☰ Menu
× Close
Business Case

Internal Audit


A midsize financial service firm was interested in developing a robust internal audit function as part of the enterprise-wide management of compliance, risk, and controls. Leadership was interested in the function being collaborative with a continual improvement mentality. Due to the numerous and disparate skills needed from Management to IT to Compliance to staff level, the decision was made to utilize Grandin.


Grandin Solutions designed a fractional internal audit function to provide robust audit services on a cost-effective budget. We were able to leverage hours from an audit leader for assessing risk, reviewing reports, and interacting with the Board, while also utilizing a variety of other audit experts including IT and various functional areas on a part time or project basis.


  1. A risk assessment was performed to identify and rank all risks in the organization. This assessment was used to build a year one audit plan focused on the greatest risks to the organization.
  2. The risk assessment and audit plan were presented to leadership and the Board for approval along with a financial budget for the first year.
  3. Individual audits were conducted each quarter in alignment with the audit plan. Each of the audits included the following steps:
    • Setting the scope based on the risk assessment
    • Scheduling the appropriate audit resources
    • Coordinating a kickoff with the business owners including document requests, timing, scope adjustments, and explaining the audit process
    • Performing the audit steps, documenting results, and validating findings with process owners
    • Drafting the audit report of detailed findings and recommendations, and then gathering management responses from process owners
    • Presenting final report to the business unit and then to senior management and the Board.
  4. Remediation of audit findings was tracked over time to ensure agreed-upon changes took place
  5. At the conclusion of year one, the risk assessment was updated in order to create the new audit plan