Internal Audit Overview

Skip Navigation Links Home Services Business Risk Services Internal Audit Overview

Overview

The need for a strong and independent internal audit has never been greater but finding the right range of skills can be difficult. Working with Grant Thornton’s risk Assurance Services group provides you with a range of solutions, giving you a depth and breadth in skills, whilst retaining the flexibility to focus on and address the commercial realities.


About Internal Audit

Along with the enhanced profile for internal audit comes far greater expectations for fresh thinking and a more challenging approach with which to address key risks. At the same time, that ever increasing requirement for organizations to adopt and demonstrate good corporate governance practice in forcing a change in approach to control assessment in order to fulfil both compliance and operational demands. Using a risk-based approach, a skilled internal audit function can provide the necessary focus to co-ordinate an organization’s response to these new demands.


A Dedicated Independent Source

Internal audit must be a truly dedicated, independent resource. For many organizations, the range of skills needed to address wider operational risk such as treasury, procurement and IT system, is simply too wide to be found in a small team. Fulfilling modern expectations of internal audit will almost inevitably result in an imbalance between resource and internal expertise.

Through the delivery of solutions geared to meeting your needs, be they fully outsourced, joint sourced or peer review, we can reduce this imbalance.


Range of Services

a) In-House Internal Audit

We provide advisory and project management services for clients who are considering the establishment of an in-house internal audit function.

b) Joint Sourcing Internal Audit

For clients that already have an established in-house internal audit function, joint sourcing provides a number of benefits whilst allowing them to remain in full control of their in-house function.

c) Outsourced Internal Audit

Grant Thornton provides a fully outsourced, risk based internal audit function to its clients. This enables the management team to focus their attention on the core operations of the business whilst enduring the Board receives first class, independent assurance on the management of key risks, the setting up and maintenance of a risk-focussed internal audit function is a challenging undertaking in any environment.

Grant Thornton's Methodology

Our approach to the delivery of Internal Audit Services ensures the participation of business units members of staff through what is known as CRSA (Control and Risk Self Assessment).

CRSA is a process through which internal control effectiveness is examined and assessed. Within this process, key business objectives are reviewed, risks involved in achieving these objectives are determined, and internal controls are designed to manage these risks.

The CRSA process allows management and/or work teams directly responsible for a business function to:

  • Evaluate risk.
  • Participate in the assessment of internal control.
  • Develop action plans to address identified weaknesses.
  • Asses the likelihood of achieving business objectives.

The ultimate objective of CRSA is to provide reasonable assurance that all business objectives will be met.

The following are among the most commonly claimed benefits of CRSA to management:

  • Improving the responsibility for risk and control from auditors to managers and employees.
  • Transferring the responsibility for risk and control from auditors to managers and employees.
  • CRSA aids management and audit in identifying potential exposures and weaknesses in internal control systems thus preventing errors and fraud.
  • The synergy created by the interaction of the audit department and CRSA participants increases the value of the internal audit contribution to the organization through the following:
    • Increasing the scope of coverage of internal control reporting during a given year.
    • Targeting audit work by reviewing high risk and unusual items noted in CRSA results.
    • Increasing the effectiveness of corrective actions by transferring ownership to line management.

Out methodology is built around a software package. The software allows an internal audit function to perform the following:

  • Objectively evaluate the business units’ control environment and assign audit rating.
  • Automatically re-evaluate the control environment depending on compliance test results.
  • Develop a Risk-Based Internal Audit Plan, that takes into consideration the assessment of the control environment and other important factors (e.g. materiality, management turnover, time since last audit … etc).
  • Produce numerous reports and charts on the functions/branches risks, controls, and control environment.
  • Generate standard summary reports to the Audit Committee and the Board of Directors on the status of the organizations’ overall control environment (using software’s Corporate Governance module).
  • Follow-up on the implementation of recommendations/action plan.
  • Track actual loss events and “near-misses”.

Service Delivery

Our approach for granting internal audit services is captured in the diagram shown below:

© 2009 Grant Thornton International Ltd – All rights reserved