Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Professional Updates »
Open DEMAT Account in 24 hrs
 Board of Internal Audit and Management Accounting of ICAI is organizing Webinar on "Identifying Red Flags and Report Writing by Internal Auditors" - March 27,
 Revised Applicability of Peer Review Mandate (Phase II & III)
 Important Announcement - Reschedulement of Chartered Accountant Examinations, May 2024
  IMPORTANT ANNOUNCEMENT
 Extension of Last Date for Online Empanelment of Members to act as Observers for May/June 2024 Examinations up to 15th March 2024
 Empanelment of Members to act as Observers at the Examination Centres for the Chartered Accountants Examinations May/June 2024
 Guidance Note on Audit of Banks (2024 Edition)
 Issuance of SA 800 (Revised), SA 805 (Revised), SA 810 (Revised)
 Implementation Guide on Reporting on Audit Trail under Rule 11(g) of the Companies (Audit and Auditors) Rules, 2014 (Revised 2024 Edition) - (12-02-2024)
 Important Announcement for May-June 2024 CA Examinations
 Draft Bank Branch Auditors' Panel (MEF) for the year 2023-24

Digital Accounting and Assurance Board releases Digital Competency Maturity Model (DCMM) for Professional Accounting Firms - Version 1.0
December, 19th 2017
DIGITAL
COMPETENCY
MATURITY
MODEL
(DCMM)TM*
For Professional Accounting Firms
Version 1.0




Digital Accounting and Assurance Board
The Institute of Chartered Accountants of India

* Trade Mark has been applied under Trade Marks Act, 1999

                           ­1­
Digital Accounting and Assurance Board
The Institute of Chartered Accountants of India




                      ­2­
Contents
FOREWORD05

PREFACE06

I. Digital Accounting and Assurance Board of ICAI             07

II.Introduction                                               09

III. Digital Competency Maturity Model (DCMM)
     for Professional Accounting Firms ­ Version 1.0          11

    A. Level of Automation of the Firm's Internal Processes   11

    B. Availability of Qualified Resource Pool and
       Talent Development Relating to Digital Competencies    14

    C. Level of Automation relating to Audit Processes        16
       and Nature of Audit Services Being Rendered

IV. Firm Maturity Rating                                      18

V. DCMM Road map for moving up the
   next level of maturity                                     19

References20

Annexure ­ Scoring sheet for use by Firm                      21




                       ­3­
"Digital Competency Maturity Model
(DCMM) for Professional Accounting Firms
­ Version 1.0" has to be used ONLY for
self evaluation by accounting firms of their
digital competency maturity level and taking
steps to move up the maturity model.

The results of the self evaluation conducted
should NOT be published/ displayed in any
form/ manner, which may be deemed to be
violation of Code of Ethics of the Institute of
Chartered Accountants of India".




                      ­4­
FOREWORD
THE ACCOUNTANCY PROFESSION globally is largely Small and Medium Practitioner (SMP)
based, serving the whole Small and Medium Enterprises (SME) universe which constitutes a significant
part of any economy and in many cases also as niche firms serving large entities.  The same trend is
true in the Indian context also.  Challenges of financial resources apart these firms are to be supported
proactively with insights on the emerging trends in the emerging digital society and the consequent
impact on the accounting function. It is also important to take note of the huge effort of Government
on digitisation and the already visible changes in tax law compliance including the new transformational
legislation on Goods and Services Tax where every aspect of compliance and regulation is digital and
in other areas of financial services transactions, etc.

  At The Institute of Chartered Accountants of India (ICAI), the Council constituted the Digital
Accounting and Assurance Board (DAAB) as an enabling Board to proactively assess the impact of
digitisation on accounting and audit.

  DAAB was constituted to begin withdrawing experience of co-opted members and special invitees
having exposure in the area of digitisation, from peer regulatory organizations, academician and
accounting firms.

  The instant toolkit "Digital Competency Maturity Model (DCMM) for Professional Accounting
Firms ­ Version 1" is an endeavour to provide a recommended set of requirements which the firms
can evaluate on a self assessment basis and build a strategy for up skilling, to leverage the opportunities
which will unfold in the digital era.

  We compliment the members and staff of DAAB for taking up this initiative for the benefit of
the profession. We are sure that the Instant "Digital Competency Maturity Model (DCMM) for
Professional Accounting Firms ­ Version 1.0" will be used by our members/firms to assess the current
digital competence of their firms and building their firms competencies for their own growth and the
profession at large.




(CA. Nilesh S Vikamsey)   (CA. Naveen N D Gupta)
President, ICAIVice-President, ICAI


New Delhi
December, 2017



                                                  ­5­
PREFACE
The "Digital Competency Maturity Model (DCMM) for Professional Accounting Firms ­ Version 1.0"
has been developed for self evaluation by accounting firms and is intended only to be a self assessment
tool for rating their current digital capabilities. This self evaluation process would be wholesome
when the model questions are filled up after debate/discussion among all the partners of the
firm to know the "as is where is position" of digital competency with the firm.
The objective is that the accounting firms, irrespective of the size, assess the current level of Digital
Competency and identify steps to move up the model and calibrate their functioning to the emerging
context. We recommended that each firm should develop a strategy as part of its Annual
Operating Plan to move up the DCMM.
We are encouraged to hear that this could probably be the first of its kind initiative in the accounting
world and we thank CA. Nilesh S Vikamsey, President, CA. Naveen N D Gupta, Vice-President and
our Council Colleagues for their thought leadership, continuous support and encouragement to the
initiatives of the Board.
Our sincere thanks and heartfelt gratitude to CA. Rajaji Chandrasekhar, Chennai for converting the
Board vision into an Executable model with long hours of extensive research, to prepare the Digital
Competency Maturity Model. Our thanks are also due to CA Hemant Joshi, Pune and CA. Vijayender
Rana, New Delhi for their inputs in making the model more robust at the first version itself.
We recommend the members/ firms to apply this Maturity Model and provide us their feedback/
responses (at insightDCMMV2.0@icai.in). This would assist us in developing a more robust and
comprehensive Version 2 of the Maturity Model in the near future. This version of DCMM is
simple and has set moderate competencies, with intent to encourage firms to embrace the reality
of digital era. The next version is likely to have more qualitative and quantitative criteria and
may define more levels of maturity with a single weighted raking across all the three sections of
competency identified.




Digital Accounting and Assurance Board


New Delhi
December, 2017.




                                                 ­6­
DIGITAL ACCOUNTING AND
ASSURANCE BOARD OF ICAI
TO UNRAVEL the impact of Digitization on Accounting and Assurance, the Council of ICAI has
constituted the Digital Accounting and Assurance Board, as a non-standing Board of the ICAI, for
fostering a cohesive global strategy on aspects related to digital accounting and assurance, through
sharing of knowledge and practices amongst the members. DAAB is endeavoured to identify, deliberate
and highlight on issues in accounting (including valuation) and assurance (including internal audit)
issues in the digital world. Digital Accounting and Assurance Board is focusing on issues in accounting
and assurance arising from the high pace of digitization, including use of artificial intelligence in audit,
big data analytics in audit, relevance of sampling, valuation of data as an asset, impairment, testing of
digital assets, insurance of data-valuation and premium fixation, etc.  
The Board is taking up initiatives to develop knowledge base through position papers and articles on
issues related to impact of technology on accounting and assurance. DAAB Knowledge Page https://
www.icai.org/new_post.html?post_id=13422&c_id=432 may be referred for position papers issued
and for links to relevant article on digital accounting and assurance. Technology Summits are being
conducted with the theme of Empowering Chartered Accountants in digital era. DAAB has also
released knowledge management videos available on ICAI Mobile App https://www.icai.org/mobile/.
DAAB has also conducted online survey on impact of emerging technologies on the accountancy
profession and around one thousand responses have been received.


                          TERMS OF REFERENCE
(Board for deliberating and initiating solutions for Accounting (including valuation) and Assurance
(including internal audit) issues in the Digital World)

Arising out of digital era and its consequences -
(a)to identify, deliberate and highlight issues in Accounting (including valuation) and Assurance
   (including internal audit) in the Digital World, and security aspect of data and technology;
(b) to act as a facilitator by engaging through relevant committees of ICAI; and wherever necessary
    with standard setters, Government, Regulators, industry and other accounting bodies in the world;
    and suggest to the relevant Committee(s) in Institute, the required changes in Accounting Standards,
    Assurance Standards and Valuation Standards;
(c) to develop knowledge base through position papers, create on line platform, including an annual
    conference/ round table preferably, on areas identified with a view to raise awareness in all
    stakeholders, the issues and opportunities arising from these trends; and
(d)to enable setting up a Global Digital Accounting and Assurance Board, as India initiative so that
   ICAI gets recognition as the global thought leader in Accounting and Assurance in digital world.



                                                    ­7­
Composition of Digital Accounting
and Assurance Board 2017-18

   Council Members
   CA. Anil Satyanarayan Bhandari, Member
   CA. Atul Kumar Gupta, Member
   CA. Debashis Mitra, Member
   CA. Kemisha Soni, Member
   CA. Manu Agarwal, Member
   CA. Nilesh S. Vikamsey, President, ICAI (ex officio)
   CA. Naveen N.D. Gupta, Vice President, ICAI, (ex officio)
   CA. Prakash Sharma, Member
   CA. Sanjay Vasudeva, Vice-Chairman
   CA. Shiwaji Bhikaji Zaware, Member
   CA. Shyam Lal Agarwal, Member
   CA. M P Vijay Kumar, Chairman


   Government Nominee
   Shri Vithayathil Kurian


   Co-opted Members
   CA. Adesh Kumar Gupta
   CA. B K Patel


   Special Invitees
   Shri G Raghuraj, nominee IDRBT
   CA. Hemant Joshi
   Prof. Naman Desai, nominee IIM- Ahmedabad
   Ms. Narmadha R, nominee C&AG
   CA. Subh Ghosh
   Shri T Chakravarti, nominee SEBI









                                         ­8­
INTRODUCTION
THE DIGITAL SOCIETY is bringing in a new framework of unwritten rules of the game wherein
not only the way the businesses are being carried out is getting radically transformed, but its silhouette
is equally evident in the related value chain and more importantly the financial reporting chain as also
the assurance chain. Things like vulnerability assessment and risk mitigation thereto arising out of the
analysis of financial information is radically changing since concept of data is now being replaced with
big data, and the landscape of accounting and assurance function will accordingly get transformed to
cover a large segment of population rather than getting confined to a sample base assessment.
One may think what does this dawn of information technology and a digitized society has to do with
the profession of Chartered Accountancy. An orthodox view would be that it does not concern us,
but a pragmatic and rational school of thought is that a digital society brings with it its own set of
challenges and one needs to embrace the reverberations not as complexities. It is now largely seen
that using the frontiers of technology is likely to positively impact and transform the landscape of the
professional working of an accounting firm.  If we start looking the role of accounting function with
an enhanced esotericness through use of technology, it would open up new windows of professional
work for accountancy firms.
Digital Competency in a generic sense of the term has two parts- Digital- referring to "involving or
using computer technology" and Competence- "indicates sufficiency of knowledge and skills that
enable someone to act successfully and efficiently". Digital Competency, thus, is a measure of skill
and competence on use of computer and related technology. Accounting and Audit Firms have had a
fair bit of impact in terms of how they run their firm operations and also adapt and evolve to the ever
changing technology architectures at the client side.
ICAI, through DAAB, has initiated a process of laying out a self- evaluation matrices for accounting
firms to gauge their relative maturity level as regards digital competency, relating to audit and accounting
related functions being rendered by firms and individuals.
The objective of this Evaluation Matrix is for Audit and Accounting firms to be able to self- evaluate
their current level of maturity on digital competency, identify areas where competencies are good/
lacking, and then develop a road map for upgrading to a higher level of maturity.


Three Dimension Approach to Self Evaluate Digital Competency of Professional
Accounting Firms

a. Level of Automation of the Firm's internal processes
 Intending to cover aspects like, level of usage of IT for it's own internal processes like, billing,
   document management, employee attendance and work tracking, protecting its digital identity like,
   domain name, social media presence, etc.

                                                   ­9­
b. Availability of Qualified Resource Pool and Talent
   Development relating to Digital Competencies
 Intending to cover aspects like number of skilled staff
   with requisite qualifications, training initiatives on IT,
   On demand Online Training etc.

c. Level of Automation relating to Audit Processes
   and Nature of Audit Services being rendered
 Level of automation at client's end, access to
   automated audit tools, training of employees on
   audit tools, ability to handle digital evidence,
   Information Technology Audits, etc.


FIRST STEPS
· To assign the task of understanding and presenting the document to all partners and senior staff,
  to a partner or senior staff who has relatively more interest in Audit; alternatively to one having
  interest in Information technology;
· To debate the model in a partners formal meet of at least 2 hours and make a conservative estimate
  of score for each of the elements;
· To encourage every partner and senior staff to update the check list in confidence and own
  assessment of score for each of the elements;
· To tabulate the score assigned by each partner and senior staff who participated in the process and
  finalise the rating with a consensus approach led by the Senior leadership.
· To develop a plan as part of the Annual Operating Plan, for moving up the DCMM. The next steps
  for this is listed at end of the document.




                                               ­ 10 ­
DIGITAL COMPETENCY MATURITY MODEL (DCMM)
FOR PROFESSIONAL ACCOUNTING FIRMS ­ VERSION 1.0
SECTION A: LEVEL OF AUTOMATION OF THE FIRM'S
INTERNAL PROCESSES
This section covers aspects relating to what extent an accounting and audit firm has leveraged
Information Technology (IT) and related processes for it's own operations ­ from automation of
attendance systems to cloud based data back-up, etc. It also addresses issues of data security of
client's sensitive data.

Competency Dimension                              Score/Point              Actual Points/Score
                                                  Awarding Basis           Achieved
1.1 Managing Digital Identity                     For each Yes ­ Score 1 Max. Possible Points= 3
    The firm has registered                       For each No ­ Score 0
    i. Domain name,
    ii. Uses a corporate domain ID for mails,
    iii. Has a verified social media presence
1.2 Operational Process automation                For each Yes ­ 1 Point   Max. Possible Points= 7
    The firm uses automation for :                For each No ­ 0 Point
    i. Attendance system
    ii. Leave management system
    iii. Mobile device- laptops, PDAs, etc.
         tracking
    iv. Internal communication- chats/instant
         messaging systems
    v. Centralised file storage system/server


                                                ­ 11 ­
Competency Dimension                                    Score/Point              Actual Points/Score
                                                        Awarding Basis           Achieved
    vi. Internal work flow and documentation
        is managed on a digital work flow
        management system
    vii.Electronic database pertaining to
        client's and services being rendered is
        maintained and updated
1.3 High Availability                                   For Yes ­ 1 Point        Max. Possible Points= 1
    i. Data back-up is automated process                For No ­ 0 Point
       on the cloud/off-line at a different
       location and same is tested periodically
1.4 Mobile Devices Data Security                        For each Yes ­ 1 Point   Max. Possible Points= 3
    Mobile devices and laptops:                         For each No ­ 0 Point
    i. Are secured through drive encryption
    ii. Have end point security deployed
    iii. Can be remotely backed-up/ content
         wiped off in case of loss of device
         (MDM)
1.5 Data Security                                       For each Yes ­ 1 Point   Max. Possible Points= 3
    i. Critical communications are digitally            For each No ­ 0 Point
         secured (either through digital signatures
         or passwords/other mechanism)
    ii. Access to internet is restricted on need
         only basis and use of data cards is also
         routed through corporate firewalls
    iii. Firm has deployed end-point security
         on all desktops (including access
         control)
1.6 Electronic Payments                                 Below 15% - 0 Points     Max. Possible Points= 3
    Financial Transactions beyond a threshold           15%- 40% - 1 Point
    are made through electronic means using
    Two Factor Authentication from designated           40% to 75%- 2 Points
    devices only.                                       Above 75%- 3 Points
    i. Min of 15% and upto 40% of all pay-
         ments are made through electronic means
    ii. 40% to 75% of all payments are made
         through electronic means
    iii. Above 75% of all payments are made
         through electronic means
    Note: % is in terms of transaction volume.


                                                      ­ 12 ­
Competency Dimension                                      Score/Point              Actual Points/Score
                                                          Awarding Basis           Achieved
1.7 Copyright and Licenses                                For each Yes ­ 1 Point   Max. Possible Point = 1
    i. Software deployed are backed by                    For each No ­ 0 Point
       appropriate licenses and inventory of
       licenses are maintained.
1.8 Digital Media for Communication                       For each Yes ­ 1 Point   Max. Possible Points= 4
    i. Internal employee portal is maintained             For each No ­ 0 Point
         with updated content relating to firm's
         audit programs, checklists, sample
         representation letters, etc and
    ii. E-newsletter is published to it's
         employees and knowledge updates are
         available on portal
    iii. Employee feedback and evaluation is
         done online through a portal
    iv. Mail server is managed in-house/third
         party service provider with scheduled
         back-ups/vaulting options enabled to
         retain mails for defined period of time
1.9 Protecting Personal Data and Privacy                  For each Yes ­ 1 Point   Max. Possible Points= 3
    i. Employee related personal information/             For each No ­ 0 Point
         HR data in electronic form is secured
         from unauthorised access
    ii. Social media checks are carried out on
         key employees as part of background
         checks including prior or existing
         relationship with clients
    iii. Employees are sensitised on due care to
         be taken relating to sharing client specific
         information
1.10 Online scans for adverse content          For Yes ­ 1 Point                   Max. Possible Point = 1
    i. Does the firm carry out, either through For No ­ 0 Point
       a third party or on it's own, scan of
       online content to track any adverse
       news about the firm/it's employees
1.11 External Validation/Certification             For Yes ­ 2 Points              Max. Possible Points = 2
    i. Is the firm subject to external validation/ For No ­ 0 Point
       certifications like ISO 27001 etc.,
                                                                                   Total Possible Points
                                                                                                   = 31


                                                        ­ 13 ­
SECTION B: AVAILABILITY OF
QUALIFIED RESOURCE POOL AND
TALENT DEVELOPMENT RELATING
TO DIGITAL COMPETENCIES
This section addresses issues relating to skills, qualification of staff (administrative and audit staff)
in relation to Information and Communications Technology (ICT), and investment by the firm in
providing appropriate training for skill set upgrades.

Competency Dimension                                        Score/Point               Actual Points/
                                                            Awarding Basis            Score Achieved
2.1 Skilled resource for managing internal IT infra         For Yes - 1 Point         Maximum
    Does the firm have trained/qualified                    For No - 0 Point          possible points
    i. System Administrators or in case of cloud                                      =2
        deployment- cloud administrators
    ii. Agreement with service providers for desktop
        support, hardware maintenance/AMCs
2.2 Training/skill of staff related to office              i. 0 to 30% of the         Maximum
    automation                                                 staff ­ 0 Points       Possible Points
    How many of the firm's staff are formally trained/ ii. 30% to 60% of the          =2
    skilled in:                                                staff- 1 Point
    i. Word processing software skills                     iii.Above 60% of the
    ii. Spreadsheet software skills                            staff- 2 Points
    iii. Database/ data analytics skills
    iv. Presentation skills
    v. E-mail and internet skills
    vi. Use of automated work-flow systems
    Note: Each staff will be counted only once- i.e., same
    staff possessing two skills cannot be counted twice.
2.3 Skills related to audit in a computerised         i. 0 to 30% of the              Maximum
    environment/Information Systems Audit                 staff ­ 0 Points            Possible Points
    Do staff members possesses one or more of the     ii. 30% to 60% of the           2
    said qualifications                                   staff- 1 Point
    i. Diploma in Information Systems Audit (DISA) iii.Above 60% of the
    ii. Certified Information Systems Auditor (CISA)      staff- 2 Points
    iii. Certified in Risk and Information Systems
         Control (CRISC)
    iv. Certified Fraud Examiner (CFE)
    v. ISO 27001 LA/Implementer
    vi. Any other relevant certifications
    Note: For the above, articled clerks are to be
    excluded- only partners, qualified staff and paid
    assistants are to be factored.


                                                 ­ 14 ­
Competency Dimension                                       Score/Point             Actual Points/
                                                           Awarding Basis          Score Achieved
2.4 Digital Etiquette                                      For Yes- 1 Point        Maximum
    i. Does the firm provide its staff with training       For No- 0 Point         possible points-
       on drafting mail responses/any other form of                                1
       digital communication factoring cultural and                                `
       generational diversity of the client/recipients.

2.5 Protecting against digital threats                     For Yes- 1 Point        Maximum
   Does the firm sensitizes it's employees on issues like: For No- 0 Point         Possible points-
   i.Cyberbullying                                                                 1
   ii. Phishing attacks/spear phishing attacks
        targeting key employees
   iii. Malware threat indicators
2.6 Content delivery through digital platforms             For Yes- 1 Point        Maximum
    i. Does the firm have an online/on-demand              For No- 0 Point         possible points
         learning portal which employees can access                                =3
         from anywhere
    ii. Are atleast 50% of the total CPEs sessions/
         training sessions through webinars/podcasts
         are attended on an average
    iii. Has the firm subscribed to any digital learning
         platforms from professional bodies for skill
         development of its staff
2.7 Access to knowledge base, content search              For Yes- 1 Point         Maximum
    online and evaluating content prior to use            For No- 0 Point          possible points
    i. Access to business knowledge database, market                               =3
         drivers and technology involved in the industry
         in which company operates
    ii. Are staff trained formally on content searches
         related to work and how to identify authenticity
         of the source (say of case laws, audit check
         lists, etc.,)
    iii. Are staff trained on what online content can be
         legally re-used without IPR infringements
2.8 Creative use of digital technologies                   If atleast 1 such      Maximum
   i. Are staff encouraged to put IT to creative           automation achieved- 1 Possible Points-
      use, say building an app for statutory due date      Point                  1
      alerts, alerts relating to professional updates,     For no such
      automating a routine function                        automation- 0 Points
                                                                                   Total Possible
                                                                                   Points = 15


                                                ­ 15 ­
                                             SECTION C
LEVEL OF AUTOMATION RELATING TO AUDIT
PROCESSES AND NATURE OF AUDIT SERVICES BEING
RENDERED
This section focuses on actual audit and related work being carried out by the firm, which uses
automated tools to facilitate the audit process or scenarios, especially where complete audit
focuses on the IT controls in the client environment.

Competency Dimension                                         Score/Point             Actual Points/
                                                             Awarding Basis          Score Achieved
3.1 Use of Automated Audit Planning Software                 If Yes- 1 Point         Maximum Possible
    i. Does the firm uses any application                    If No- 0 Point          Points = 2
        software/tool for audit planning- including
        scheduling, resource deployment, tracking
        hrs/days spent vs. budgeted time, etc.
    ii. Is the software cloud based and secure
        access is provided to staff members which
        has facility to collaborate, digital sign off,
        etc. ,?
3.2 Use of External Automated Audit Tools for                For Points i to iii     Maximum Possible
    Data Extraction, Sampling, Analytics, etc.               For Each Yes- 1 Point   Points = 3
    i. Does the firm have/uses automated
         audit tools for data extraction, sampling           For each No ­ 0 Point
         (Benford's law, RSF, etc.) , analytics etc. (like
         ACL, IDEA etc.,)                                    For Points iv
    ii. Are the staff adequately trained on usage            i. If for > 5 out
         of the tools and interpretation of results             of top 10 clients
         thereof ?                                              manual processes
    iii. Are the audit staff trained on identifying,            are used- Negative
         obtaining and analysing and retaining                  Marking of 1

                                                    ­ 16 ­
Competency Dimension                                     Score/Point           Actual Points/
                                                         Awarding Basis        Score Achieved
       relevant digital evidence pertaining to their ii. If for < 5 but
       audit work?                                       greater than
   iv. Are there scenarios where client's core           Zero- No negative
       processes are fully automated while the firm      marking
       continues to use manual audit techniques
       rather than system driven reviews?
3.3 Use of in-built audit tools/capabilities in      If Yes ­ 1 point          Maximum Possible
    client side applications like ERPs               If No- 0 Point            Point = 1
    i. Has the firm used in-built audit capabilities
        in client applications say, Audit Management
        Module in SAP, Oracle Financials, audit
        features in Tally, etc.
3.4 Design of Application Level Controls                 If Yes- 1 Point       Maximum Possible
    Has the firm participated in the application         If No- 0 Point        Point = 1
    design stage for any client to suggest internal
    controls to be built into software they propose
    to develop/use, say, maker checker controls,
    segregation of duties, audit logs, etc. in financial
    software like accounting, payroll, inventory
    management, etc.
3.5 Carrying out Risk Assessment for the                 If Yes- 1 Point       Maximum Possible
    purpose of audit planning                            If No- 0 Point        Point = 1
    Does the firm have a process of reviewing IT
    controls and risk of failures of the same vis-
    à-vis impact on audit planning, including but
    not limited to audit sample size selection, focus
    areas of audit, etc.
3.6 Information Systems Related Audits/                For each Yes- 1 Point   Maximum Possible
   Reviews                                             For each No- 0 Point    Point = 5
   Has the firm carried out audits relating to :
   i. IT Security ­General Control Reviews
   ii. Financial fraud investigation involving digital
        forensic reviews
   iii. Application Security Audits
   iv. Technical reviews like, Vulnerability
        Assessments, Web Application security
        testing, etc.
   v. ISO 27001: 2013 reviews
                                                                               Total Possible
                                                                               Points = 13


                                                ­ 17 ­
FIRM MATURITY RATING
Section           Total Possible
Reference            Points
Section A               31         · Less than 9 Points                                 :  Level 1 Firm
                                   · = or >9 Upto 18 Points                        :  Level 2 Firm
                                   · >18 Points                                            :  Level 3 Firm
Section B               15         · Less than 5 Points                                :  Level 1 Firm
                                   · = or >5 Points Upto 9 Points              :  Level 2 Firm
                                   · >9 Points                                             :  Level 3 Firm
Section C               13         · Less than 4 Points                                :  Level 1 Firm
                                   · = or >4 Upto 8  Points                        :  Level 2 Firm
                                   · >8 Points                                             :  Level 3 Firm

Level 1 Firm:  Indicates that the firm is in nascent stages of adapting ICT and other digital
               technologies.
               Recommendation: Take immediate steps to upgrade its digital competency or
               will be left lagging behind.
Level 2 Firm: Indicates that the firm has reasonable adaption of ICT and other digital
              technologies.
              Recommendation: Take steps to reach the next level of digital competency.
Level 3 Firm:  Indicates that the firm has significant adaption of ICT and digital technologies.
               Recommendation: Focus on increasing score to full points in each of
               the sections and to leverage present status to be in the forefront of use of
               technologies like,  Artificial Intelligence and innovations like, block chain, use
               of drones, bots, etc for conducting audit.




                                                ­ 18 ­
      DCMM ROAD MAP FOR MOVING UP THE
          NEXT LEVEL OF MATURITY

This section focuses on actual audit and related work being carried out by the firm, which uses
automated tools to facilitate the audit process or scenarios, especially where complete audit
focuses on the IT controls in the client environment.



         Step 1: Benchmarking              Benchmark the current maturity level of
                                           the Firm by completing the DCMM and
                                           document list of specific aspects that the
                                           Firm is currently lacking, and which needs
                                           to be initiated to move the next level of
                                           Maturity model.

         Step 2: Planning Initiatives      Convert the initiative to be taken into an
                                           action plan- with timelines- quarterly/
                                           annual.

         Step 3: Identifying resources     Identify a small cross functional team to
         and execution plan                own the execution of the plan, with a leader
                                           and make the execution of the plan, an
                                           important part of the Key Result Areas/
                                           KPI of this team. Define accountability
                                           for reporting progress and challenges in
                                           implementation.

         Step 4: Assessing progress        Assess the progress by re-evaluating against
         and re-validation against the     the DCMM and re-visit the execution plan
         DCMM.                             half-yearly.









                                            ­ 19 ­
REFERENCES:

i.https://ec.europa.eu/jrc/en/digcomp/digital-competence-framework
ii.   https://tuhat.helsinki.fi/portal/files/48681684/Ilom_ki_etal_2011_What_is_
      digital_competence.pdf
iii.http://learning.gov.wales/docs/learningwales/publications/160831-dcf-your-
    questions-answered-en.pdf
iv.https://www.digitalcpa.com/
v.https://blionline.org/2015/04/anticipation-the-missing-competency-for-cpas/
vi.https://www.td.org/Publications/Blogs/Career-Development-Blog/2015/03/
   Assessing-Digital-Literacy
vii.https://www.digitalanalyticsassociation.org/self-assessment
viii. http://is.jrc.ec.europa.eu/pages/EAP/documents/participants_definitions.pdf
ix.   https://www.ifac.org/system/files/meetings/files/2820.pdf
x.http://www.accaglobal.com/content/dam/ACCA_Global/Technical/Future/pi-
  highlights-professional-accountants-the-future.pdf
xi.https://competency.aicpa.org/media_resources/211276-2017-digital-cpa-
   conference
xii.https://competency.aicpa.org/media_resources/209543-10-steps-to-a-digital-
    office-in-the-cloud
xiii. http://ictineducation-gartmor.blogspot.in/2015/02/defining-digital-competence.
      html
xiv.https://ec.europa.eu/jrc/en/digcomp/digital-competence-framework




                                    ­ 20 ­
  ANNEXURE
(Scoring sheet for use by firm)




         ­ 21 ­
DIGITAL COMPETENCY MATURITY MODEL (DCMM)
FOR PROFESSIONAL ACCOUNTING FIRMS


   NAME OF FIRM


   ADDRESS OF THE FIRM


   YEAR OF ESTABLISHMENT


   NUMBER OF PARTNERS


   NUMBER OF QUALIFIED Chartered
   Accountants Staff




General Instructions:
1. This self evaluation form should be filled up only after debate/discussions among all
   partners of the firm to assess the current digital competence of their firm.
2. It is recommended that all partners of the firm fill up individually their rating/score and
   then collate into a final ranking table.




                                           ­ 22 ­
                                          SECTION A
LEVEL OF AUTOMATION OF THE FIRM'S INTERNAL
PROCESSES
Competency Dimension                                              Score/Point Awarding Firm's
                                                                  Basis                Response
1.1 Managing Digital Identity                                     For each Yes ­ Score 1
    The firm has registered                                       For each No- Score 0
    i . Domain name,
    ii. Uses a corporate domain ID for mails,                     Max. Possible Points= 3
    iii. Has a verified social media presence
1.2 Operational Process automation                                For each Yes- 1 Point
    The firm uses automation for:                                 For each No- 0 Point
    i. Attendance System
    ii. Leave management system                                   Max. Possible Points= 7
    iii. Mobile device- laptops, PDAs, etc. tracking
    iv. Internal communication- chats/instant messaging
         systems
    v. Centralised file storage system/ server
    vi. Internal work flow and documentation is managed on
         a digital work flow management system
    vii.Electronic database pertaining to client's and services
         being rendered is maintained and updated
1.3 High Availability                                             For Yes- 1 Point
    i. Data back-up is automated process on the cloud/            For No- 0 Point
       off-line at a different location and same is tested
       periodically                                               Max. Possible Points= 1
1.4 Mobile Devices Data Security                                  For each Yes- 1 Point
    Mobile devices and laptops:                                   For each No- 0 Point
    i. Are secured through drive encryption
    ii. Have end point security deployed                          Max. Possible Points= 3
    iii. Can be remotely backed-up/ content wiped off in
         case of loss of device (MDM)
1.5 Data Security
    i. Critical communications are digitally secured (either        For each Yes- 1 Point
         through digital signatures or passwords/ other             For each No- 0 Point
         mechanism)
    ii. Access to internet is restricted on need only basis and use Max. Possible Points= 3
         of data cards is also routed through corporate firewalls
    iii. Firm has deployed end-point security on all desktops
         (including access control)


                                                ­ 23 ­
Competency Dimension                                              Score/Point Awarding Firm's
                                                                  Basis                Response
1.6 Electronic Payments                                           Below 15% - 0 Points
    Financial Transactions beyond a threshold are                 15%- 40% - 1 Point
    made through electronic means using Two Factor                40% to 75%- 2 Points
    Authentication from designated devices only.                  Above 75%- 3 Points
    i. Min of 15% and Upto 40% of all payments are made
         through electronic means                                 Max. Possible Points= 3
    ii. 40% to 75% of all payments are made through
         electronic means
    iii. Above 75% of all payments are made through
         electronic means
    Note: % is in terms of transaction volume.
1.7 Copyright and Licenses                                        For Yes- 1 Point
    i. Software deployed are backed by appropriate licenses       For No- 0 Point
       and inventory of licenses are maintained.                  Max. Possible Point= 1
1.8 Digital Media for Communication                               For each Yes- 1 Point
    i. Internal employee portal is maintained with updated        For each No- 0 Point
         content relating to firm's audit programs, checklists,
         sample representation letters, etc and                   Max. Possible Points= 4
    ii. E-newsletter is published to it's employees and
         knowledge updates are available on portal
    iii. Employee feedback and evaluation is done online
         through a portal
    iv. Mail server is managed in-house/third party service
         provider with scheduled back-ups/vaulting options
         enabled to retain mails for defined period of time
1.9 Protecting Personal Data and Privacy                          For each Yes- 1 Point
    i. Employee related personal information/ HR data in          For each No- 0 Point
         electronic form is secured from unauthorised access
    ii. Social media checks are carried out on key employees      Max. Possible Points= 3
         as part of background checks including prior or
         existing relationship with clients
    iii. Employees are sensitised on due care to be taken
         relating to sharing client specific information
1.10 Online scans for adverse content                             For Yes- 1 Point
    i. Does the firm carry out, either through a third party      For No- 0 Point
       or on it's own, scan of online content to track any
       adverse news about the firm/it's employees                 Max. Possible Points= 1
1.11 External Validation/Certification                           For Yes- 2 Points
    i. Is the firm subject to external validation/certifications For No- 0 Point
       like ISO 27001 etc.,                                      Max. Possible Points= 2

                                                 ­ 24 ­
                                          SECTION B
AVAILABILITY OF QUALIFIED RESOURCE POOL AND TALENT
DEVELOPMENT RELATING TO DIGITAL COMPETENCIES
Competency Dimension                                                 Score/Point             Score
                                                                     Awarding Basis          Assessed
2.1 Skilled resource for managing internal IT infra                  For Yes- 1 Point
    Does the firm have trained/qualified                             For No- 0 Point
    i. System Administrators or in case of cloud
        deployment- cloud administrators                             Maximum possible
    ii. Agreement with service providers for desktop                 points = 2
        support, hardware maintenance/ AMCs
2.2 Training/skill of staff related to office automation             i. 0 to 30% of the
    How many of the firm's staff are formally trained/skilled in :       staff ­ 0 Points
    i. Word processing software skills                               ii. 30% to 60% of the
    ii. Spreadsheet software skills                                      staff- 1 Point
    iii. Database/ data analytics skills                             iii.Above 60% of the
    iv. Presentation skills                                              staff- 2 Points
    v. E-mail and internet skills
    vi. Use of automated work-flow systems                           Maximum Possible
    Note: Each staff will be counted only once- i.e., same           Points = 2
    staff possessing two skills cannot be counted twice.
2.3 Skills related to audit in a computerised                        i. 0 to 30% of the
    environment/Information Systems Audit                                staff ­ 0 Points
    Do staff members possesses one or more of the said               ii. 30% to 60% of the
    qualifications                                                       staff- 1 Point
    i. Diploma in Information Systems Audit (DISA)                   iii.Above 60% of the
    ii. Certified Information Systems Auditor (CISA)                     staff- 2 Points
    iii. Certified in Risk and Information Systems Control
         (CRISC)                                                     Maximum Possible
    iv. Certified Fraud Examiner (CFE)                               Points = 2
    v. ISO 27001 LA/Implementer
    vi. Any other relevant certifications
    Note: For the above, articled clerks are to be excluded-
    only partners, qualified staff and paid assistants are to be
    factored.
2.4 Digital Etiquette                                                For Yes- 1 Point
    i. Does the firm provide its staff with training on              For No- 0 Point
       drafting mail responses/any other form of digital
       communication factoring cultural and generational             Maximum possible
       diversity of the client/recipients                            points = 1


                                                 ­ 25 ­
Competency Dimension                                               Score/Point              Score
                                                                   Awarding Basis           Assessed
2.5 Protecting against digital threats                             For Yes- 1 Point
   Does the firm sensitizes it's employees on issues like:         For No- 0 Point
   i. Cyber bullying
   ii. Phishing attacks/spear phishing attacks targeting key       Maximum possible
        employees                                                  points = 1
   iii. Malware threat indicators
2.6 Content delivery through digital platforms                     For Yes- 1 Point
    i. Does the firm have an online/on-demand learning             For No- 0 Point
         portal which employees can access from anywhere
    ii. Are at least 50% of the total CPEs sessions/ training
         sessions through webinars/ podcasts are attended on
         an average                                                Maximum possible
    iii. Has the firm subscribed to any digital learning           points = 3
         platforms from professional bodies for skill
         development of its staff
2.7 Access to knowledge base, content search online and            For Yes- 1 Point
    evaluating content prior to use                                For No- 0 Point
    i. Access to business knowledge database, market
         drivers and technology involved in the industry in        Maximum possible
         which company operates                                    points = 3
    ii. Are staff trained formally on content searches related
         to work and how to identify authenticity of the source
         (say of case laws, audit check lists, etc.,)
    iii. Are staff trained on what online content can be legally
         re-used without IPR infringements
2.8 Creative use of digital technologies                           If atleast 1 such
   i. Are staff encouraged to put IT to creative use, say          automation achieved- 1
      building an app for statutory due date alerts, alerts        Point
      relating to professional updates, automating a routine       For no such
      function                                                     automation- 0 Points

                                                                   Maximum Possible
                                                                   Points = 1




                                                ­ 26 ­
                                           SECTION C
LEVEL OF AUTOMATION RELATING TO AUDIT PROCESSES
AND NATURE OF AUDIT SERVICES BEING RENDERED
Competency Dimension                                             Score/Point              Actual Points/
                                                                 Awarding Basis           Score Achieved
3.1Use of Automated Audit Planning Software                      For Yes- 1 Point
   i. Does the firm uses any application software/ tool          For No- 0 Point
       for audit planning- including scheduling, resource
       deployment, tracking hrs/days spent vs. budgeted          Maximum Possible
       time, etc.                                                Points =2
   ii. Is the software cloud based and secure access is
       provided to staff members which has facility to
       collaborate, digital sign off, etc.,?
3.2 Use of External Automated Audit Tools for Data               For Points i to iii
    Extraction, Sampling, Analytics, etc.                        For Each Yes- 1 Point
    i. Does the firm have/ uses automated audit tools            For each No ­ 0 Point
         for data extraction, sampling (Benford's law, RSF,      For Point iv
         etc.) , analytics etc. (like ACL, IDEA etc.,)           i. If for > 5 out
    ii. Are the staff adequately trained on usage of the             of top 10 clients
         tools and interpretation of results thereof ?               manual processes
    iii. Are the audit staff trained on identifying,                 are used- Negative
         obtaining and analysing and retaining relevant              Marking of 1
         digital evidence pertaining to their audit work?        ii. If for < 5 but
    iv. Are there scenarios where client's core processes            greater than
         are fully automated while the firm continues to             Zero- No negative
         use manual audit techniques rather than system              marking
         driven reviews?                                         Maximum Possible
                                                                     Points = 3

3.3 Use of in-built audit tools/capabilities in client           If Yes ­ 1 point
    side applications like ERPs                                  If No- 0 Point
    i. Has the firm used in-built audit capabilities in client
       applications say, Audit Management Module in SAP,         Maximum Possible
       Oracle Financials, audit features in Tally, etc.          Points = 1

3.4 Design of Application level Controls                         If Yes- 1 Point
    i. Has the firm participated in the application design       If No- 0 Point
       stage for any client to suggest internal controls to
       be built into software they propose to develop/           Maximum Possible
       use, say, maker checker controls, segregation of          Points = 1
       duties, audit logs, etc. in financial software like
       accounting, payroll, inventory management , etc.


                                                  ­ 27 ­
Competency Dimension                                         Score/Point             Actual Points/
                                                             Awarding Basis          Score Achieved
3.5 Carrying out Risk Assessment for the purpose of          If Yes- 1 Point
    audit planning                                           If No- 0 Point
    i. Does the firm have a process of reviewing IT
       Controls and risk of failures of the same vis-à-      Maximum Possible
       vis impact on audit planning, including but not       Points = 1
       limited to audit sample size selection, focus areas
       of audit, etc.
3.6 Information Systems Related Audits/Reviews               For each Yes- 1 Point
   Has the firm carried out audits relating to :             For each No- 0 Point
   i. IT Security ­General Control Reviews
   ii. Financial fraud investigation involving digital       Maximum Possible
        forensic reviews                                     Points = 5
   iii. Application Security Audits
   iv. Technical reviews like, Vulnerability Assessments,
        Web Application security testing, etc.
   v. ISO 27001: 2013 reviews




Name of Partner : __________________________


Membership No. : __________________________


Date              : __________________________


Signature         : __________________________




                                               ­ 28 ­
­ 29 ­
   Digital Accounting and Assurance Board
The Institute of Chartered Accountants of India


                www.icai.org
                             ­ 30 ­

Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting