Internal Audit

We take full responsibility of your internal audit function.

key benefits

• A professional and efficient internal audit function, that is working according to internal audit standards.
• Access to our firm’s entire experience and all of our subject matter experts in critical risk areas such as cyber security, ESG, anti-corruption and compliance, which will enable your internal audit plan to cover highly relevant areas.
• Allowing focus on core business while providing an independent second opinion.

When you trust us with being responsible for your internal audit function, we take care of all aspects of the audit process. This includes creating a risk-based audit plan, performing the audits, doing follow-up on recommendations and reporting individual audits and the annual report to management and the board, but also coordination with other control functions.

We provide ongoing support for your in-house internal audit function, offering expertise ranging from strategic analysis to daily relief. We offer a breadth of complementary skills to expand the capabilities of your existing team.

Our co-sourcing partnership enables us to assist your internal audit function as needed, with experienced consultants and subject matter experts supporting you in business and IT audits and in various domains such as cybersecurity, ESG, AML/CTF, business continuity, capital markets, data quality and integrity, privacy and GDPR, IFRS, IAM, regulatory compliance, MiFID, risk management, etc.

Our services include

We can support you in the annual risk assessment process or offer assurance mapping services to enhance the efficiency of your GRC organisation.

Additionally, our internal auditors can conduct tailored training sessions to meet your specific requirements. This can include soft skills (e.g. planning & organisation or  communication and reporting), internal audit methodology, IT audit deep dives or specific competence development within a relevant risk area such as cyber security or ESG.

To fill temporary resourcing challenges, we can provide you with different interim solutions, such as interim Chief Audit Executive (CAE) and interim internal auditor.

We can offer internal audit consultants with extensive experience in the field including consultants with previous experience as Head of Internal Audit from both public and private sector (including financial services industry).

It is considered best practice to perform a quality review of your Internal audit function on a regular basis. This is often referred to as an External Quality Assessment (EQA) or Quality Assessment Review (QAR).

Our services include

• We can offer different levels of quality reviews, tailored for your specific needs. This can range from self-assessment validations and compliance assessments against international standards, to a full assessment including benchmark and market practices. The full potential of the assessment is received from a more thorough assessment, with benefits such as competence development, stronger teams or sometimes even a transformation journey with elements of automation and optimization.
• Our methodology for quality assessment is based on the “Quality Assessment Manual for the Internal Audit Activity” published by the IIA and on the International Professional Practice Framework and associated “guidance”.
• Our consultants have vast experience in different types of quality reviews for organisations within both private and public sector. Our team includes consultants with experience as Head of internal audit functions and with relevant certifications, and we have performed several Quality Assessments in the last years.

With our deep expertise and certifications, including certified information systems auditors (CISA), CIA, CISM, and CGEIT, Advisense is the right partner to support your IT assurance needs.

We provide objective assurance and insight into your organisation’s governance and management of technology, ensuring it is delivered efficiently, securely, and in compliance with regulations.

We adhere to industry standards and frameworks, including COBIT for IT governance, ISO/IEC 27001 for information security, NIST/CSF, and CIS controls for cyber security.

Our services include 

• IT compliance (against regulations, standards, and frameworks)
• Business continuity management and IT disaster recovery
• Governance of IT and information security
• IT security and cyber security
• Management of access rights
• IT supplier governance
• Third party assurance reports based on ISAE 3000, ISAE 3402/SOC reports
• IT development, maintenance and change management
• IT project management
• IT operations and resilience
• IT risk assessment as part of establishing a risk based internal audit plan.

We understand the crucial role corporate governance and internal control plays in the success of an organisation. An effective governance framework enables companies to align the interests of stakeholders while maximising their ability to achieve their goals.

We help revitalising risk management and internal control frameworks, quickly identifying the most important areas for improvement and making pragmatic recommendations for remediation.

We can provide you with support in all aspects of Corporate Governance & Internal Controls, ranging from designing a complete framework for ERM and internal controls, to support in individual components.

Services include

• Policy and corporate governance structure
• Enterprise Risk Management processes and framework, including harmonization with the COSO-ERM framework or ISO 31000.
• Internal control frameworks, including risk assessment processes, control assurance, key controls, self-assessments as well as monitoring, testing, and reporting procedures.
• Setting up efficient monitoring and reporting structures, including dashboards and Key Performance Indicators (KPIs)
• Assessing IPO readiness and designing and/or implementing recommendations
• Performing risk analyses/risk workshops (enterprise, process, or organisational level or in a specific area such as fraud & anti-corruption)
• Performing maturity assessments of internal control frameworks or risk management processes
• Process mapping