Spanish French German Russian Japanese Arabic Home About This Site Contact Us Site Map Search
CGIAR: Consultative Group on International Agricultural Research
Nourishing the Future through Scientific Excellence
Members
Chair
Director
Science Council
Research Centers
Partners
History
Structure &
Governance
Consultative
Group
Executive
Council
Science Council
Committees
System Office
Centers
System Office Units: | Central Advisory Service on Intellectual Property | CGIAR Secretariat |
| Chief Information Officer | Alliance Office | Gender & Diversity Program |
| Science Council Secretariat | Internal Audit | Human Resources Unit | Media Unit |
Internal Audit Links: | Who we Are | What we Do | How we Work | News Archive | RESTRICTED AREA |

 

Feature Article:  CGIAR Internal Auditors and Information Technology Professionals See Eye to Eye!

Often the relationship between auditors and auditees is caricatured as adversarial.  You may have heard the joke that the second biggest lie told on the planet is when internal auditors turn up to a client and say “Hi we are the auditors and we are here to help you.”, and that the biggest lie is the response: “Great, we are so happy to see you!”

Auditors aren’t paid to be loved.  But we are paid to be effective.  And the philosophy of the CGIAR  Internal Audit

CGIAR Chief Information Officer, Enrica Porcari and CGIAR IAU Director, John Fitzsimon, hold hard copies of newly published Good Practice Guides on Information and Communication Technology topics.

Unit is that we will be most effective as internal auditors when our auditees trust us and can work with us effectively in order to promote improvements for the good of their Center and for the CGIAR System as a whole. One way of reaching this desired state is for us to work together with auditees on the benchmarks for evaluating practices in their areas.  Achieving this collaborative relationship is not always easy, and we have to balance this with keeping our independence and professional skepticism, but it is one of the most enjoyable aspects of our work.

We have benefited from a long history of working together with the CGIAR Chief Information Officer and with Center information and communication technology (ICT) professionals, who have welcomed our presence as part of the CGIAR ICT community of practice.  As well as working with ICT staff on particular audits in their Centers, and participating in the annual meetings of the ICT managers where risk and control aspects are discussed, the CGIAR IAU has had a long engagement with the CGIAR Enterprise Security and Business Continuity Project.  An important product of this project, after a lengthy consultative process involving ICT staff, external consultants and internal auditors, is a recently completed series of Good Practice Guides on topics relating to ICT security and usage, to which all parties have subscribed.  

The initial sets of topics were voted by the Center IT Managers as being of highest priority.  The guides that have now been co-published by the CGIAR IAU and the CGIAR ICT-KM Program provide a set of “do’s and don’ts” on such topics as how to make good use of limited connectivity, how to keep Center networks secure, and how to avoid spam and usage practices that degrade the performance of systems.    They can also serve as benchmarks for Centers and their internal auditors, to see where the Center stands in terms of good and better practices, to put in context audit recommendations and ICT Unit proposals for further investments in ICT security and continuity. 

In recognition that every Center’s environment is different, the documents are deliberately prepared as guides.  Judgment will still be required, by Center ICT managers and staff and by internal auditors, as to what is applicable and feasible in the case of each Center, when evaluating that Center against the benchmarks.

The Guides were recently endorsed at the 2009 CGIAR ICT Managers’ Meeting in Cali, Colombia, and topics for further guides to be developed in future were agreed.  The published Guides are global public goods, available freely to CGIAR partners as well as internally, under a Creative Commons license.  To access them, click on the links below:

A meeting of minds doesn’t always produce a love-fest between auditors and their clients, but it makes sure our engagements are as professional and productive as possible for everyone.   We hope this will be the case as a result of working together closely with our ICT colleagues on these Good Practice Guides.

Internal auditing is:
"…an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

Standards for the Professional Practice of Internal Auditing
Institute of Internal Auditors, Inc.

The principle business objectives of the CGIAR Internal Auditing Unit are:

 

Click here to read past featured articles. They include:

  • Internal Auditors Meet in Mexico
  • Thinking about the use, adoption or influence of internal audit work
  • How to Disagree with Auditors
  • Implementing Whistleblowing Systems
  • Auditors, Genebanks and Crop Databases
  • From Afghanistan to Zimbabwe: Audits of the CGIAR Center Regional Offices
  • CGIAR Internal Auditors Meet in Nairobi
  • The Good, The Bad and The Ugly: Audit as a Tool for Institutional Learning and Change
  • Risk Management Initiative Underway
  • New Internal Audit Web Pages Launched