In 2003, the Internal Audit Unit (IAU) continued to provide strategic leadership on internal auditing and internal audit service to a growing number of Centers participating in this initiative. Moreover, it served as a systemwide forum to learn and share best practices regarding internal auditing techniques, risk management, internal control and governance. The key achievements in 2003 include:

1. Risk Management
The CGIAR Internal Auditing Unit began working with client Centers in 2003 to develop their risk management systems. Spurred by recent spectacular governance failures in the private and public sectors, a number of CGIAR member countries have developed standards and codes on risk management, and for some public and private sector enterprises the implementation of systematic organization-wide risk management processes and public reporting on these by governing boards is now mandatory. The CGIAR Internal Auditing Unit believes that adopting a similar approach will aid Centers to avoid surprises, better manage risks and opportunities, and strengthen donor confidence in their overall governance - a key ingredient in any strategy to stem the erosion of unrestricted funding of the Centers.

A Good Practice Note on Center-wide Risk Management and a Discussion Paper on Board Statements on Risk Management have been prepared by the Unit after extensive research on standards, codes and practices in CGIAR member countries. These documents, as well as a summary presentation on Center-wide Risk Management, are available to staff of the CGIAR Centers, System Office and CGIAR partners on the IA website.

This work will continue in 2004, with a planned outcome being the adoption by client Center Boards of a risk management policy and a format for an annual Board statement on risk management (for the Center's annual report or equivalent).

2. Good Practice Notes
During 2003, 10 good practice notes and 1 discussion paper were issued or updated, and all are now posted in a newly launched IA website within the www.cgiar.org domain. These comprise:

• Project Activity Management
  
• Travel Processes
  
• Management of Information Technology Risks
  
• IT Business Continuity Planning
  
• IT User Security Awareness Seminars
  
• IT Risk Assessment
  
• IT Performance Indicators
  
• Regional/Country Office Business Objectives and Performance Indicators
  
• Project Costing
  
• Center-wide Risk Management (see above)
  
• Discussion Note on Center Indicators of Financial Health

3. CGIAR Internal Auditors' Professional Development Week
The CGIAR IA Professional Development Week, held at ICARDA in late September/early October 2003, comprised 4 days of professional interaction between CGIAR internal auditors, clients from various Centers, and guest presenters. Over 30 participants from across the CGIAR System attended. The objectives for the week were:

• To update knowledge of internal auditing, internal control, risk assessment, and corporate governance issues and techniques
  
• To provide an opportunity for face to face interaction among members of the CGIAR internal audit community and their supporters within the CGIAR system
  
• To jointly assess progress in implementing the CGIAR internal audit guidelines (FG3) and the IIA Professional Practices Framework
  
• To identify suggestions for changes to be made to FG3 in the light of experience and external developments in the internal and external auditing professions
  
• To share experience with using various audit tools and techniques to increase the value of internal audit work
  
• To discuss developments affecting the CGIAR System and Centers that are relevant to IA risk assessments and audit planning
  
• To identify where CGIAR internal auditors can collaborate more closely together and with other parts of the CGIAR system to improve the IA service to the Centers

Proceedings of the week, including consensus items and agreed next steps, are posted on the IA website.

IAU in collaboration with other SO units in 2003

During late 2003, the IA Unit worked with CIO and the CAS-IP to develop a joint advisory service for Centers implementing the Global Public Goods Asset Rehabilitation Project (genebank and database upgrades). This responds to the donor's request that Centers draw on SO components to help them self-monitor this project. This represents a pilot for future collaboration between these SO components, and was trialed in one Center at the end of 2003.