A midsize financial service firm was interested in developing a robust internal audit function as part of the enterprise-wide management of compliance, risk, and controls. Leadership was interested in the function being collaborative with a continual improvement mentality. Due to the numerous and disparate skills needed from Management to IT to Compliance to staff level, the decision was made to utilize Grandin.
Grandin Solutions designed a fractional internal audit function to provide robust audit services on a cost-effective budget. We were able to leverage hours from an audit leader for assessing risk, reviewing reports, and interacting with the Board, while also utilizing a variety of other audit experts including IT and various functional areas on a part time or project basis.
- A risk assessment was performed to identify and rank all risks in the organization. This assessment was used to build a year one audit plan focused on the greatest risks to the organization.
- The risk assessment and audit plan were presented to leadership and the Board for approval along with a financial budget for the first year.
- Individual audits were conducted each quarter in alignment with the audit plan. Each of the audits included the following steps:
- Setting the scope based on the risk assessment
- Scheduling the appropriate audit resources
- Coordinating a kickoff with the business owners including document requests, timing, scope adjustments, and explaining the audit process
- Performing the audit steps, documenting results, and validating findings with process owners
- Drafting the audit report of detailed findings and recommendations, and then gathering management responses from process owners
- Presenting final report to the business unit and then to senior management and the Board.
- Remediation of audit findings was tracked over time to ensure agreed-upon changes took place
- At the conclusion of year one, the risk assessment was updated in order to create the new audit plan