should be undertakenin accordance with an established methodology that promotes quality and, by default,conformance with the Standards.Building an effective QAIP is similar to establishing a total quality managementprogramme where products and services are analyzed to verify that they meet stakeholderexpectations, operations are evaluated to determine their efficiency and effectiveness,and practices are assessed to confirm their conformance to the standards. Maintainingan effective QAIP also requires leaders who are responsible for setting the proper tone insupport of quality and continuous improvement.The internal audit activity should consider all mandatory and recommended guidanceelements of the IPPF to ensure that: It is understood that through conformance with the Standards and the Code ofEthics, the internal audit activity also achieves alignment with other mandatoryelements of the IPPF. Stakeholder satisfaction defined by expected and preferred internal auditdeliverables that produce value for the organization. Operational effectiveness achieved by building quality “into” internal auditprocesses. Preventing mistakes is generally less costly than correcting mistakes. Continuous improvement of internal audit activities accomplished through qualityinitiatives identified during the quality assessment process. Management commitment to provide resources and tools necessary for a QAIP tosucceed. Participation is expected by all members of the internal audit activity.Key Tips:For the internal audit profession, it is important to ensure that internal audit activitiesmaintain the highest possible standards of service delivery to the organizations theysupport. The IIA established the IPPF to guide the internal audit profession, and themandatory elements of the IPPF—supported by recommended guidance—are thefoundation for developing an internal audit activity’s QAIP.@CCA, Ministry of Finance, December 2019Page 3CHAPTER 1Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
CHAPTER 1Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB1.3Requirements and Characteristics of QAIPThe requirements and characteristics of quality in an internal audit activity are defined bythe IPPF, which consists of mandatory and recommended guidance, all provided within thecontext of the Mission of Internal Audit as defined in the IPPF. The Ministry of Finance hasdeveloped and issued Bhutan Government Internal Audit Standards contextualizing bothAttributes and Performance Standards to the local requirements without undermining theintegrity of the mandatory elements of the International Professional Practices Framework(IPPF).Figure 1: IIA, International Professional Practices Framework1.3.1Mandatory GuidanceMandatory guidance is considered essential for the professional practice of internalauditing. It consists of four elements: Core Principles: The Core Principles for the Professional Practice of InternalAuditing are the foundation of the IPPF and support internal audit effectiveness. Definition of Internal Auditing: The Internal Audit in Bhutan adopted thedefinition of Internal Audit as issued by IIA and accordingly developed theirguidelines and policies. “Internal auditing is an independent, objective assurance andconsulting activity designed to add value and improve an organization’s operations. Ithelps an organization accomplish its objectives by bringing a systematic, disciplinedapproach to evaluate and improve the effectiveness of risk management, control, andgovernance processes.” Code of Ethics: The Principles and Rules of Conduct of the Code of Ethics defineethical behavior for a professional internal auditor. The Internal Audit Charter andInternal Audit Code of Ethics issued by the Ministry of Finance are in line with theIPPF framework.Page 4@CCA, Ministry of Finance, December 2019
Standards: The Standards are the central criteria that define the attributesand characteristics of performance for an internal audit activity, including therequirements for a QAIP. The Ministry of Finance has issued Bhutan GovernmentInternal Audit Standards contextualizing both Attributes and PerformanceStandards to the local requirements without undermining the integrity of themandatory elements of the International Professional Practices Framework (IPPF).The objectives of the BGIAS are to: Establish a framework for providing internal audit service under the RoyalGovernment of Bhutan. Establish basis for evaluation of internal audit performance.1.3.2Recommended GuidanceRecommended guidance describes practices for the effective implementation of the CorePrinciples, the Definition of Internal Audit, the Code of Ethics, and the Standards. It helpsinternal auditors to understand and apply the Standards, may provide insights into goingbeyond conformance to a higher level of value addition or may help in addressing issues ofconcern not related to a specific standard. It consists of two elements: Implementation Guidance: Implementation Guides exist for each standard. Theyare intended to provide guidance to internal audit practitioners with regard toconformance with the Standards. Supplemental Guidance: Supplemental guidance provides detailed guidance forconducting internal audit activities. Supplemental guidance includes topical areas,sector-specific issues, as well as processes and procedures, tools and techniques,programs, step-by-step approaches, and examples of deliverables. Examples ofsupplemental guidance currently include Practice Guides, Global Technology AuditGuides (GTAGs), and Guides to the Assessment of IT Risk (GAIT).@CCA, Ministry of Finance, December 2019Page 5CHAPTER 1Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBCHAPTER 2Page 6@CCA, Ministry of Finance, December 2019
CHAPTER 2Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoB2Establishmentof QualityAssurance andImprovementProgramme@CCA, Ministry of Finance, December 2019Page 7
Quality Assurance and Improvement Programme Guideline for Internal Audit Services of RGoBCHAPTER 2Chapter 2: Establishment of QualityAssurance and Improvement ProgrammeISPPIA 1300 - Quality Assurance and Improvement ProgrammeThe chief audit executive must develop and maintain a quality assurance and improvementprogramme that covers all aspects of the internal audit activity.Interpretation:A quality assurance and improvement programme is designed to enable an evaluation ofthe internal audit activity’s conformance with the Standards and an evaluation of whetherinternal auditors apply the Code of Ethics. The programme also assesses the efficiency andeffectiveness of the internal audit activity and identifies opportunities for improvement.The chief audit executive should encourage board oversight in the quality assurance andimprovement programme.ISPPIA 1310 - Requirements of the Quality Assurance and Improvement ProgrammeThe quality assurance and improvement programme must include both internal andexternal assessments.The QAIP should encompass all aspects of operating and managing the internal auditactivity—including consulting engagements—as found in the mandatory elements of theIPPF. Through conformance with the Standards and the Code of Ethics, the internal auditactivity also achieves alignment with the Definition of Internal Audit and the Core Principles.The CIA must develop and maintain QAIP that covers all aspects of the internal audit activity.Elements of QAIP includes: A scope that includes all aspect of the IA activity, An evaluation of conformance with Standards & Code of Ethics, An assessment of the efficiency and effectiveness of Internal Audit activity, The identification of opportunities for continuous improvement. Involvement by the senior management (in case of Bhutan - Secretary of Finance) inoversight of QAIP.2.1Considerations in Developing a QAIPThere are numerous ways to develop a QAIP, and the design should be appropriate to thesize, structure, and nature of the internal audit activity. A keyaspect to developing a QAIP is to determine: The role of internal audit management and staff in thequality process. The activities that are covered through ongoingmonitoring, periodic self-assessment, or externalassessments. The frequency of self-assessments an
GTAG Global Technology Audit Guides HoA Head of Agency HoIA Head of Internal Audit IA Internal Audit / Internal Auditor IA-CM Internal Audit Capability Model IAS Internal Audit Service . Audit, the Code of Ethics for Internal Auditors and the Auditing Standards. The only way
Quality Assurance and Improvement Framework Guidance 2 Contents Section 1: Quality Assurance and Improvement Framework 1.1 Overview 1.1.1 Quality Assurance (QA) 1.1.2 Quality Improvement (QI) 1.1.3 Access 1.2 Funding Section 2: Quality Assurance 2.1 General information on indicators 2.1.1 Disease registers 2.1.2 Verification
critical issues the University has established a Quality Assurance Directorate, which is mandated to develop a Quality Assurance Framework and a Quality Assurance Policy. The Quality Assurance Framework would clearly spell out the Principles, Guidelines and Procedures for implementing institutional quality assurance processes.
Quality Assurance and Quality Improvement Plan I. Purpose The Quality Assurance and Improvement Plan (QA/QI Plan) is a guide designed to assess, enhance, . The steps include: F ind a process to improve O rganize an effort to work on improvement C l
2 Contents Page The Song Tree Introduction 3-7 Programme 1 Fly, golden eagle 8 Programme 2 Magic hummingbird 9 Programme 3 It’s hard to believe 10 Programme 4 Another ear of corn 11 Programme 5 The door to a secret world 12 Programme 6 Song of the kivas 13 Programme 7 Mighty Muy’ingwa 14 Programme 8 Heavenly rain 15 Programme 9 Rehearsal 16 Programme 10 Performance 17
Example 1. Extract from a quality assurance programme description 28 Example 2. Conduct of quality assurance department audits 29 Example 3. Scheduling of quality assurance department audit activities 37 Example 4. Internal audit schedule 44 Example 5. Audit project reminder check-list 45
2 Contents Page Music Workshop Introduction 3 Programme 1 Loki the Joker 7 Programme 2 Odin, Mighty World-Creator 8 Programme 3 Goblins a Go-Go! 9 Programme 4 Sing us a Saga 10 Programme 5 Thor on a journey 11 Programme 6 Apples of Iduna 12 Programme 7 Birds of the North 13 Programme 8 Rehearsal and Performance (1) 14 Programme 9 Rehearsal and Performance (2) 15 .
This quality assurance manual specifies the methods to prepare and submit Quality Assurance Process Design Diagram for products and parts to be supplied to NSK by suppliers. 2. Purpose Each supplier should prepare quality assurance process design diagram clearly showing the quality assurance methods used in each products and parts production .
Quality Assurance Representative. The Site Manager will appoint a member of the Project Office to control all Quality Assurance issues including - Assisting the Site Manager to co-ordinate and develop the Quality Assurance Plan. Advise Engineers, General Foremen, Foremen and Chargehands in all matters of Quality Assurance.
