Business-people-meeting-in-glass-meeting-room

Internal Audit

Helping organisations meet and maximise their governance, risk and control procedures.

OverviewOur work with you Our latest thinking

With constant changes in the external environment creating new pressures almost every day, internal audits, governance and other risk and assurance reviews are essential methods for organisations to increase efficiencies, check processes, understand their risk exposure.

Our specialist risk and assurance team, led by Richard Evans, are ideally suited to provide you with an impartial overview (through an internal audit, governance or other risk review), of the status of your organisation and will give practical tips for improvements or changes.

Our team can act as a seamless extension of your own. With national support and international reach, we provide comprehensive advice on key issues while connecting you with local experts who are committed to your organisation's journey.

Services

Find out more about our services and how they can benefit your organisation

We provide fully outsourced internal audit solutions, including staffing the Head of Internal Audit role. This can be flexed accordingly to priorities and budget to maximise the impact of the internal audit and assurance activity.

This generally involves working in partnership with the in-house Head of Risk/ Audit to deliver the programme of work. This can be flexed with Crowe leading end-to-end reviews from planning to reporting, through to the provision of SME resource to support planning and benchmarking.

Board Effectiveness Reviews
Governance Reviews

Governance Transformation
Delegations and decision making

Where needed, we can supplement your existing audit programme through a range of specialist assurance work including:

Technology Risk
Cyber Security
Data Analytics tools and techniques
Project and Programme Change
Fraud and Misconduct investigations

Equality, Diversity and Inclusion (EDI) assessments
Risk Management and Risk Culture review
Safeguarding
Supply Chain Assurance
AAF Reporting

Our External Quality Assurance Register (EQAR) reviews are led and undertaken by our senior team in accordance with the IIA Standards. These are sector specific and include assessment of internal audit strategy and plans, stakeholder consultation, file technical reviews, use of specialist resources and assessment of current and future team skills and competencies. We present tailored action plans to support the target state development of the internal audit service.

We can provide a full solution to support Sarbanes-Oxley (SOX) requirements, including business process and ITGC design and operating effectiveness testing. Our team work alongside the existing in-house teams, working in partnership with our Crowe US colleagues to deliver a global service.

Additional internal audit support

Setting up Internal Audit functions for the first time

We have designed an 'Internal Audit Service in a box solution which is specifically tailored for small to midsized organisations who are seeking to implement internal audit for the first time, either as an outsourced service or in forming a new in-house team.

This has been created with a view to make the process as easy and efficient as possible to ensure the internal audit service has a fast start, with the structural elements established so the team can focus on delivery. There are various options for the service, including:

Crowe set up and operate the internal audit service on a fully outsourced basis.
Utilising the Crowe toolkit to establish the internal audit charter, mandate and introduction to the organisation, with Crowe providing an interim service during recruitment of the in-house team.
Procuring the toolkit for use by in-house resources for adaptation, including draft templates for internal audit charters, strategies, workplans and terms of reference templates for specific audits.

Crowe Internal Audit Membership

For in-house teams we also offer a 'membership model'. This can be offered on a call-off or recurring basis, with the fee structure based on the level of engagement and support. Within this model teams have wider access to our leadership team and library of materials.

Membership is free to sign up to gain access to the wider network of peers and the Crowe team, with a range of benefits including early access to thought pieces, materials, conference position holds, speaking opportunities, and Q&A access.

Examples of support which can be obtained to either support new in-house teams or increase the efficiency of the internal audit service include:

Coaching and development of new Heads of Internal Audit – with access to our wider partner team and associates of coaches, there is the option for one-to-one sessions with your internal audit leadership to develop plans and provide expert cross-sector insight.
Training and development courses – delivered by our senior team and wider panel of experts there are a number of off-the-shelf and bespoke courses which can be provided. Examples include Risk Based Internal Audit introductions, Internal Audit planning, Challenging Conversations, ESG, Technology Assurance, Cyber Security and Report Writing.
Access to networking and round tables from a range of sector peers and industry professionals.
Options to secure template terms of reference for a range of template audit briefs and work programmes to save time in day-to-day delivery of projects.

Charity Magique

Benefit from our bespoke, user-friendly non profit risk management tool. Created based on Crowe’s extensive experience of the sector, CharityMagique allows social purpose and non profit organisations to seamlessly identify, quantify, assess and control risks, and to embed risk management within their organisation.

Best practice: CharityMagique adheres to CC26 (Charities and Risk Management guidance from the Charity Commission) and facilitates efficient charity risk management processes.
Supports effective risk management: Allows users to easily capture, track and mitigate risk across the organisation (including directorate, function, branch, project). It enables dynamic reporting to drive the right conversations.
User-friendly: Flexible and easy-to-use, the web-based system allows multiple risk owners to update risks concurrently, reducing time spent on admin, and allowing more time to be spent managing risk.
Secure: Audited to BSI standards and Cyber Essentials Plus certified, with regular penetration testing undertaken. Data is hosted in an ISO 27001-certified, UK-based data centre.