Internal Audit-Governance, Risk and Compliance Simplified





The Internal Audit function of a business provides a critical function to identify and remedy problem areas such as the failure to mitigate risk, failure to comply with requirements and assess the controls and activities implemented to decrease the risk of fraud, theft and other financial losses.

The Internal Audit department should always be independent, and regardless whether it is an in-sourced or out-sourced function, it should be reporting to the Board Audit Committee or independent directors.

The responsibility and complexity of the internal audit function has increased significantly during the past 10 years specifically due to:

  • The number of business failures due to governance related measures.
  • The additional requirements required in accordance with Sarbanes Oxley, King 4, IIA requirements and the required levels of compliance required by the External Auditors to place reliance on the work performed by Internal Audit.
  • Changes in the complexity of the information technology environments such as Bid Data, M2M, IoT, Block Chain, mobile technology, BYOD, cloud technology and several other changes in the last few years.
 

The complexity increases have also included:

  • The establishment of Audit Quality Reviews (AQR) which is done at high cost by third parties.
  • The link between risk management and internal audit and the growing reliance and cooperation between the entities.
  • The failure of software suppliers to meet the needs and requirements of the audit departments.
  • The multiple types of audits being conducted and the inconsistent application of methodology.
 

There are also a number of approaches and objectives to be achieved which is also affected by the maturity of the Internal Audit Department.

 

Value Statement:

An effective Internal Audit Department would have the capability to identify weaknesses within an internal control environment in time to limit the financial losses being suffered and operational benefits or efficiencies to be realized.

If Internal Audit was not operational, the exploits identified by them may still be available and result in continued financial losses.

Unfortunately, the quality and effectiveness of the internal audit department is dependent on:

  • Internal Audit Departments are sometime not independent from business and can affect the quality of the reviews being performed.
  • The Internal Audit department is not adequately equipped to successfully render the oversight function.
  • The role between Internal Audit, Risk Management and Forensics (Investigations) get blurred, resulting in core activities not being attended to and the coverage not achieved


 

Value Proposition:

Cristal Consulting offers a multitude number of services associated with Internal audit which ranges from:

  • Establishing and running of a complete in Internal Audit Department down to
  • Offering training and assistance in audits to meet the annual audit plan.
 

The services on offer includes the following:

  • Establishment of an audit department which includes, but is not limited to:
    • The drafting and presentation of the annual audit plan to the Audit committee.
    • Drafting of the mission, vision, strategy, policies and procedures for the audit committee and the Internal Audit Department.
    • The appointment of staff to fill key position aligned with the needs and requirements of the business.
    • The drafting and execution of the audits in line with the audit plan.
    • Progress reporting to the audit committee with regards to the annual audit plan.

  • Assisting the Internal Audit department to ready themselves for an Audit Quality review.

  • The implementation of audit methodologies which includes, but is not limited to:
    • Integrated Auditing
    • Combined Assurance
    • Continuous Auditing
    • Risk Based Auditing
    • Risk Based Process Based Auditing
    • Compliance Auditing
    • Control Self Assessments

  • We offer Information Technology Audit assistance based on the CIA&F (Confidentiality, Integrity, Availability and Faud mitigation) views which includes:
    • Application Control Reviews
      • Review the business process documentation
      • Validation of the working of the internal controls as implemented which includes:
        • Validation controls*
        • Workflows
        • Segregation of duty assessments

  • General Control Review
    • Any other General Control review which may be required.
    • Configuration Reviews
    • SOC and SIEM reviews, focusing on design, implementation, reporting and associated activities.
    • Access control view

  • Governance Reviews, which includes frameworks such as:
    • COBIT 2019
    • ITIL
    • COSO

  • We also offer specific process audit information and templates which includes, but is not limited to the following:
    • Procure-to-pay
    • Contract management
    • Inventory and warehousing
    • Strategy
    • Revenue Assurance
    • Telecommunication configuration management.
    • And others

​​​​

We would like to believe that we are a one stop shop for all your internal audit needs and requirements. Please contact us should you need additional information or assistance.

Copyright © 2020. www.cristalconsulting.co.za .