The main purpose of the service is to help clients to execute of a full scope, risk-focused internal audit plan. A designated in-house contact, who reports to the Audit Committee or the Board of Directors, acts as the liaison with us.
Clients of the service are companies who want to outsource the entire internal-audit function to an external provider, who would usually be a public accounting firm, but generally a different firm from the organisation’s external auditor.
It is mainly because they do not want to incur the cost burden of recruiting and training their own in-house internal audit section which can require expertise in a growing range of specialist skills such as IT audit; data mining; data analytics and, (depending on the type of industry and size of the organisation), in depth knowledge of different regulatory regimes. It can be difficult and expensive to recruit, retain and invest in those people with specialist skills.
The service is delivered through following steps:
Prior to the start of the engagement, we will identify the key risks and its corresponding impact to the company for the areas assigned to ensure that our audits are risk-based as we develop the audit objectives.
The proposed internal audit plan will be developed by us, reviewed by the client and endorsed by the Audit Committee at the beginning to ensure proper internal audit focus is placed on business processes most important to the client.
a. We will conduct interviews with the relevant management personnel to obtain an understanding of the business process under review.
b. We will perform a walkthrough to identify the key risks and corresponding controls.
c. We will perform sampling tests to validate the design and operating effectiveness of the controls. Our sampling would cover transactions for one financial period, where applicable.
We perform our work by using the International Professional Practices Framework (IPPF) issued by the Institute of Internal Auditors, Inc. and the COSO Internal Controls Framework.
Where control lapses are noted, we would report to them in the audit report, together with the appropriate recommendations. We would also perform a follow up audit to ensure that the control lapses noted in the audit report have been satisfactorily rectified accordingly to the committed timeline.
It depends on how many audits the client requires. An audit would take an estimated 2 to 3 weeks of on-site fieldwork to cover an auditable area, depending on the scope, and another 1 to 2 weeks for compilation of audit findings and preparation of draft report.