Internal audit and controls assurance

How we can help

We understand the importance of implementing a strong control environment to meet your key risks and have tailored our services with this in mind. We provide a number of internal audit and control-related services including:

• Fully outsourced/co-sourced internal audit services
• Controls assurance services
• Service auditors reports

Internal audit

Internal audit are increasingly being called upon by Boards and Audit committees to provide assurance on the governance and control processes in place. We believe that internal audit plays a pivotal role in helping management drive  business performance and in improving processes, controls, governance and risk management. The ways we can help your business achieve robust and reactive controls include the following:

• Fully outsourced internal audit – we can carry out the internal audit process from beginning to end. We can work with you to prepare a risk assessment and identify key areas of concern for both management and audit committee members, where internal audit assurance can add value.
• Co-sourced internal audit – we can support your organisation based on your requirements. Whether it is through the provision of internal audit staff to assist in completing internal audits or fully co-sourcing where we can be involved in the development of strategic internal audit plans through to the  delivery of reports.
• One-off projects – we can provide one-off projects in areas where benchmarking against your peers would be useful or where specific expertise is required; for example: internal and external vulnerability assessments; project management reviews; governance reviews.
• Secondment of staff – we can provide suitably qualified and experienced internal auditors on a secondment basis to assist with internal audit work, removing  the need for you to recruit additional FTEs when your resources are constrained.

Controls assurance

Organisations depend on information systems to provide complete, accurate and valid data, but these systems may be the source of considerable risk if not well deployed, monitored and controlled. Our Controls Assurance services focus on the identification and mitigation of risks affecting internal systems, business processes, projects, applications, data and third parties.

Implementing checks and balances for projects, work processes, computer applications and the underlying systems and third parties is one way to mitigate risks. We leverage frameworks and standards such as ITIL, CoBIT, ISO27000:2005, in conjunction with Deloitte proprietary tools to identify control weaknesses or gaps, and to make implementable recommendations.

With increased IT corporate governance concerns, security threats, data quality issues and privacy legislation, today, more than ever, organisations need to ensure the integrity, confidentiality and availability of information, along with the underlying systems.

Service auditors reports

At Deloitte we understand that service auditor reporting is an important annual investment for your company – helping you to win new business and improve your internal control environment, while ensuring greater accountability for the quality of services provided to your customers.

Our dedicated professionals are experienced service auditors that conduct engagements following standards such as ISAE 3402 and SSAE 16. This will enable you as a service organisation, to report on the effectiveness of key controls that you perform in your company which may be relevant to your customers’ internal control over financial reporting. We also provide SOC 2 reporting services, which have been developed more specifically for IT service organisations. A SOC 2 report evaluates your information systems with regard to security, availability, processing, integrity, confidentiality or privacy.

We can also assist you in preparing your company for service auditor reporting – this includes providing readiness assessments on the design effectiveness of your key control activities. As our client, we want to ensure that you are best placed to meet the on-going challenge of service auditor reporting.