Internal audit

The importance and visibility of internal audit has never been greater. Now more than ever, management, audit committee members and other stakeholders are demanding a flawless internal audit function. The cost of failure is too high.

Our comprehensive risk-based and process-driven approach improves internal audit performance and efficiency while adding true value to the organisation. We work closely and collaboratively with our clients, providing the full range of services, such as helping to set up an effective and strategically positioned internal audit function, enhancing existing departments, providing specialised resources or outsourcing their entire internal audit function.

Our practitioners have the knowledge, technology and experience across a broad spectrum of industries, along with a distinctive approach, to make us uniquely qualified to help. We work closely with our clients to build world-class internal audit processes that become critical in helping management assess the current situation and strengthen the entire organisation.

Cosourcing services

Increasingly, internal audit departments are leveraging the benefits of cosourcing to supplement their internal audit team with external resources or specialised skills. Cosourcing provides a flexible solution to the resourcing needs of an in-house internal audit department.

  • Resource enhancement: We can provide you with skilled internal audit professionals to complete special projects or fill vacant internal audit positions to enable the completion of your annual internal audit plan.
  • Specialised skills: We can provide your internal audit team with specialised skills in a wide variety of areas such as information technology, regulatory compliance, private banking, capital market, human resources to name just a few.


Outsourcing the entire internal audit function to an external provider can be an effective business solution to allow management to focus its time and effort on the core competencies of the organisation.

We work with clients to seamlessly fill the role and serve as the organisation's internal audit department, addressing the above issues because internal auditing is our core competency. With access to high performance methodologies, automated tools and expertise in specialised areas across a wide variety of industries, our internal audit professionals create value-added internal audit functions.

IT internal audit & CIPS internal audit

IT internal audit

The ever-increasing complexity of information and communication technology (ICT) and security risks presents new challenges for an organisation’s internal controls function, including Internal Audit (IA). Following a risk-based approach, an organisation’s IA plays a critical role in helping review and provide independent assurance that ICT and security-related activities are compliant with organisation’s policies, procedures, and external requirements.
To learn more about how Deloitte can help you visit our dedicated page here.

Internal audit for CIPS

The internal audit function plays a key role in assessing and reporting on an organization’s risk management, internal controls, and reviewing management information systems. Internal audit functions are seen as business partners, adding value to the organization beyond compliance.
To discover in more detail how organizations can establish and improve their internal audit functions, visit our internal audit page for Commerce, Industry and the Public Sector in Luxembourg, here.

Internal audit function setup

We can help you to build a leading edge internal audit function that conveys your strategic objectives and supports the realisation through truly adding value to your organisation. Our comprehensive and proven Fast Start framework can help you get your internal audit function up and running quickly, intelligently and cost effectively.

Within a couple of months, our highly experienced internal audit professionals can have your internal audit function up and running. Our Fast Start services include understanding the organisation's expectations and perceptions of internal audit, and designing a function that meets your needs, budget and organisational culture.

Internal audit function review and enhancement

he recently revised Institute of Internal Auditors (IIA) Standards require a periodic external assessment of internal audit activity to appraise the quality of the operations. Our internal audit function reviews look at internal audit's ability to help an organisation achieve business objectives and strategies.

We help clients measure the quality of their internal audit function to ensure and sustain its value to the organisation. Using proven methodology and a customised approach, we assess the department's structure, technology use, methodologies and people. We also examine the approach and performance relative to plans, the policies and procedures relative to professional standards, the best practices and the needs of internal audit customers.

The results, which are communicated to management and/or the audit committee, act as a catalyst for change, resulting in greater assurance and enhanced client satisfaction.

Strategic audit plan development

Enterprise risks are increasing exponentially while the ability to manage these risks is not keeping pace. Increasingly, companies are looking to risk assessment as a way to identify and assess risks either across the organisation as a whole or within specific aspects of the business.

For internal audit departments, risk assessment is a key element in the development of the annual risk-based internal audit plan. The identification, prioritisation and sourcing of key organisational risks is critical to ensuring that internal audit resources are allocated to the areas that matter most.

Accordingly, we help our clients design risk-driven internal audit plans that are needed to reach specific objectives of management or boards of directors. This typically entails defining the audit universe, prioritising audit activities and recommending a schedule of audits to be performed.

New regulatory challenges for self-managed Alternative Investment Funds

Internal audit outsourcing and cosourcing - A flexible solution for self-managed Alternative Investment FundsOne of the consequences of the financial crisis has been the unprecedented regulatory pressure on financial institutions. In Luxembourg, the EU Directive on Alternative Investment Fund Managers (AIFMs) has emerged as one of the most challenging new regulations for self-managed AIFs.

The Directive has introduced a specific obligation for self-managed Alternative Investment Funds (AIFs) to adopt a permanent Internal Audit function, as specified in the application form for self-managed AIFs.

In this context, setting up and maintaining a well-proportioned and efficient internal audit function is vital in order to support all of the organisation’s stakeholders - and more specifically the executives and board members - in fulfilling their increasing responsibilities in terms of governance, risk management and control.

Internal audit outsourcing and cosourcing - A flexible solution for self-managed AIFs


Laurent Berliner

Laurent Berliner

Partner | EMEA FSI Risk Advisory Leader

Beside his service responsibilities for many of our clients, Laurent leads the international relations of our Luxembourg firm to sustain our international development from a client, service, talent an... More

Roland Bastin

Roland Bastin

Partner | Risk Advisory & Forensic

Roland is a partner within the advisory and consulting department and joined the Risk Advisory practice of Deloitte in 2001. He is responsible for IT audit, IT security, IT regulatory compliance, Data... More


Jérôme Sosnowski

Jérôme Sosnowski

Partner | Risk Advisory

Jérôme started his career at Deloitte Luxembourg in 1998 as external auditor and joined the Entreprise Risk Services practice in 2000 covering the financial service industry. He left Deloitte in 2002 ... More

Stéphane Hurtaud

Stéphane Hurtaud

Partner | Cyber Risk Leader

Stéphane is a partner within our Risk Advisory practice. He has over 25 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Insert CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.