Oversight and
Assurance

Aligned with the One CGIAR transition in 2022, the CGIAR System Internal Audit Function (Internal Audit) has continued to strengthen a business-partnering approach. This approach emphasizes collaboration, communication, and assurance aligned with CGIAR strategic objectives and operations.

Specifically:

1. Strategic alignment: Internal audit has closely aligned its activities with the strategic initiatives of One CGIAR. By understanding and supporting the organization’s goals, Internal Audit has positioned itself as a valuable contributor to the transformation process.
2. Strategic initiatives and advisory support: Internal Audit has expanded its role beyond traditional audit activities by providing advisory services and engaging with strategic initiatives, such as the Internal Rules Framework.
3. Alignment with AFRC and senior management expectations: Internal auditors have built relationships with key stakeholders, such as the Audit, Finance and Risk Committee (AFRC) focal points and management teams. Regular meetings have been established to foster open communication, gain insights, and address any concerns or issues.
4. Integrated resource model: The Internal Audit community is working towards an increasingly integrated and harmonized internal audit model. Resources were shared for several CGIAR-wide engagements, and the objective is to further build on this initiative.
5. Impactful communications: Recognizing the importance of effective communication, Internal Audit has simplified its audit conclusions and made its assessments more rigorous. By using clear and user-friendly ratings, audit findings are communicated in a manner that is easily understandable and actionable for stakeholders.
6. Collaborating with other functions: Internal Audit has actively collaborated with other functions within the organization to strengthen the level of assurance it delivers. This includes partnering with the Risk Management Function to conduct funding risk assessments, providing input into policies developed by the Ethics and Business Conduct team, collaborating with other stakeholders on Environmental, Social and Governance (ESG) requirements, and working closely with the Independent Evaluation and Advisory Service on an advisory engagement on the One CGIAR Performance and Result Management System (PRMS).

In 2023, the CGIAR System Internal Audit Function will continue its journey, including through plans to define a new vision and operating model to support the ambitions set by One CGIAR, and to unlock the combined capabilities of the internal audit community to achieve greater impact.

Delivery in 2022

In 2022, the Audit plan consisted of 46 engagements, of which 33.5 were delivered, five were cancelled as requested by management, and 8.5 were carried forward to 2023.

Two types of engagements were conducted by Internal Audit in CGIAR:

1. Cross-CGIAR engagements: These types of engagements involved Internal Audit assurance or advisory activities that responded to CGIAR-wide risks. They encompassed multiple CGIAR Centers and were designed and delivered through close collaboration among the CGIAR Internal Audit teams.

In 2022, the main focus of cross-CGIAR engagements was on:

• Review of oversight processes for regional/country office operations contributing to, or strengthening, second-line monitoring activities.
• Review of cost-recovery methodologies applied by CGIAR Centers, offering recommendations for improvements to manage Center financial positions.
• Review of IT and financial key controls, to baseline basic first-line assurance.
• Funding risk assessment in collaboration with the Risk Management community to identify and help manage key drivers of funding risks.
• PRMS study in close collaboration with the IEAS to provide real-time advice and input as the PRMS project evolved.

1. Center-specific engagements: These types of engagements focused on Internal Audit assurance or advisory activities that responded to risks specific to individual Centers. The scope of these engagements was typically limited to the systems and processes of a particular Center.

In 2022, Center-specific engagements primarily revolved around three main areas:

• Project management
• Budget management
• Country operations

In total, seven investigations into misconduct were carried out by Internal Audit in response to specific requests from management in close collaboration with the CGIAR Office of Ethics and Business Conduct.

On a biannual basis, Internal Audit follow-ups are carried out on agreed management actions to indicate the progress of bridging identified gaps in governance, risk management, and internal control.

Resources

As of the end of 2022, the CGIAR System Internal Audit Function comprised 22 auditors, with a gender distribution of 13 males and 9 females (approximately 40% female). The auditors operated within seven teams across 11 countries.

The diverse composition of the team brings together a range of professional qualifications, including Certified Internal Auditor (CIA), Certification in Risk Management Assurance (CRMA), Certified Information Systems Auditor (CISA), and Certified Public Accountant (CPA).

At the end of 2022, there were seven job vacancies within the Internal Audit Function, presenting opportunities to further strengthen and expand the team. To enable delivery of engagements, the CGIAR Internal Audit Function is co-sourcing some of its activities.

A combination of diverse backgrounds, professional qualifications, and geographical presence ensures a comprehensive and well-rounded Internal Audit team within CGIAR. This diversity allows for a broader perspective in assessing risks, providing assurance, and delivering value to the organization. The CGIAR Internal Audit Function will continue to strengthen its digital skill set in 2023, becoming more digitally enabled.