Create and develop a high-performing Internal Audit function
An effective Internal Audit function plays a significant role in the development and sustainability of an internal control system.
High performing Internal Audit functions are characterised by strong, effective leadership and a talent model that supports the vision for Internal Audit and the wider strategy for the business.
When developing an Internal Audit function, strategy must drive tactics, and not the other way round. Many a times, in a rush to implement an Internal Audit function, key strategic issues can be overlooked, with the result of having a carefully planned Internal Audit function in search of a strategy.
We can assist you by establishing the route map to set up an Internal Audit function, in line with your mission statement, strategic goals and stakeholder expectations, delivering excellence to all stakeholders based on the PwC four pillars of excellence and eight core attributes.
We can also help you:
- Develop an Internal Audit plan based on a risk-based approach
- Develop, advise on, and document policies and procedures
- Develop and establish a methodology and communication strategy for meaningful and timely reporting
- Undertake an evaluation of the personnel, the types of experience required and the most effective model for team structure
- IT system audits
- Assist in setting up IT systems which will facilitate the recording and monitoring of Internal Audit recommendations
- Perform a knowledge transfer between PwC and your team through co-sourced audit reviews
Internal Audit outsourcing and co-sourcing
The role of Internal Audit is to provide independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.
We are able to bring you extensive capabilities that go beyond the traditional focus on internal controls, by considering areas like your organisation’s culture and behaviours into which we will embed sound control systems within your organisation.
We offer an array of flexible outsourcing and co-sourcing solutions, including:
We will act as your own Internal Audit function by providing you with a team that will fully cater for your needs. The Internal Audit function will execute a full scope, risk focused Internal Audit plan, and will report to the audit committee or the board of directors.
We will implement a system of continuous improvement by closely monitoring implementation of recommendations through follow-up activities and regular reporting to the audit committee.
Co-sourcing will involve PwC working alongside your Internal Audit team. The execution of the Internal Audit plan would be shared and typically, we would handle specialised areas or areas which are more cost effective to outsource, such as special investigations and system security audits. We would also be able to provide specialist resources, such as IT specialists, industry experts and forensic investigators where necessary.
For all types of engagements, we will make use of the wide variety of skills, subject matter expertise and special insights to which we have access through our global network. This pool of knowledge, skills and experience is practically impossible to reach for most in-house teams.
Evaluating your Internal Audit function
In an environment of transformation, increasing complexity and an evolving risk landscape, Executives and Boards are turning to experienced, independent third parties like PwC to carry out an External Quality Assessment of their established Internal Audit function.
Internal Audit functions must evolve to keep pace with the needs of its stakeholders, business and the general macro environment.
Internal Audit is a strategic opportunity for every organisation and function to:
- Drive innovation and productivity;
- Share insights and possible solutions; and
- Deliver a return on its investment.
PwC has the required pool of resources and knowledge to take your Internal Audit to the next level by:
- Comparing your Internal Audit function’s performance with leading practices and/or with Institute of Internal Auditors (IIA) standards
- Identifying gaps and areas for improvement to enable your Internal Audit function to add value to the organisation by recognising improvement opportunities. These may exist both in terms of the function’s performance and in terms of stakeholder’s expectations
- Providing training and closely accompanying your Internal Audit function towards its path to improvement at every level
- Assisting in the choice and implementation of tools and methods to manage reviews and other related Internal Audit activities
The investigation of fraud and other economic crimes, particularly where the integrity of senior management has been called into question, requires a thorough, professional and independent approach.
Our team can help you be proactive with respect to fraud to avoid facing a crisis; or can be by your side to find out what really is happening when you suspect the worst. Our forensic experts can support you in investigating, analysing and resolving a potential crisis as well as preventing a bigger one.
Potential issues you may be facing
- Your organisation has suffered asset misappropriation in any form, including theft of cash or other assets, procurement fraud, expense or payroll fraud, loan fraud, diversion of revenues, etc.
- You need to respond to bribery and corruption claims or allegations
- There is a suspicion of accounting fraud or manipulation of figures
- There are concerns about the adequacy or effectiveness of anti-fraud programmes and controls
- You suspect there are breaches of ethics, conflicts of interest and other forms of management and employee impropriety within your organisation
- Reviews and other related forensic activities
- Forensic technology solutions - We can help you by using specialist skills and tools for the analysis of electronic data to obtain electronic evidence, analysis of contents of computer hard drives and e-mail boxes, recovery of deleted files and security credentials, mobile device content analysis, analysis of data sets and other computer-related investigation tasks.
- Investigations - We can help you investigate the nature and extent of the suspected fraud or irregularity, how it occurred and who was responsible.
- Regulatory compliance - We can help you deal with regulatory aspects, particularly in terms of regulations dealing with fraud and corruption. We can advise on the adequacy of your organisation’s Anti-Money Laundering; Anti-Bribery and Whistleblowing policies and procedures, as well as provide assistance in dealings with the regulator in the event of an investigation.
- Dispute analysis - We can support you in cases of dispute, including assistance with the analysis and valuation of claims, expert witness testimony in court proceedings, and even acting as arbitrator or as mediator/ facilitator in situations of conflict.
- Fraud Risk Management - We can help identify and assess the main risks for financial crime related to your business and to establish and implement systems, policies and procedures for managing these risks.
PwC can assist you in complying with regulations and legislation (e.g. sector-specific legislation, European directives, local legislation etc.).
The work involved when conducting a compliance audit would cover the following tasks:
- Identify the regulation or legislation in question and the requirements pertaining to this area
- Adopt the adequate methodology and in-house specialists to assess the level of compliance to any relevant regulation/legislation
- Propose bespoke solutions to assist management in conforming to the relevant areas of the regulation/legislation
- Assist management to set up or refine the processes and internal controls to monitor compliance efficiently and effectively
- Provide technical expertise on upcoming regulation/legislation to prepare the appropriate measures to ensure future compliance
Assistance in Risk Management
The purpose of having a Risk Management function is to provide the second line of defence to complement the first line (management) and the third line (Internal Audit). PwC can assist you in developing a practical Risk Management Framework, and can also help you establish a formal Risk Management function.
Organisations are under pressure to identify all the business risks they face, being social, ethical, environmental, as well as financial and operational. Board of directors on behalf of shareholders, regulators, supply chain partners and customers increasingly put under organisations under the spotlight to explain how they manage risks. Meanwhile, the use of enterprise-wide risk management frameworks has expanded, as mature organisations recognise their advantages over less coordinated approaches to risk management.
Our team of risk specialists, with extensive experience in the field of Risk Management, are able to assist you in establishing an appropriate and practical Risk Management Framework which will be aligned with your organisation’s size and risks. Risk Management is a strategic value adding tool that is a vital component in the decision making process of a forward-looking organisation.
We can also assist you in structuring a formal Risk Management function, tailor made to your needs, proportionate to the size of the entity and will optimally balance prudence with business initiatives and the sector in which you operate.
As part of our services, we will make available to you PwC tools relevant for effectively managing risks. We will tailor our resources in a manner such that you can derive most benefit without overloading your resources.
Internal Auditing training and knowledge sharing
In the current changing business environment, organisations will only thrive if they recruit, develop and retain their key staff.
We can assist you in the training and development of your Internal Audit or Risk Management teams, or any other personnel in charge of governance. We can help you ensure that your staff keeps up to date with current professional development and modern practices.
Our training solutions may be customised, tailor made, and exclusive to your organisation. We are able to provide these training programmes with a high level of interaction, based on practical examples which will help meet and exceed all your expectations, and add value to the attendees. We will leverage our trainers’ practical experience in varied aspects of Internal Audit and related subjects.
Additionally, we run regular general training programmes that are designed and developed on wide-ranging topics according to developments within the business environment.
Training on Internal Audit can be held at our dedicated premises in Mill Street, Qormi or at your premises. Our training facilities are equipped with all that is necessary to ensure that a conducive learning environment is created. You can access PwC Academy through www.pwc.com/mt/academy.