DIGITAL
COMPETENCY
MATURITY
MODEL
(DCMM)TM*
For Professional Accounting Firms
Version 1.0
Digital Accounting and Assurance Board
The Institute of Chartered Accountants of India
* Trade Mark has been applied under Trade Marks Act, 1999
1
Digital Accounting and Assurance Board
The Institute of Chartered Accountants of India
2
Contents
FOREWORD05
PREFACE06
I. Digital Accounting and Assurance Board of ICAI 07
II.Introduction 09
III. Digital Competency Maturity Model (DCMM)
for Professional Accounting Firms Version 1.0 11
A. Level of Automation of the Firm's Internal Processes 11
B. Availability of Qualified Resource Pool and
Talent Development Relating to Digital Competencies 14
C. Level of Automation relating to Audit Processes 16
and Nature of Audit Services Being Rendered
IV. Firm Maturity Rating 18
V. DCMM Road map for moving up the
next level of maturity 19
References20
Annexure Scoring sheet for use by Firm 21
3
"Digital Competency Maturity Model
(DCMM) for Professional Accounting Firms
Version 1.0" has to be used ONLY for
self evaluation by accounting firms of their
digital competency maturity level and taking
steps to move up the maturity model.
The results of the self evaluation conducted
should NOT be published/ displayed in any
form/ manner, which may be deemed to be
violation of Code of Ethics of the Institute of
Chartered Accountants of India".
4
FOREWORD
THE ACCOUNTANCY PROFESSION globally is largely Small and Medium Practitioner (SMP)
based, serving the whole Small and Medium Enterprises (SME) universe which constitutes a significant
part of any economy and in many cases also as niche firms serving large entities. The same trend is
true in the Indian context also. Challenges of financial resources apart these firms are to be supported
proactively with insights on the emerging trends in the emerging digital society and the consequent
impact on the accounting function. It is also important to take note of the huge effort of Government
on digitisation and the already visible changes in tax law compliance including the new transformational
legislation on Goods and Services Tax where every aspect of compliance and regulation is digital and
in other areas of financial services transactions, etc.
At The Institute of Chartered Accountants of India (ICAI), the Council constituted the Digital
Accounting and Assurance Board (DAAB) as an enabling Board to proactively assess the impact of
digitisation on accounting and audit.
DAAB was constituted to begin withdrawing experience of co-opted members and special invitees
having exposure in the area of digitisation, from peer regulatory organizations, academician and
accounting firms.
The instant toolkit "Digital Competency Maturity Model (DCMM) for Professional Accounting
Firms Version 1" is an endeavour to provide a recommended set of requirements which the firms
can evaluate on a self assessment basis and build a strategy for up skilling, to leverage the opportunities
which will unfold in the digital era.
We compliment the members and staff of DAAB for taking up this initiative for the benefit of
the profession. We are sure that the Instant "Digital Competency Maturity Model (DCMM) for
Professional Accounting Firms Version 1.0" will be used by our members/firms to assess the current
digital competence of their firms and building their firms competencies for their own growth and the
profession at large.
(CA. Nilesh S Vikamsey) (CA. Naveen N D Gupta)
President, ICAIVice-President, ICAI
New Delhi
December, 2017
5
PREFACE
The "Digital Competency Maturity Model (DCMM) for Professional Accounting Firms Version 1.0"
has been developed for self evaluation by accounting firms and is intended only to be a self assessment
tool for rating their current digital capabilities. This self evaluation process would be wholesome
when the model questions are filled up after debate/discussion among all the partners of the
firm to know the "as is where is position" of digital competency with the firm.
The objective is that the accounting firms, irrespective of the size, assess the current level of Digital
Competency and identify steps to move up the model and calibrate their functioning to the emerging
context. We recommended that each firm should develop a strategy as part of its Annual
Operating Plan to move up the DCMM.
We are encouraged to hear that this could probably be the first of its kind initiative in the accounting
world and we thank CA. Nilesh S Vikamsey, President, CA. Naveen N D Gupta, Vice-President and
our Council Colleagues for their thought leadership, continuous support and encouragement to the
initiatives of the Board.
Our sincere thanks and heartfelt gratitude to CA. Rajaji Chandrasekhar, Chennai for converting the
Board vision into an Executable model with long hours of extensive research, to prepare the Digital
Competency Maturity Model. Our thanks are also due to CA Hemant Joshi, Pune and CA. Vijayender
Rana, New Delhi for their inputs in making the model more robust at the first version itself.
We recommend the members/ firms to apply this Maturity Model and provide us their feedback/
responses (at insightDCMMV2.0@icai.in). This would assist us in developing a more robust and
comprehensive Version 2 of the Maturity Model in the near future. This version of DCMM is
simple and has set moderate competencies, with intent to encourage firms to embrace the reality
of digital era. The next version is likely to have more qualitative and quantitative criteria and
may define more levels of maturity with a single weighted raking across all the three sections of
competency identified.
Digital Accounting and Assurance Board
New Delhi
December, 2017.
6
DIGITAL ACCOUNTING AND
ASSURANCE BOARD OF ICAI
TO UNRAVEL the impact of Digitization on Accounting and Assurance, the Council of ICAI has
constituted the Digital Accounting and Assurance Board, as a non-standing Board of the ICAI, for
fostering a cohesive global strategy on aspects related to digital accounting and assurance, through
sharing of knowledge and practices amongst the members. DAAB is endeavoured to identify, deliberate
and highlight on issues in accounting (including valuation) and assurance (including internal audit)
issues in the digital world. Digital Accounting and Assurance Board is focusing on issues in accounting
and assurance arising from the high pace of digitization, including use of artificial intelligence in audit,
big data analytics in audit, relevance of sampling, valuation of data as an asset, impairment, testing of
digital assets, insurance of data-valuation and premium fixation, etc.
The Board is taking up initiatives to develop knowledge base through position papers and articles on
issues related to impact of technology on accounting and assurance. DAAB Knowledge Page https://
www.icai.org/new_post.html?post_id=13422&c_id=432 may be referred for position papers issued
and for links to relevant article on digital accounting and assurance. Technology Summits are being
conducted with the theme of Empowering Chartered Accountants in digital era. DAAB has also
released knowledge management videos available on ICAI Mobile App https://www.icai.org/mobile/.
DAAB has also conducted online survey on impact of emerging technologies on the accountancy
profession and around one thousand responses have been received.
TERMS OF REFERENCE
(Board for deliberating and initiating solutions for Accounting (including valuation) and Assurance
(including internal audit) issues in the Digital World)
Arising out of digital era and its consequences -
(a)to identify, deliberate and highlight issues in Accounting (including valuation) and Assurance
(including internal audit) in the Digital World, and security aspect of data and technology;
(b) to act as a facilitator by engaging through relevant committees of ICAI; and wherever necessary
with standard setters, Government, Regulators, industry and other accounting bodies in the world;
and suggest to the relevant Committee(s) in Institute, the required changes in Accounting Standards,
Assurance Standards and Valuation Standards;
(c) to develop knowledge base through position papers, create on line platform, including an annual
conference/ round table preferably, on areas identified with a view to raise awareness in all
stakeholders, the issues and opportunities arising from these trends; and
(d)to enable setting up a Global Digital Accounting and Assurance Board, as India initiative so that
ICAI gets recognition as the global thought leader in Accounting and Assurance in digital world.
7
Composition of Digital Accounting
and Assurance Board 2017-18
Council Members
CA. Anil Satyanarayan Bhandari, Member
CA. Atul Kumar Gupta, Member
CA. Debashis Mitra, Member
CA. Kemisha Soni, Member
CA. Manu Agarwal, Member
CA. Nilesh S. Vikamsey, President, ICAI (ex officio)
CA. Naveen N.D. Gupta, Vice President, ICAI, (ex officio)
CA. Prakash Sharma, Member
CA. Sanjay Vasudeva, Vice-Chairman
CA. Shiwaji Bhikaji Zaware, Member
CA. Shyam Lal Agarwal, Member
CA. M P Vijay Kumar, Chairman
Government Nominee
Shri Vithayathil Kurian
Co-opted Members
CA. Adesh Kumar Gupta
CA. B K Patel
Special Invitees
Shri G Raghuraj, nominee IDRBT
CA. Hemant Joshi
Prof. Naman Desai, nominee IIM- Ahmedabad
Ms. Narmadha R, nominee C&AG
CA. Subh Ghosh
Shri T Chakravarti, nominee SEBI
8
INTRODUCTION
THE DIGITAL SOCIETY is bringing in a new framework of unwritten rules of the game wherein
not only the way the businesses are being carried out is getting radically transformed, but its silhouette
is equally evident in the related value chain and more importantly the financial reporting chain as also
the assurance chain. Things like vulnerability assessment and risk mitigation thereto arising out of the
analysis of financial information is radically changing since concept of data is now being replaced with
big data, and the landscape of accounting and assurance function will accordingly get transformed to
cover a large segment of population rather than getting confined to a sample base assessment.
One may think what does this dawn of information technology and a digitized society has to do with
the profession of Chartered Accountancy. An orthodox view would be that it does not concern us,
but a pragmatic and rational school of thought is that a digital society brings with it its own set of
challenges and one needs to embrace the reverberations not as complexities. It is now largely seen
that using the frontiers of technology is likely to positively impact and transform the landscape of the
professional working of an accounting firm. If we start looking the role of accounting function with
an enhanced esotericness through use of technology, it would open up new windows of professional
work for accountancy firms.
Digital Competency in a generic sense of the term has two parts- Digital- referring to "involving or
using computer technology" and Competence- "indicates sufficiency of knowledge and skills that
enable someone to act successfully and efficiently". Digital Competency, thus, is a measure of skill
and competence on use of computer and related technology. Accounting and Audit Firms have had a
fair bit of impact in terms of how they run their firm operations and also adapt and evolve to the ever
changing technology architectures at the client side.
ICAI, through DAAB, has initiated a process of laying out a self- evaluation matrices for accounting
firms to gauge their relative maturity level as regards digital competency, relating to audit and accounting
related functions being rendered by firms and individuals.
The objective of this Evaluation Matrix is for Audit and Accounting firms to be able to self- evaluate
their current level of maturity on digital competency, identify areas where competencies are good/
lacking, and then develop a road map for upgrading to a higher level of maturity.
Three Dimension Approach to Self Evaluate Digital Competency of Professional
Accounting Firms
a. Level of Automation of the Firm's internal processes
Intending to cover aspects like, level of usage of IT for it's own internal processes like, billing,
document management, employee attendance and work tracking, protecting its digital identity like,
domain name, social media presence, etc.
9
b. Availability of Qualified Resource Pool and Talent
Development relating to Digital Competencies
Intending to cover aspects like number of skilled staff
with requisite qualifications, training initiatives on IT,
On demand Online Training etc.
c. Level of Automation relating to Audit Processes
and Nature of Audit Services being rendered
Level of automation at client's end, access to
automated audit tools, training of employees on
audit tools, ability to handle digital evidence,
Information Technology Audits, etc.
FIRST STEPS
· To assign the task of understanding and presenting the document to all partners and senior staff,
to a partner or senior staff who has relatively more interest in Audit; alternatively to one having
interest in Information technology;
· To debate the model in a partners formal meet of at least 2 hours and make a conservative estimate
of score for each of the elements;
· To encourage every partner and senior staff to update the check list in confidence and own
assessment of score for each of the elements;
· To tabulate the score assigned by each partner and senior staff who participated in the process and
finalise the rating with a consensus approach led by the Senior leadership.
· To develop a plan as part of the Annual Operating Plan, for moving up the DCMM. The next steps
for this is listed at end of the document.
10
DIGITAL COMPETENCY MATURITY MODEL (DCMM)
FOR PROFESSIONAL ACCOUNTING FIRMS VERSION 1.0
SECTION A: LEVEL OF AUTOMATION OF THE FIRM'S
INTERNAL PROCESSES
This section covers aspects relating to what extent an accounting and audit firm has leveraged
Information Technology (IT) and related processes for it's own operations from automation of
attendance systems to cloud based data back-up, etc. It also addresses issues of data security of
client's sensitive data.
Competency Dimension Score/Point Actual Points/Score
Awarding Basis Achieved
1.1 Managing Digital Identity For each Yes Score 1 Max. Possible Points= 3
The firm has registered For each No Score 0
i. Domain name,
ii. Uses a corporate domain ID for mails,
iii. Has a verified social media presence
1.2 Operational Process automation For each Yes 1 Point Max. Possible Points= 7
The firm uses automation for : For each No 0 Point
i. Attendance system
ii. Leave management system
iii. Mobile device- laptops, PDAs, etc.
tracking
iv. Internal communication- chats/instant
messaging systems
v. Centralised file storage system/server
11
Competency Dimension Score/Point Actual Points/Score
Awarding Basis Achieved
vi. Internal work flow and documentation
is managed on a digital work flow
management system
vii.Electronic database pertaining to
client's and services being rendered is
maintained and updated
1.3 High Availability For Yes 1 Point Max. Possible Points= 1
i. Data back-up is automated process For No 0 Point
on the cloud/off-line at a different
location and same is tested periodically
1.4 Mobile Devices Data Security For each Yes 1 Point Max. Possible Points= 3
Mobile devices and laptops: For each No 0 Point
i. Are secured through drive encryption
ii. Have end point security deployed
iii. Can be remotely backed-up/ content
wiped off in case of loss of device
(MDM)
1.5 Data Security For each Yes 1 Point Max. Possible Points= 3
i. Critical communications are digitally For each No 0 Point
secured (either through digital signatures
or passwords/other mechanism)
ii. Access to internet is restricted on need
only basis and use of data cards is also
routed through corporate firewalls
iii. Firm has deployed end-point security
on all desktops (including access
control)
1.6 Electronic Payments Below 15% - 0 Points Max. Possible Points= 3
Financial Transactions beyond a threshold 15%- 40% - 1 Point
are made through electronic means using
Two Factor Authentication from designated 40% to 75%- 2 Points
devices only. Above 75%- 3 Points
i. Min of 15% and upto 40% of all pay-
ments are made through electronic means
ii. 40% to 75% of all payments are made
through electronic means
iii. Above 75% of all payments are made
through electronic means
Note: % is in terms of transaction volume.
12
Competency Dimension Score/Point Actual Points/Score
Awarding Basis Achieved
1.7 Copyright and Licenses For each Yes 1 Point Max. Possible Point = 1
i. Software deployed are backed by For each No 0 Point
appropriate licenses and inventory of
licenses are maintained.
1.8 Digital Media for Communication For each Yes 1 Point Max. Possible Points= 4
i. Internal employee portal is maintained For each No 0 Point
with updated content relating to firm's
audit programs, checklists, sample
representation letters, etc and
ii. E-newsletter is published to it's
employees and knowledge updates are
available on portal
iii. Employee feedback and evaluation is
done online through a portal
iv. Mail server is managed in-house/third
party service provider with scheduled
back-ups/vaulting options enabled to
retain mails for defined period of time
1.9 Protecting Personal Data and Privacy For each Yes 1 Point Max. Possible Points= 3
i. Employee related personal information/ For each No 0 Point
HR data in electronic form is secured
from unauthorised access
ii. Social media checks are carried out on
key employees as part of background
checks including prior or existing
relationship with clients
iii. Employees are sensitised on due care to
be taken relating to sharing client specific
information
1.10 Online scans for adverse content For Yes 1 Point Max. Possible Point = 1
i. Does the firm carry out, either through For No 0 Point
a third party or on it's own, scan of
online content to track any adverse
news about the firm/it's employees
1.11 External Validation/Certification For Yes 2 Points Max. Possible Points = 2
i. Is the firm subject to external validation/ For No 0 Point
certifications like ISO 27001 etc.,
Total Possible Points
= 31
13
SECTION B: AVAILABILITY OF
QUALIFIED RESOURCE POOL AND
TALENT DEVELOPMENT RELATING
TO DIGITAL COMPETENCIES
This section addresses issues relating to skills, qualification of staff (administrative and audit staff)
in relation to Information and Communications Technology (ICT), and investment by the firm in
providing appropriate training for skill set upgrades.
Competency Dimension Score/Point Actual Points/
Awarding Basis Score Achieved
2.1 Skilled resource for managing internal IT infra For Yes - 1 Point Maximum
Does the firm have trained/qualified For No - 0 Point possible points
i. System Administrators or in case of cloud =2
deployment- cloud administrators
ii. Agreement with service providers for desktop
support, hardware maintenance/AMCs
2.2 Training/skill of staff related to office i. 0 to 30% of the Maximum
automation staff 0 Points Possible Points
How many of the firm's staff are formally trained/ ii. 30% to 60% of the =2
skilled in: staff- 1 Point
i. Word processing software skills iii.Above 60% of the
ii. Spreadsheet software skills staff- 2 Points
iii. Database/ data analytics skills
iv. Presentation skills
v. E-mail and internet skills
vi. Use of automated work-flow systems
Note: Each staff will be counted only once- i.e., same
staff possessing two skills cannot be counted twice.
2.3 Skills related to audit in a computerised i. 0 to 30% of the Maximum
environment/Information Systems Audit staff 0 Points Possible Points
Do staff members possesses one or more of the ii. 30% to 60% of the 2
said qualifications staff- 1 Point
i. Diploma in Information Systems Audit (DISA) iii.Above 60% of the
ii. Certified Information Systems Auditor (CISA) staff- 2 Points
iii. Certified in Risk and Information Systems
Control (CRISC)
iv. Certified Fraud Examiner (CFE)
v. ISO 27001 LA/Implementer
vi. Any other relevant certifications
Note: For the above, articled clerks are to be
excluded- only partners, qualified staff and paid
assistants are to be factored.
14
Competency Dimension Score/Point Actual Points/
Awarding Basis Score Achieved
2.4 Digital Etiquette For Yes- 1 Point Maximum
i. Does the firm provide its staff with training For No- 0 Point possible points-
on drafting mail responses/any other form of 1
digital communication factoring cultural and `
generational diversity of the client/recipients.
2.5 Protecting against digital threats For Yes- 1 Point Maximum
Does the firm sensitizes it's employees on issues like: For No- 0 Point Possible points-
i.Cyberbullying 1
ii. Phishing attacks/spear phishing attacks
targeting key employees
iii. Malware threat indicators
2.6 Content delivery through digital platforms For Yes- 1 Point Maximum
i. Does the firm have an online/on-demand For No- 0 Point possible points
learning portal which employees can access =3
from anywhere
ii. Are atleast 50% of the total CPEs sessions/
training sessions through webinars/podcasts
are attended on an average
iii. Has the firm subscribed to any digital learning
platforms from professional bodies for skill
development of its staff
2.7 Access to knowledge base, content search For Yes- 1 Point Maximum
online and evaluating content prior to use For No- 0 Point possible points
i. Access to business knowledge database, market =3
drivers and technology involved in the industry
in which company operates
ii. Are staff trained formally on content searches
related to work and how to identify authenticity
of the source (say of case laws, audit check
lists, etc.,)
iii. Are staff trained on what online content can be
legally re-used without IPR infringements
2.8 Creative use of digital technologies If atleast 1 such Maximum
i. Are staff encouraged to put IT to creative automation achieved- 1 Possible Points-
use, say building an app for statutory due date Point 1
alerts, alerts relating to professional updates, For no such
automating a routine function automation- 0 Points
Total Possible
Points = 15
15
SECTION C
LEVEL OF AUTOMATION RELATING TO AUDIT
PROCESSES AND NATURE OF AUDIT SERVICES BEING
RENDERED
This section focuses on actual audit and related work being carried out by the firm, which uses
automated tools to facilitate the audit process or scenarios, especially where complete audit
focuses on the IT controls in the client environment.
Competency Dimension Score/Point Actual Points/
Awarding Basis Score Achieved
3.1 Use of Automated Audit Planning Software If Yes- 1 Point Maximum Possible
i. Does the firm uses any application If No- 0 Point Points = 2
software/tool for audit planning- including
scheduling, resource deployment, tracking
hrs/days spent vs. budgeted time, etc.
ii. Is the software cloud based and secure
access is provided to staff members which
has facility to collaborate, digital sign off,
etc. ,?
3.2 Use of External Automated Audit Tools for For Points i to iii Maximum Possible
Data Extraction, Sampling, Analytics, etc. For Each Yes- 1 Point Points = 3
i. Does the firm have/uses automated
audit tools for data extraction, sampling For each No 0 Point
(Benford's law, RSF, etc.) , analytics etc. (like
ACL, IDEA etc.,) For Points iv
ii. Are the staff adequately trained on usage i. If for > 5 out
of the tools and interpretation of results of top 10 clients
thereof ? manual processes
iii. Are the audit staff trained on identifying, are used- Negative
obtaining and analysing and retaining Marking of 1
16
Competency Dimension Score/Point Actual Points/
Awarding Basis Score Achieved
relevant digital evidence pertaining to their ii. If for < 5 but
audit work? greater than
iv. Are there scenarios where client's core Zero- No negative
processes are fully automated while the firm marking
continues to use manual audit techniques
rather than system driven reviews?
3.3 Use of in-built audit tools/capabilities in If Yes 1 point Maximum Possible
client side applications like ERPs If No- 0 Point Point = 1
i. Has the firm used in-built audit capabilities
in client applications say, Audit Management
Module in SAP, Oracle Financials, audit
features in Tally, etc.
3.4 Design of Application Level Controls If Yes- 1 Point Maximum Possible
Has the firm participated in the application If No- 0 Point Point = 1
design stage for any client to suggest internal
controls to be built into software they propose
to develop/use, say, maker checker controls,
segregation of duties, audit logs, etc. in financial
software like accounting, payroll, inventory
management, etc.
3.5 Carrying out Risk Assessment for the If Yes- 1 Point Maximum Possible
purpose of audit planning If No- 0 Point Point = 1
Does the firm have a process of reviewing IT
controls and risk of failures of the same vis-
à-vis impact on audit planning, including but
not limited to audit sample size selection, focus
areas of audit, etc.
3.6 Information Systems Related Audits/ For each Yes- 1 Point Maximum Possible
Reviews For each No- 0 Point Point = 5
Has the firm carried out audits relating to :
i. IT Security General Control Reviews
ii. Financial fraud investigation involving digital
forensic reviews
iii. Application Security Audits
iv. Technical reviews like, Vulnerability
Assessments, Web Application security
testing, etc.
v. ISO 27001: 2013 reviews
Total Possible
Points = 13
17
FIRM MATURITY RATING
Section Total Possible
Reference Points
Section A 31 · Less than 9 Points : Level 1 Firm
· = or >9 Upto 18 Points : Level 2 Firm
· >18 Points : Level 3 Firm
Section B 15 · Less than 5 Points : Level 1 Firm
· = or >5 Points Upto 9 Points : Level 2 Firm
· >9 Points : Level 3 Firm
Section C 13 · Less than 4 Points : Level 1 Firm
· = or >4 Upto 8 Points : Level 2 Firm
· >8 Points : Level 3 Firm
Level 1 Firm: Indicates that the firm is in nascent stages of adapting ICT and other digital
technologies.
Recommendation: Take immediate steps to upgrade its digital competency or
will be left lagging behind.
Level 2 Firm: Indicates that the firm has reasonable adaption of ICT and other digital
technologies.
Recommendation: Take steps to reach the next level of digital competency.
Level 3 Firm: Indicates that the firm has significant adaption of ICT and digital technologies.
Recommendation: Focus on increasing score to full points in each of
the sections and to leverage present status to be in the forefront of use of
technologies like, Artificial Intelligence and innovations like, block chain, use
of drones, bots, etc for conducting audit.
18
DCMM ROAD MAP FOR MOVING UP THE
NEXT LEVEL OF MATURITY
This section focuses on actual audit and related work being carried out by the firm, which uses
automated tools to facilitate the audit process or scenarios, especially where complete audit
focuses on the IT controls in the client environment.
Step 1: Benchmarking Benchmark the current maturity level of
the Firm by completing the DCMM and
document list of specific aspects that the
Firm is currently lacking, and which needs
to be initiated to move the next level of
Maturity model.
Step 2: Planning Initiatives Convert the initiative to be taken into an
action plan- with timelines- quarterly/
annual.
Step 3: Identifying resources Identify a small cross functional team to
and execution plan own the execution of the plan, with a leader
and make the execution of the plan, an
important part of the Key Result Areas/
KPI of this team. Define accountability
for reporting progress and challenges in
implementation.
Step 4: Assessing progress Assess the progress by re-evaluating against
and re-validation against the the DCMM and re-visit the execution plan
DCMM. half-yearly.
19
REFERENCES:
i.https://ec.europa.eu/jrc/en/digcomp/digital-competence-framework
ii. https://tuhat.helsinki.fi/portal/files/48681684/Ilom_ki_etal_2011_What_is_
digital_competence.pdf
iii.http://learning.gov.wales/docs/learningwales/publications/160831-dcf-your-
questions-answered-en.pdf
iv.https://www.digitalcpa.com/
v.https://blionline.org/2015/04/anticipation-the-missing-competency-for-cpas/
vi.https://www.td.org/Publications/Blogs/Career-Development-Blog/2015/03/
Assessing-Digital-Literacy
vii.https://www.digitalanalyticsassociation.org/self-assessment
viii. http://is.jrc.ec.europa.eu/pages/EAP/documents/participants_definitions.pdf
ix. https://www.ifac.org/system/files/meetings/files/2820.pdf
x.http://www.accaglobal.com/content/dam/ACCA_Global/Technical/Future/pi-
highlights-professional-accountants-the-future.pdf
xi.https://competency.aicpa.org/media_resources/211276-2017-digital-cpa-
conference
xii.https://competency.aicpa.org/media_resources/209543-10-steps-to-a-digital-
office-in-the-cloud
xiii. http://ictineducation-gartmor.blogspot.in/2015/02/defining-digital-competence.
html
xiv.https://ec.europa.eu/jrc/en/digcomp/digital-competence-framework
20
ANNEXURE
(Scoring sheet for use by firm)
21
DIGITAL COMPETENCY MATURITY MODEL (DCMM)
FOR PROFESSIONAL ACCOUNTING FIRMS
NAME OF FIRM
ADDRESS OF THE FIRM
YEAR OF ESTABLISHMENT
NUMBER OF PARTNERS
NUMBER OF QUALIFIED Chartered
Accountants Staff
General Instructions:
1. This self evaluation form should be filled up only after debate/discussions among all
partners of the firm to assess the current digital competence of their firm.
2. It is recommended that all partners of the firm fill up individually their rating/score and
then collate into a final ranking table.
22
SECTION A
LEVEL OF AUTOMATION OF THE FIRM'S INTERNAL
PROCESSES
Competency Dimension Score/Point Awarding Firm's
Basis Response
1.1 Managing Digital Identity For each Yes Score 1
The firm has registered For each No- Score 0
i . Domain name,
ii. Uses a corporate domain ID for mails, Max. Possible Points= 3
iii. Has a verified social media presence
1.2 Operational Process automation For each Yes- 1 Point
The firm uses automation for: For each No- 0 Point
i. Attendance System
ii. Leave management system Max. Possible Points= 7
iii. Mobile device- laptops, PDAs, etc. tracking
iv. Internal communication- chats/instant messaging
systems
v. Centralised file storage system/ server
vi. Internal work flow and documentation is managed on
a digital work flow management system
vii.Electronic database pertaining to client's and services
being rendered is maintained and updated
1.3 High Availability For Yes- 1 Point
i. Data back-up is automated process on the cloud/ For No- 0 Point
off-line at a different location and same is tested
periodically Max. Possible Points= 1
1.4 Mobile Devices Data Security For each Yes- 1 Point
Mobile devices and laptops: For each No- 0 Point
i. Are secured through drive encryption
ii. Have end point security deployed Max. Possible Points= 3
iii. Can be remotely backed-up/ content wiped off in
case of loss of device (MDM)
1.5 Data Security
i. Critical communications are digitally secured (either For each Yes- 1 Point
through digital signatures or passwords/ other For each No- 0 Point
mechanism)
ii. Access to internet is restricted on need only basis and use Max. Possible Points= 3
of data cards is also routed through corporate firewalls
iii. Firm has deployed end-point security on all desktops
(including access control)
23
Competency Dimension Score/Point Awarding Firm's
Basis Response
1.6 Electronic Payments Below 15% - 0 Points
Financial Transactions beyond a threshold are 15%- 40% - 1 Point
made through electronic means using Two Factor 40% to 75%- 2 Points
Authentication from designated devices only. Above 75%- 3 Points
i. Min of 15% and Upto 40% of all payments are made
through electronic means Max. Possible Points= 3
ii. 40% to 75% of all payments are made through
electronic means
iii. Above 75% of all payments are made through
electronic means
Note: % is in terms of transaction volume.
1.7 Copyright and Licenses For Yes- 1 Point
i. Software deployed are backed by appropriate licenses For No- 0 Point
and inventory of licenses are maintained. Max. Possible Point= 1
1.8 Digital Media for Communication For each Yes- 1 Point
i. Internal employee portal is maintained with updated For each No- 0 Point
content relating to firm's audit programs, checklists,
sample representation letters, etc and Max. Possible Points= 4
ii. E-newsletter is published to it's employees and
knowledge updates are available on portal
iii. Employee feedback and evaluation is done online
through a portal
iv. Mail server is managed in-house/third party service
provider with scheduled back-ups/vaulting options
enabled to retain mails for defined period of time
1.9 Protecting Personal Data and Privacy For each Yes- 1 Point
i. Employee related personal information/ HR data in For each No- 0 Point
electronic form is secured from unauthorised access
ii. Social media checks are carried out on key employees Max. Possible Points= 3
as part of background checks including prior or
existing relationship with clients
iii. Employees are sensitised on due care to be taken
relating to sharing client specific information
1.10 Online scans for adverse content For Yes- 1 Point
i. Does the firm carry out, either through a third party For No- 0 Point
or on it's own, scan of online content to track any
adverse news about the firm/it's employees Max. Possible Points= 1
1.11 External Validation/Certification For Yes- 2 Points
i. Is the firm subject to external validation/certifications For No- 0 Point
like ISO 27001 etc., Max. Possible Points= 2
24
SECTION B
AVAILABILITY OF QUALIFIED RESOURCE POOL AND TALENT
DEVELOPMENT RELATING TO DIGITAL COMPETENCIES
Competency Dimension Score/Point Score
Awarding Basis Assessed
2.1 Skilled resource for managing internal IT infra For Yes- 1 Point
Does the firm have trained/qualified For No- 0 Point
i. System Administrators or in case of cloud
deployment- cloud administrators Maximum possible
ii. Agreement with service providers for desktop points = 2
support, hardware maintenance/ AMCs
2.2 Training/skill of staff related to office automation i. 0 to 30% of the
How many of the firm's staff are formally trained/skilled in : staff 0 Points
i. Word processing software skills ii. 30% to 60% of the
ii. Spreadsheet software skills staff- 1 Point
iii. Database/ data analytics skills iii.Above 60% of the
iv. Presentation skills staff- 2 Points
v. E-mail and internet skills
vi. Use of automated work-flow systems Maximum Possible
Note: Each staff will be counted only once- i.e., same Points = 2
staff possessing two skills cannot be counted twice.
2.3 Skills related to audit in a computerised i. 0 to 30% of the
environment/Information Systems Audit staff 0 Points
Do staff members possesses one or more of the said ii. 30% to 60% of the
qualifications staff- 1 Point
i. Diploma in Information Systems Audit (DISA) iii.Above 60% of the
ii. Certified Information Systems Auditor (CISA) staff- 2 Points
iii. Certified in Risk and Information Systems Control
(CRISC) Maximum Possible
iv. Certified Fraud Examiner (CFE) Points = 2
v. ISO 27001 LA/Implementer
vi. Any other relevant certifications
Note: For the above, articled clerks are to be excluded-
only partners, qualified staff and paid assistants are to be
factored.
2.4 Digital Etiquette For Yes- 1 Point
i. Does the firm provide its staff with training on For No- 0 Point
drafting mail responses/any other form of digital
communication factoring cultural and generational Maximum possible
diversity of the client/recipients points = 1
25
Competency Dimension Score/Point Score
Awarding Basis Assessed
2.5 Protecting against digital threats For Yes- 1 Point
Does the firm sensitizes it's employees on issues like: For No- 0 Point
i. Cyber bullying
ii. Phishing attacks/spear phishing attacks targeting key Maximum possible
employees points = 1
iii. Malware threat indicators
2.6 Content delivery through digital platforms For Yes- 1 Point
i. Does the firm have an online/on-demand learning For No- 0 Point
portal which employees can access from anywhere
ii. Are at least 50% of the total CPEs sessions/ training
sessions through webinars/ podcasts are attended on
an average Maximum possible
iii. Has the firm subscribed to any digital learning points = 3
platforms from professional bodies for skill
development of its staff
2.7 Access to knowledge base, content search online and For Yes- 1 Point
evaluating content prior to use For No- 0 Point
i. Access to business knowledge database, market
drivers and technology involved in the industry in Maximum possible
which company operates points = 3
ii. Are staff trained formally on content searches related
to work and how to identify authenticity of the source
(say of case laws, audit check lists, etc.,)
iii. Are staff trained on what online content can be legally
re-used without IPR infringements
2.8 Creative use of digital technologies If atleast 1 such
i. Are staff encouraged to put IT to creative use, say automation achieved- 1
building an app for statutory due date alerts, alerts Point
relating to professional updates, automating a routine For no such
function automation- 0 Points
Maximum Possible
Points = 1
26
SECTION C
LEVEL OF AUTOMATION RELATING TO AUDIT PROCESSES
AND NATURE OF AUDIT SERVICES BEING RENDERED
Competency Dimension Score/Point Actual Points/
Awarding Basis Score Achieved
3.1Use of Automated Audit Planning Software For Yes- 1 Point
i. Does the firm uses any application software/ tool For No- 0 Point
for audit planning- including scheduling, resource
deployment, tracking hrs/days spent vs. budgeted Maximum Possible
time, etc. Points =2
ii. Is the software cloud based and secure access is
provided to staff members which has facility to
collaborate, digital sign off, etc.,?
3.2 Use of External Automated Audit Tools for Data For Points i to iii
Extraction, Sampling, Analytics, etc. For Each Yes- 1 Point
i. Does the firm have/ uses automated audit tools For each No 0 Point
for data extraction, sampling (Benford's law, RSF, For Point iv
etc.) , analytics etc. (like ACL, IDEA etc.,) i. If for > 5 out
ii. Are the staff adequately trained on usage of the of top 10 clients
tools and interpretation of results thereof ? manual processes
iii. Are the audit staff trained on identifying, are used- Negative
obtaining and analysing and retaining relevant Marking of 1
digital evidence pertaining to their audit work? ii. If for < 5 but
iv. Are there scenarios where client's core processes greater than
are fully automated while the firm continues to Zero- No negative
use manual audit techniques rather than system marking
driven reviews? Maximum Possible
Points = 3
3.3 Use of in-built audit tools/capabilities in client If Yes 1 point
side applications like ERPs If No- 0 Point
i. Has the firm used in-built audit capabilities in client
applications say, Audit Management Module in SAP, Maximum Possible
Oracle Financials, audit features in Tally, etc. Points = 1
3.4 Design of Application level Controls If Yes- 1 Point
i. Has the firm participated in the application design If No- 0 Point
stage for any client to suggest internal controls to
be built into software they propose to develop/ Maximum Possible
use, say, maker checker controls, segregation of Points = 1
duties, audit logs, etc. in financial software like
accounting, payroll, inventory management , etc.
27
Competency Dimension Score/Point Actual Points/
Awarding Basis Score Achieved
3.5 Carrying out Risk Assessment for the purpose of If Yes- 1 Point
audit planning If No- 0 Point
i. Does the firm have a process of reviewing IT
Controls and risk of failures of the same vis-à- Maximum Possible
vis impact on audit planning, including but not Points = 1
limited to audit sample size selection, focus areas
of audit, etc.
3.6 Information Systems Related Audits/Reviews For each Yes- 1 Point
Has the firm carried out audits relating to : For each No- 0 Point
i. IT Security General Control Reviews
ii. Financial fraud investigation involving digital Maximum Possible
forensic reviews Points = 5
iii. Application Security Audits
iv. Technical reviews like, Vulnerability Assessments,
Web Application security testing, etc.
v. ISO 27001: 2013 reviews
Name of Partner : __________________________
Membership No. : __________________________
Date : __________________________
Signature : __________________________
28
29
Digital Accounting and Assurance Board
The Institute of Chartered Accountants of India
www.icai.org
30
|