CGIAR Archives – CGIAR – System Office Annual Report – [www-cgiar-org-soar-2004-2004

This page contains archived content which could be out of date or no longer accurate. Click the logo above to return to the home page.



	Central Advisory Service on Intellectual Property
	CGIAR Secretariat
	Chief Information Officer
	Future Harvest Allliance Office
	Gender and Diversity Program
	Internal Auditing Unit
	Science Council Secretariat
	Strategic Advisory Service on Human Resources



	Stategic Planning and Development
	Monitoring and Evaluation
	Public Awareness and Resource Mobilization
	Management Services
	Financial Summary

Internal Audit Unit

The three key accomplishments of the IAU in 2004 involved risk management, good practice notes, and an external quality assurance review.

Risk Management

The IAU continued working with client centers in 2004 to develop their risk management systems. This effort remains a major IAU activity. A Good Practice Note on centerwide risk management was updated twice in 2004 (and posted on the IAU website) to incorporate experience during the year. Center boards have begun considering policies on risk management, internal control, and annual board statements. Some boards approved such policies during 2004, whereas others will approve them in 2005. All client centers have begun to conduct centerwide risk analysis, using formats and methodology developed with IAU assistance, to support the preparation of board statements.

IAU's work in 2004 focused on high-level centerwide risk analysis. Work also began on developing guides for risk inventories and analysis for particular aspects of center operations, to be used "bottom-up" analysis to supplement the center-level analysis. The first guide was on risks related to management of center genetic resource collections. It was piloted in two centers and was circulated to all centers in early 2005. The next set of guides, also to be circulated in 2005, will include guides developed jointly with other SO units.

Good Practice Notes

Good Practice Notes are the way in which IAU shares lessons and good practices from its audits and research on external benchmarks across the CGIAR centers. During 2004, four notes were issued as exposure drafts, and one note issued in 2003 was updated twice on the basis of comments received from centers. The current versions of all notes are posted on the IAU website within the www.cgiar.org domain. This year, the focus was on centerwide governance topics:

Centerwide Risk Management: January and August 2004 (updates; see above)
Business Continuity Management: August 2004
Documenting Board-Center Reporting Relationships and Delegations of Authority: August 2004 (updated February 2005)
Audit Committee Charters: August 2004 (updated February 2005)
Internal Audit Charters: August 2004 (updated February 2005).

Drafting of several Good Practice Notes commenced, to be completed and circulated in 2005. A note on human resources management was drafted and circulated to SAS-HR, G&D, and two center HR managers for initial review before being issued as an exposure draft in 2005.

External Quality Assurance Review of the IAU

Leading up to the fifth anniversary of the IAU, an external quality assurance review of the unit was conducted by a team comprising a representative of the Institute of Internal Auditors (the worldwide professional body) and the World Bank Internal Auditing Department.

The review measured the IAU's performance against the International Standards for the Professional Practice of Internal Auditing. These standards comprise attribute standards (characteristics such as authority, independence, objectivity and quality assurance), performance standards (processes for planning, undertaking, reporting, and managing audit coverage), and a code of ethics. The review concluded that the CGIAR IAU generally conforms to the attribute standards and the code of ethics and partially conforms to the performance standards. The review noted that with the expansion of the unit's client base from 10 to 13 centers in 2005, the IAU would be unlikely to be able to either attain general conformance with the performance standards or remain sustainable . In response, the IAU prepared a new business plan for the 2005-2007 triennium that provides for additional staffing of the unit as well as other measures to address the review recommendations.

Collaboration with Other SO Units

During 2004, the IAU undertook a joint advisory review with the CIO and CAS-IP of GPG database upgrade project. This was the second such review, and it was in response to the donor's request that centers draw on SO components to help them self-monitor this project. An additional two reviews were planned for 2005.

The IAU also began a series of joint Good Practice Notes and risk management guides with SO units. A note on human resources management was drafted in 2004 and is under review by SAS-HR and G&D. The IAU Good Practice Note on business continuity management, which has a major ICT component, also underwent CIO review prior to its release in 2004 as an exposure draft.

IAU staff also participated in ICT-KM Program activities. This included participation in an M&E workshop for the program, a launch workshop for the CGIAR Data Resilience Project, and the annual ICT Managers Meeting.