Internal Audit Assurance and Consulting Services

Corporate businesses, governments and not-for-profit organizations in today’s world are facing myriad, new-fangled and unusual types of risks due to the changing environments in which they operate.  Technology innovations, new regulations, globalisation, competition, political and social matters and many other factors have changed risk profiles significantly. 

Risks such as application security, data integrity, business continuity, fraud and abuse, and other issues such as adhering to local and international laws require internal audit functions to be more dynamic, competent and have a larger and deeper talent pool at their disposal.  These professionals must have knowledge of latest developments and challenges faced by organisations and should be able to react efficiently and effectively by adequately planning, executing internal audit engagements and reporting on this more complex and faster-changing risk universe.

Due to dynamic risk environments, costs involved and other factors it is unlikely that the organisations may have invested in forming internal audit functions undertaking the risk based audits or, where established, the internal audit activity / functions may have the in-house capability to adequately address every risk their organizations or audit clients face.

Our clients may gain benefits of internal audit outsourcing, co-sourcing or contracting which may include but are not limited to following:

  • Sharing knowledge of latest risks faced by organisations and improving their risks profiles.
  • Guide and support in establishing new internal audit function / activity.
  • Quick start-up and execution by newly developed internal audit functions by applying already developed and tested methodologies and use of modern audit tools.
  • A variable-cost arrangement rather than a fixed-cost function.
  • Access to a greater number and wider range of resources.
  • Potentially greater objectivity and independence.
  • Opportunities of continuous learning and improvement. 

We offer Internal Audit Assurance and Consulting Services to corporate world, governments, non-profit organisations, In-House Audit Functions / Activities of these entities and also supply talented and trained human resource to professional practicing auditing and consulting firms. Our specialised services to organizations are solutions in form of specialized expertise and resources at economical cost.

Out-Sourced Risk Based Internal Audit Services

We support senior management in achieving their business objectives and also improve an internal audit function’s ability to address risks and meet customer expectations by delivering the Risk Based Internal Audit Services at a competitive rate.

The services offered may include:

  • Conducting standard internal audits as per requirements of Internal Auditing Standards made part of International Professional Practices Framework (IPPF) issued by The Institute of Internal Auditors.
  • Conducting internal audits of specific departments or functions as per scope agreed with management.
  • Evaluating design and operative effectiveness of internal controls.
  • Providing assurance on management of “Key Risks” including effectiveness of mitigating controls.

Co-Sourced Internal Audit Services

Our co-sourced arrangements often assist in the knowledge transfer process to in-house established internal audit activities / functions and resources, raising the level of competency of the function’s full-time employees.  Likewise, many companies may find that full or partial internal audit outsourcing makes sense, is cost-effective and provides significant short- and long-term benefits.

Considering above, we offer following types of Co-Sourced Internal Audit Services to our clients:

  • Facilitating identification and evaluation of risks (providing tools and techniques).
  • Coaching management in responding to risks.
  • Coordinating in CRM activities.
  • Support in consolidated reporting on risks (coordination).
  • Maintaining and developing the ERM framework (by applying suitable safeguards).
  • Developing a Risk Management Strategy for Board Approval.
  • Suggest or prepare criteria for risks measurement.
  • Suggest or prepare criteria for risk tolerance and appetite levels.

Contracted Internal Audit Services

The contracted Internal Audit Services component offered by us covers following: 

  • Acting as sub-contractor on big internal audit engagements.
  • Providing technically expert internal auditing staff to entities for undertaking internal audit engagements, certain parts of internal audit engagements or providing internal audit experts for certain period of time.
  • Staff secondments (local or international) for agreed period of time.

Quality Assurance and Improvement Program (QAIP)

 Business process and technological changes are important phenomenon in today’s world. Quality monitoring process must also keep pace as an organization grows and its internal processes change and evolve. To ensure consistent quality in this dynamic environment, an ongoing commitment to growth and improvement is essential.

The required elements of a Quality Assurance and Improvement Program (QAIP), as per guidelines of the Institute of Internal Auditors (IIA), include periodic internal assessments and external assessments to demonstrate conformance with The IIA’s International Standards for the Professional Practice of Internal Auditing. In addition, a QAIP can provide evidence to the audit committee and management that the internal audit activity is efficient, effective, and adding value. It can also build stakeholder confidence and document a commitment to quality, leading practices, and the internal auditors’ mindset for professionalism. 

Related Guidance to External Assessment

External assessments must be conducted every five years as required by the Institute of Internal Auditors’ (IIA’s) International Standards for the Professional Practice of Internal Auditing (Standards)which require assessment by an outside independent assessor or assessment team. The objective of the external assessment is to evaluate an internal audit activity’s conformance with The IIA’s Definition of Internal Auditing, Code of Ethics, and Standards. 

External Quality Assessment Methodology

Our specialised External Quality Assessment Methodology focuses on identifying opportunities to enhance internal audit processes, offering suggestions to improve the effectiveness of the internal audit activity, and promoting ideas to enhance the activity’s image and credibility. This approach embraces the successful practices of the profession and emphasizes governance, risk management, and control processes as important areas for auditors’ attention. External assessment recommendations may focus on opportunities for improvement and are offered to enhance the internal audit activity’s ability to add value to the organization. 

External Quality Assessment Services

We offer External Quality Assessment Services, as per the guidelines of the Institute of Internal Auditors.

  1. Assess the IA Activity’s / Department’s conformity to The Institute of Internal Auditor’s International Standards for the Professional Practice of Internal Auditing.
  2. Evaluate the IA Activity’s Department’s efficiency and effectiveness in carrying out its mission (as set forth in its charter and expressed in the expectations of management).
  3. Identify opportunities to enhance the IA Activity’s Department’s management of resources and work processes, as well as its value to audit customers or audited groups.

tools and methods for conducting External Quality Assessment

Our tools and methods for conducting External Quality Assessment may include:

  • Interviews & Surveys.
  • Review of Internal Audit Processes, Reports and Risk Assessment methodologies.
  • Review of Working papers, Reports & Technology Plan.
  • Review of Reporting Files.

Deliverables made by us may include Quality Assessment Reports and/or Presentation to Audit Committees or appropriate appointing authority.

Internal Audit Manuals and SOPs

Our experts prepare and deliver Internal Audits Manuals and Standard Operating Procedures (SOPs) for conducting Risk Based Internal Audits. The manuals are prepared both for the industries’ in-house internal audit departments and for professional firms offering the Internal Auditing Services. RBIA manuals are prepared considering the requirements of Internal Professional Practices Framework (IPPF) issued by the Institute of Internal Auditors (IIA). 

Risk Based Internal Audit Manuals and Standard Operating Procedures (SOPs) for following phases of audits:

  1. Planning Phase: Strategic and Operational Audit Planning Documentation.
  2. Execution: Risk Based Internal Audit Methodologies, required formats of working papers, , checklists, monitoring and review methodologies and use of suitable & preferred execution tool.
  3. Reporting: Formats of Periodic Management Audit Reports and Audit Committee Reports. 

Trainings on Risk Based Internal Auditing

Auditing today is focused on risk. ‘Risk’ and ‘management’ are two overused words and if the recent failings in banks and other institu­tions are a record, there has been neither proper understanding of risk nor management of it.

Risk Based Internal Auditing (RBIA) requires internal audit to be strategically and operationally linked to the business risk and assurance frameworks. It may be better to repeat the truth that internal auditors need to understand the business and its processes in the widest sense.

Our tailored course on RBIA will equip you with the knowledge and skills to plan, execute, manage and deliver the RBIA in an efficient and effective way and, at the same time, encourage you to think – auditing can be interesting and fun in spite of what many might think.

Benefits of Attending the Specialised Training on RBIA

  • Understand the key concept of Risk Based Internal Auditing.
  • Consider the knowledge, skills and competencies required to deliver risk based internal auditing.
  • Understand the essential links between an organisation’s risk management framework and detailed internal audit work.
  • Understand how a risk based internal audit plan is developed – gain practice in preparing the audit plan.
  • Understand how to assess the audit work required and deliver results.
  • Develop answers as to what processes and controls may be used to manage risk.
  • Develop skills in clear reporting of the risk (or lack of it).

Trainings and Workshops on RBIA

The training program uses a mix of presentations, quizzes and case studies to demonstrate the topics and develop trainees’ skills. Reference is made to International Standards for the Professional Practice of Internal Auditing and International Standards on Auditing.

Case studies on the difficult areas of:
  • Recording understanding of the businesses.
  • Reviewing the Risk Framework applied in the businesses.
  • Planning the risk based audit assignments / engagements.
  • Executing risk based internal audit assignment (by using suitably designed working papers).
  • Drafting the audit report with recommendations (Separate reports for Audit Committees and Management).
  • Technology & Data Analytics 
 We recognize that an organization’s operations have IT implications, and thus include technology risk experts in the process. We deploy our own IT professionals from our office or pool of consultants which allows us to avoid subcontracting critical tasks and helps us to retain control over the consistency and quality of the services you receive. To make sure there is adequate coverage for the detailed IT internal controls, we utilize the CobiT framework when performing our IT related risk management activities.

Our technology team has extensive experience helping companies develop and deploy advanced analytic tools that can turn unmanageable sets of data into meaningful information that not only supports compliance, but also drives better decision-making and adds lasting value.

Our risk data analytics team has deep understanding of technical disciplines such as data science and quantitative analysis, along with hands-on experience with many of today’s most advanced technology solutions. These technical strengths are reinforced by a solid foundation of industry expertise. 

Considering the above, we offer following types of Technology Audits and Data Analytics Services to our clients:

Technology Audit

  • Overall Control Environment.
  • Overall Risk Assessment of Cyber Security Processes.
  • Assessment of Risk and Controls designed and applied.
  • Alignment of Cyber Security Processes with applicable Regulatory Frameworks.
  • Security Incidents Response Plan, Program and related incidents.
  • Tools provided by Third Parties and their adequacy in maintaining controls.
  • Governance of information technology processes, assets, and projects, as well as segregation of duties and authorities.
  • Networks’ infrastructure, setup, performance, security, and protection systems.
  • Applications’ integrity of Inputs, data processing and credibility of Outputs, as well as change management and functional process flows.
  • Plans of continuity and efficiency of programs and systems, and conduct tests and drills.
  • Accuracy of integration between systems, programs, portals, and the frequency of their update and development, as well as error handling and exceptional reporting procedures.
  • Access control authorization and authentication.
  • Databases audit, backup process, file management, and access security.
  • Post Implementation Reviews after technology sourcing and implementations.

Data Analytics

  • Data Analytics Services using different tools like ACL.

Technology Implementation Support

  • Identifying suitable technologies for businesses (specially accounting software and ERPs).
  • Supporting clients in sourcing suitable technologies.
  • Providing Business Processes’ documentation services.