Facilitating GRC Best Practice
Supported Standards:
ISO 31000
BS 10500
ISO 19600
ISO/IEC 38500
ISO/IEC 27001
ISO/IEC 22301
ISO/IEC 20000
Balanced Scorecard
Consultancy Topics:
IT Governance
IT Risk
IT Compliance
Information Security
Business Continuity

Internal Audit Function Establishment

Internal and IT Audit

Analytix Internal Audit consulting services assist organisations to establish or improve their Internal Audit functions. 

Alignment with Internal Audit Best Practice

These services are aimed to assist organisations to align their Internal Audit functions and practices with the latest international Corporate Governance and Internal Audit best practices.

Internal Audit Function 

We provide the technical expertise and project management capabilities needed to build an effective risk based Internal Audit function. 

The scope and structure of an Internal Audit programme can vary, and our effort expended will be tailored to the needs of your organisation, while we will ensure that the essential elements of an Internal Audit function be established which is capable of performing the following functions:

  • Performing an objective assessment of the effectiveness of risk management and the internal control framework
  • Systematically analysing and evaluating business processes and associated controls
  • Providing a source of information as appropriate, regarding instances of fraud, corruption, unethical behaviour and irregularities, and
  • Ensuring that an internal audit charter should be defined and approved by the board

Analytix’s approach to Internal Audit programmes is based on assisting organisations to create an effective Internal Audit function that meets the needs of your business and adheres to the legal requirements regulating your industry.

Our approach makes provision for a series of activities designed to meet the increased requirements of an Internal Audit function. It also takes advantage of international Internal Audit best practices.

Key aspects involved in developing a new or improved internal audit function include:

  • Integrating Internal Audit with Your Corporate Governance framework – includes developing an understanding of the organization and existing corporate governance structures and aligning this understanding with the expectations of the various stakeholders. It also involves establishing the internal audit governance structure and framework and establishing formal oversight of the internal audit function.
  • Develop operational guidance – calls for establishing the operational framework of internal audits as well as developing standardized tools and templates for use in the operations of the internal audit function.
  • Establish executive/board reporting – requires determining reporting requirements with key stakeholders and developing related protocols. It also entails developing the necessary reporting tools and formalizing the reporting process.
  • Developing a Risk Based Internal Audit Methodology – involves developing risk criteria and performing risk assessment. It requires identifying enterprise risks and facilitating discussions on how these risks threaten business objectives. Additionally, it involves associating risks to key business processes and communicating results and validating findings to develop the basis for the internal audit plan.
  • Internal audit plan development – leads to creating a risk-based internal audit plan and includes determining timing and resource requirements. It entails developing and sharing a draft plan with the function sponsor before obtaining audit committee approval. Once approval is granted, this step also requires maintaining and updating the internal audit plan on a regular basis.

King Code for Governance

According to the King Code for Governance, "A compliance-based approach to Internal Audit adds little value to the governance of a company as it merely assesses compliance with existing procedures and processes without an evaluation of whether or not the procedure or process is an adequate control. A risk-based approach is more effective as it allows Internal Audit to determine whether controls are effective in managing the risks which arise from the strategic direction that a company, through its board, has decided to adopt.

Internal Audit should be risk-based and every year the internal auditors should furnish an assessment to the board generally on the system of internal controls and to the audit committee specifically on the effectiveness of internal financial controls. 

The audit committee must report fully to the board on its conclusions arising from the internal audit assessment.

This will give substance to the endorsement by directors of the effectiveness of internal controls in a company in the integrated report. Internal audit forms part of the combined assurance model introduced in Chapter 3 Principle 3.5 of the King Code for Governance report. Internal Audit is discussed in Chapter 7 of the King Code for Governance."

Standards & Guidance — International Professional Practices Framework (IPPF)®

The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal Auditors (IIA).

A trustworthy, global, guidance-setting body, The IIA provides internal audit professionals worldwide with authoritative guidance organized in the IPPF as mandatory guidance and strongly recommended guidance.

Our consultants would evaluate or establish some of the key elements of your Internal Audit function, which would likely include:

  • An Internal Audit charter / framework or mandate
  • A flexible internal audit organizational structure with roles and responsibilities promoting accountability, effective communications, team work, professionalism and the optimal use of resources
  • Internal Audit process and procedures
  • Internal audit risk universe
  • Templates for an audit plan
  • Internal Audit reporting tools and templates

Our Internal Audit consultancy delivers real business benefits:

  • Brings a clear focus to your business continuity project, based on real-world experience
  • Helps to ensure that you stay on track and within your budget
  • Delivers a convincing business case for implementing an Internal Audit project
  • Helps you avoid common pitfalls and challenges during an implementation
  • Introduces appropriate metrics that will clearly demonstrate your success