Certified Management System Auditor (CMSA):

The Institute of Certified Internal Auditors (ICIA-PAKISTAN) designed the Certified Management System Auditor (CMSA) program for the management auditors to equip them with the necessary tools and certify them to have an independent identity in the professional world. CMSA designation is only offered by the ICIA-PAKISTAN and no other professional body is offering such course and certification program for the management auditors.

“Management System Audit’ is a systematic examination of decisions and actions of the management to analyze the performance. Management audit involves the review of managerial aspects like organizational objective, policies, procedures, structure, control and system in order to check the efficiency or performance of the management over the activities of the Company. Unlike financial audit, management audit mainly examine the non financial data to audit the efficiency of the management. Somehow audit tries to search the answer of how well the management has been operating the business of the company? Is managerial style well suited for business operation? Management Audit focuses on results, evaluating the effectiveness and suitability of controls by challenging underlying rules, procedures and methods.

Management Audit is an assessment of methods and policies of an organization’s management in the administration and the use of resources, tactical and strategic planning, and employee and organizational improvement. Management Audit is generally conducted by the employee of the company or by the independent consultant and focused on the critical evaluation of management as a team rather than appraisal of individual.

Objectives of Management System Audit:

  1. Establish the current level of effectiveness
  2. Suggest Improvement
  3. Lay down standards for future performance
  4. Increased levels of service quality and performance
  5. Guidelines for organizational restructuring
  6. Introduction of management information systems to assist in meeting productivity and effectiveness goals
  7. Better use of resources due to program improvements.


What is a business management system?

Organizations of all sizes need to manage risk, meet customer and societal demands, satisfy legislative requirements, and all in a world where change in those requirements is the only constant. The business management system is the way, that successful organizations meet these challenges and ensure they set out principled programs of change and improvement to address risk and opportunity.

In simple terms a business management system does the following:

  • Ensures that the stakeholder and regulatory requirements that the organization must meet to survive and prosper are identified: customer, health, safety, security, environmental, ethical etc
  • Ensures these requirements are captured in corporate policy and that these are owned within the organization
  • Ensures that policy is embedded in business process and practice through appropriate communication, objectives and controls through appropriate planning and risk mitigation
  • Ensures that performance is monitored, measured and evaluated
  • Ensures that performance is reviewed
  • Ensures that risk and opportunity identified is translated into its change programs

What is a business management systems audit?

An audit determines whether an organization’s activities and related results comply with planned arrangements to deliver customer, stakeholder and regulatory requirements. It determines whether these arrangements are implemented effectively, and are suitable to achieve the stated objectives. And it provides the organization with an understanding of risk and opportunity to inform future change and improvement.

There are three types of audit:

  1. First party audits

Audits conducted by an organization’s own personnel (internal audits) and mainly directed at improving the management system, and checking compliance of the organization’s employee’s work practices and procedures. A properly conducted internal audit programme is recognized as an effective management tool.

  1. Second party audits

Audits conducted of a supplier’s or contractor’s management system by a customer (external audit). This type of audit is often used to establish how the customer’s contract is being handled by an organization.

  1. Third party audits

Audits conducted for certification purposes, usually by certification bodies accredited by a national accreditation body. Certificates issued by accredited certification bodies are recognized by international trading groups. This means that certified organization’s have better access to markets globally, and that their customers are provided with a level of confidence in their suppliers’ capability to meet requirements.

Business management system audit provides the following benefits:

  • Value for the users and stakeholders who rely on management systems certification to establish if the client organization’s management system can consistently meet customer and applicable regulatory requirements
  • Value for the auditee by:
    1. Providing management with information regarding the organization’s ability to meet its management system related business objectives
    2. Identifying problems that may prevent the client from meeting its management system related business objectives
    3. Identifying meaningful opportunities for improvement and areas of risk that are not identified or managed

What is an ICIA-PAKISTAN Certified Management System Auditor?

With so much riding on the outcome of an audit the competence of management systems auditor is vital. And, as with any professional activity, it is important that auditors adhere to professional standards.

ICIA-PAKISTAN certification is the international gold standard for management system auditors which indicate that an ICIA-PAKISTAN certified auditor:

  • Has met the required standards of training, technical experience, work experience and audit experience
  • Has committed to working to the professional standards set out in the ICIA-PAKISTAN code of conduct
  • Has committed to and undertakes on-going professional development to keep up to date with developments in standards, auditing methodology and industry requirements.