☰ Menu
× Close
Business Case

Internal Audit

Background

A midsize financial service firm was interested in developing a robust internal audit function as part of the enterprise-wide management of compliance, risk, and controls. Leadership was interested in the function being collaborative with a continual improvement mentality. Due to the numerous and disparate skills needed from Management to IT to Compliance to staff level, the decision was made to utilize Grandin.

Solution

Grandin Solutions designed a fractional internal audit function to provide robust audit services on a cost-effective budget. We were able to leverage hours from an audit leader for assessing risk, reviewing reports, and interacting with the Board, while also utilizing a variety of other audit experts including IT and various functional areas on a part time or project basis.

Results

  1. A risk assessment was performed to identify and rank all risks in the organization. This assessment was used to build a year one audit plan focused on the greatest risks to the organization.
  2. The risk assessment and audit plan were presented to leadership and the Board for approval along with a financial budget for the first year.
  3. Individual audits were conducted each quarter in alignment with the audit plan. Each of the audits included the following steps:
    • Setting the scope based on the risk assessment
    • Scheduling the appropriate audit resources
    • Coordinating a kickoff with the business owners including document requests, timing, scope adjustments, and explaining the audit process
    • Performing the audit steps, documenting results, and validating findings with process owners
    • Drafting the audit report of detailed findings and recommendations, and then gathering management responses from process owners
    • Presenting final report to the business unit and then to senior management and the Board.
  4. Remediation of audit findings was tracked over time to ensure agreed-upon changes took place
  5. At the conclusion of year one, the risk assessment was updated in order to create the new audit plan
LET'S TALK