Audit Committees and management are seeking more value from Internal Audit, to improve business operations in addition to routine compliance and control attestation.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the organisation’s processes.
The Institute of Internal Auditors (Australia’s) white paper on the Internal Audit Service Catalogue confirms that internal auditing has evolved to include more dynamic and flexible service offerings.
The traditional method used to perform audit work. The objective is to provide an independent opinion on the quality and effectiveness of governance processes of the area being audited, backed by evidence. Engagements are performed in the phases of planning, fieldwork and reporting.
Assurance advisory services differ from traditional internal audit engagements and may involve advisory work around governance, risk management and control matters.
We can assist with the due diligence process for acquisitions. This includes:
We can offer ‘on demand’ services in areas where business issues may occur or emerging risks arise. The assessed level of risk, availability of resources, and endorsement of the Audit Committee are important factors in this space.
A review of business unit controls can determine whether a control environment is operating effectively and risks are being mitigated. These reviews encompass business unit activities, focusing on higher-risk activities.
A health check of a part of a business unit helps to establish and assess the state of an area’s governance, risk and control environment.
One successful audit method is multi-stage auditing. This is best for auditing projects and business improvement initiatives which will be planned and implemented over a period of time. A life-cycle audit approach through ‘short and sharp’ audits at key stages provides assurance, as well as immediate feedback as the implementation progresses, allowing areas requiring remedial action to be addressed at the time.
Should a detailed audit not be required at the time, a preliminary review can take place. This is a concise review of key business unit or program elements. It is an independent review to work in partnership with management to review risks and controls, not a comprehensive audit. The outcome is a brief roadmap and recommendations for improvement.
Should resources be limited, a limited assurance service through one-week reviews is suggested. These provide high-level assurance through a ‘short and sharp’ review of a business area. They may take a few days to complete, with planning and reporting taking the elapsed time to one week. Reviews of this nature provide a snapshot of risks and controls in a business area, with improvement suggestions.
We are able to provide assurance services for major projects to:
Project assurance work generally focuses on effectiveness of governance, risk management, scope, schedule, cost, quality, and artefact alignment to the project management methodology.
These processes must be fair, open, transparent to all parties, and defensible. Procurement advisory services through the life of major procurement activities helps to assure:
Anchoram’s role may be as probity advisor (to the client) or probity auditor (to the client and third parties).
Continuous auditing can take place over more stable and mature controls within the business, with sufficient transaction volumes to justify the investment.
Automating data analysis for continuous auditing can result in:
As Internal Audit becomes embedded within an organisation, continuous auditing for corporate and operational ICT systems can be considered.
This initiative can reduce the internal audit footprint for business units, deliver greater audit coverage and provide timely exception reporting. Ideally, a pilot project is tried first, with a possible full roll-out over time.
A forensic review is a detailed and focused examination of an issue or issues, dealing with actual or anticipated disputes or litigation. ‘Forensic’ means ‘suitable for use in a court of law’, and it is to that end that forensic reviews are performed. In most organisations, forensic reviews will be initiated in response to allegations of fraud or corruption. Anchoram has extensive experience in this field.
Categories of financial forensic engagements may include:
Steve is our National Lead Partner for Internal Auditing with more than 20 years’ experience leading assurance and risk advisory teams in the private and public sectors.
He is the Immediate Past-President of IIA-Australia, a member of the IIA-Australia Board, a member of the global International Internal Audit Standards Board (IIASB), and the Executive Committee of the Asian Confederation of Institutes of internal Auditors. Stephen represented IIA on the Standards Australia working group tasked with redrafting the Fraud and Corruption Standard AS8001:2021.
Jason is an experienced audit and risk professional, and Partner in our Internal Auditing practice. He holds more than 20 years’ experience across a number of large complex organisations with multiple functions, geographies, and sectors.
A fully Certified Internal Auditor with certifications in Risk Management (CRMA) and Control Self-Assessment (CCSA), Jason has extensive experience in managing key C-suite and Board relationships as well as delivering strategies across a multitude of industries, geographies and cultures.
Over Harry’s 17 years’ experience he has led the delivery of numerous technology assurance and advisory engagements for public, private, and not-for-profit entities, and held various client-facing roles within sectors such as Government, Energy and Resources, and Transport and Logistics. Harry is a qualified Chartered Accountant, Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), and a Certified Information Systems Security Professional (CISSP), and is endorsed by the Australian Signals Directorate (ASD) Industry Registered Assessor Program (IRAP). Harry also has qualifications in project management and IT Service Management fields.