Internal Audit Services

If you would like to attend KPMG's Internal Audit Seminars, please view the following PDF files.
Seminars' Brochures
Participation Form

As a senior executive, you have a dual role, as a builder and a preserver of enterprise value. You are in charge of delivering superior shareholder returns – but in so doing, you must also work continuously to strengthen the organisation so that it can withstand the shocks of an uncertain and a continuously changing environment.

Such shocks may take many forms – among them liability, business interruption, security breach, and other economic events. All can be anticipated, understood and managed.

At KPMG, we help you protect against business risks by building resilience into your organization. KPMG’s Internal Audit Services offer focused advisory services designed to help clients:

• Improve alignment with stakeholder requirements
• Carry out Internal Audit reviews
• Help to strengthen their Internal Audit Department
• Develop and enhance the internal controls
• Enhance systems, processes and performance measures
• Create the manual and system for implementing and monitoring Corporate Governance

For further information about our services, or if you would like one of our professionals to contact you, please contact us.

Introduction

In the present and future business environment, the Internal Audit function can no longer retain its traditional, transaction-based role. The need to react more quickly in the marketplace means a company must be fast, flexible and responsive to change to enable it to achieve its strategic goals.

Internal Audit has the potential to be one of the most influential and value-adding services available to the Board. Furthermore, with the growing focus on corporate governance issues, organisations are increasingly exploring the potential benefits to be gained from establishing an effective internal audit function. It is critical in identifying opportunities, risks and exposures that can determine success or failure.

While the impact of corporate governance is one reason to establish an internal audit function, there are more basic reasons why internal audit adds value to your organisation, including:

• Internal audit’s ability to provide management with objective analyses, appraisals, recommendations, counsel and information about the quality of internal controls
• Internal audit’s understanding of the organisation’s key business processes provides the opportunity for continuous improvement; and
• Internal audit helps the board of directors understand and manage their responsibilities better in respect of internal control.

We can help you transform your internal audit department by making it more risk-focussed aligning the internal audit effort with the risks which threaten the achievement of the business objectives and corporate mission. We will provide you with a tailored strategic approach to help you identify and understand specific operational and financial risks; to define the level of risk your company is willing to accept; and to identify and focus on the opportunities available to your company.

What is internal control?

Internal control is a broadly defined process, affected by people, designed to provide reasonable assurance regarding the achievement of the following three objectives that all businesses strive for:

• Economy and efficiency of operations, including achievement of performance goals and safeguarding of assets against loss;
• Reliable financial and operational data and reports; and
• Compliance with laws and regulations

What is needed to help assure the achievements of these primary business objectives?

A sound control environment 

• Managers and employees who possess integrity, ethical values and competence;
• Management’s philosophy and operating style;
• Proper assignment of authority and responsibility;
• Proper organisation of available resources;
• Proper training and development of people; and
• Proper attention and direction from senior management.

A sound risk assessment process

• An awareness of and ability to deal with the risks and obstacles to successful achievement of business objectives;
• Establishment by management of a set of objectives that integrate all the organisation’s resources so that the organisation operates in concert; and
• Identification, analysis and management of the risks and obstacles to successful achievement of the three primary business objectives.

Sound operational control activities

• The establishment and execution of policies and procedures to help ensure effective implementation of the actions identified by management as being necessary to address risks and obstacles to achievement of business objectives.
• (These control activities help ensure that management’s directives are carried out; occur at all levels of the organisation; and in all activities, units and functions. Examples include authorisations, reviews of operating performance, security of assets, and segregation of duties.)

A sound information and communications system

• Information systems produce reports, containing operational, financial and compliance related information, that make it possible to run and control a business. They deal with internally generated data as well as the external activities, conditions and events necessary to informed business decision-making and external reporting.
• The organisation’s people must be able to capture and exchange the information needed to conduct, manage and control operations.
• Pertinent information must be identified, captured and communicated in a form and time frame that enables people to carry out their responsibilities.
• Effective communication must flow down, up and across the organisation. (This includes a clear message from top management to all personnel that control responsibilities must be taken seriously).
• All personnel must understand their own role in the internal control system, as well as how their individual activities are related to the work of others.
• All personnel must have a means of communicating significant information upstream.
• There must be effective communication with external parties. EFFECTIVE MONITORING
• The entire control systems must be monitored to assess the quality of the system’s performance over time. (Outgoing monitoring, which should occur in the normal course of operations, includes such things as regular management and supervisory activities; and actions personnel take in performing their duties.)
• Internal deficiencies should be reported upstream, with serious matters reported to top management.
• There should also be separate, independent evaluations of the internal control system. The scope and frequency of these independent evaluations depend primarily on the assessment of risks and obstacles, and the effectiveness of ongoing monitoring procedures.
• Collectively, the three primary business objectives and the five components needed to achieve those objectives constitute the internal control framework.

All five components of the control system must be present and functioning effectively in order to ensure that internal controls are effective.

Benefits

A recent KPMG survey of senior executives and internal audit directors reveals a wide gap between expectations and the actual performance of internal audit departments. Several factors combine to explain this gap, but two stand out-staffing issues and lack of requisite skills and experience. Indeed, 89 percent of the executives responding to KPMG’s survey cited these two areas as their internal audit department’s principal weaknesses.

To overcome these weaknesses and tap the internal audit function’s true potential many leading organisations outsource the entire internal audit function or require KPMG to work alongside their existing internal audit staff in co-sourcing assignments.

Benefits of Outsourcing and Co-sourcing

Why do many top organisations buy their internal audit function from KPMG? Because they understand that the internal audit is not a core process, and they recognize that KPMG can perform the internal audit more effectively and efficiently. They also realize that through outsourcing they can:

• Gain access to highly skilled and experienced professionals and world-class technology and tools.
• Get significantly more value from the function while holding down costs.
• Get a fresh perspective and an added level of scrutiny and objectivity
• Manage the internal audit as a fixed cost , allowing you the flexibility of service ‘when you need it’.
• Enjoy greater staffing flexibility, especially as special projects arise.

The Right Resources

The right methodologies and models are important. But our ability to quickly and efficiently uncover hidden risks and deliver meaningful operations improvement recommendations ultimately rests on the experience and skills of the KPMG professionals on your internal audit team. To put together the best possible internal audit team to serve you, we will rigorously assess your business risks and issues and match our resources to your specific needs and objectives.

Furthermore, we will:

• Staff your internal audit team with not only internal audit professionals but also other KPMG professionals skilled in areas critical to your organisation’s success, such as Information Risk Management, e-commerce, IT, Human Resources and quality systems.
• Staff your team with professionals who know your industry and the types of risks and issues facing organisations like yours
• Select team members not just from around the block but from around the globe, when appropriate, to help ensure that you get people with the right skills and experience at the right time.

You Retain Control. In outsourcing your internal audit function to KPMG, your organisation maintains ownership and responsibility for internal controls and other key managerial aspects of the function. Take advantage of our business experience to work for your organisation.
What makes our approach to risk-based internal audit so successful? Factors such as these:

• Industry-specific focus and experience. KPMG internal audit professionals combine industry-specific experience with internal auditing knowledge. This eliminates the time consuming learning curves required to provide a cost-effective and efficient audit. Our experience and range of industry contacts also help assure you of access to the most current industry thinking and latest industry knowledge for leading-edge results.
• A Risk-based tools and a world-class methodology. Another advantage our internal audit professionals have is the ability to take advantage of our proprietary risk-based audit methodology and tools. These help integrate knowledge management into the internal audit process, which helps in identifying, assessing, and controlling risk. It also helps us pinpoint those areas within your organisation that have the greatest risk potential so you can target operations improvement opportunities. The methodology and tools also result in a more effective internal audit process to provide a potentially greater return on your investment.
• A Dedicated internal audit professionals. We can draw upon a pool of internal audit professionals from more than 350 professionals. This means you’ll have the right skills in place right from the beginning. We have access to KPMG’s global resources for industry comparisons and best practice thus accessing needed information and avoiding reinventing the wheel. And this also means you can expect prompt, responsive and proactive service.
• Multidisciplinary teams. Our teams comprise professionals who have technical skills, specific industry experience, and internal audit knowledge. This multidisciplinary approach is critical because it allows us to help you identify the specific risks you may face and implement the necessary solutions to manage those risks more rapidly. It also offers you a broad perspective and strategic analysis of your organisation’s business and market situation, which can help in providing a comprehensive enterprise-wide risk review.

Internal Audit Services

• The experience of KPMG professionals, together with the capabilities that we have developed are combined to deliver a unique Internal Audit solution customised to your organisation.
• We offer practical solutions underlined by proven theory and best practice from our global clients.
• Depending on your organisation ’s needs, our services will be adapted to cover risk assessment and planning, assessing your organisation ’s current Internal Audit structure and processes, testing of compliance with rules and regulations as well as the full design, implementation and on-going operation of an Internal Audit function to the entire running of the department on your behalf staffed with KPMG professionals.
• We structure our services to be responsive and cover the needs of all parties -Business Managers, Senior Management and the Board of Directors. Given today ’s dynamic business environment, our flexible solutions are designed to accommodate the needs of your organisation.
• Our services mainly fall under two broad but interrelated categories:
• Outsourcing or Co-sourcing of the Internal Audit function
• Consulting services on Internal Audit issues;

Internal Audit Services

• Outsourcing or Co-sourcing services
• Internal controls and risk assessment review
• Setting up an internal audit function
• Strategic performance review of internal audit
• Re-engineering the internal audit function – set up a performance enhancement
• Policies and procedures manuals and controls’ enhancement
• Corporate Governance Services

Outsourcing or Co-sourcing services

Outsourcing options:
There are essentially two options: full or partial outsourcing (co-sourcing).

Full outsourcing: Many organisations find that outsourcing the entire internal audit function is the best option. Full outsourcing involves KPMG conducting all internal audit reviews as agreed throughout the year. It does not necessarily mean disbanding the entire audit team or having no in house resource. It may be both possible and practical to retain a high-level resource in-house. The preferred choice for this resource is likely to be a chief internal auditor who can assess the ongoing needs of both the internal audit process and the organisation itself. This individual has a key role to play in planning the allocation of internal audit resources and communicating with the Audit Committee and management.

Co-sourcing: A number of organisations are also entering into co-sourcing/partnering arrangements. This approach involves an integrated formal partnership between the in house internal audit function and the external advisors, with each party sharing and contributing complimentary knowledge, skills and experiences. Under this option, your internal audit department would be responsible for certain in house work, but would also work together with KPMG to fulfil other detailed internal audit requirements throughout the year.
We are able to provide resources to perform certain procedures as may be required and agreed with you, such as:

• Partnering with your internal audit team to perform
• Selected internal audit reviews where detailed specialist knowledge is required and is not available in house (for example IT controls review) or where the organisation does not have sufficient resources available
• and Agreed upon internal audit procedures
• Providing training to your internal audit staff
• and Assisting your internal audit team to prepare an internal audit procedures manual.

Conducting basic financial compliance or ad hoc specialist projects

How KPMG can help
KPMG can help your organisation reap the full benefits of internal audit outsourcing or co sourcing in a number of ways.
These include:

• Assessing whether outsourcing or co sourcing provides the most effective way to achieve your objectives
• Working with you to agree a cost effective service which best meets your needs
• and Delivering a totally flexible service, which makes full use of KPMG’s local and international resources.

KPMG has developed an internal audit approach to address the same business concerns that management are required to deal with, to meet Audit Committee and Board expectations and requirements, and to provide assurance in the following key areas:

• Operational efficiencies and effectiveness, with an emphasis on those areas with the greatest risk exposure
• Compliance with approved policies and procedures
• The quality of management information.

Our internal audit methodology has an operational and business risk focus. It is designed to aid the efficiency and effectiveness of business operations, as well as address the traditional financial and compliance areas. It also allows for ad hoc management requests for special reviews to be performed, providing the flexibility to address Audit Committee and management concerns.
Outsourcing or co sourcing the internal audit function can also provide the following benefits:

• Customer and operational focus
• Emphasis on business risks and critical success factors
• Enhanced relationships and communication; a focused reviews and rapid reporting
• Practical recommendations and advice; a access to specialists and leading edge products
• Access to benchmarking and best practice; and Continuous improvement.

Internal controls and risk assessment review

How KPMG can help
KPMG has developed methodologies to assist in tailoring the delivery of best practice internal audit services to individual organisations. The KPMG internal audit methodology, comprising strategic analysis, business process analysis, risk assessment, business measurement and continuous improvement, focuses on understanding the business and risk assessment. Furthermore, experience in a large variety of businesses and organisations, as well as access to an inventory of control related best practices is required to ascertain the suitability of internal controls for a particular organisation, to make necessary recommendations and to make an assessment of the risks that an organisation is being exposed to. KPMG has had the necessary exposure, through its large audit and consultancy client base, as well as an international network of specialists to cater for this service and can help you identify, evaluate and plan how to manage the risks in your business.
The services we can provide include:

• carrying out an assessment on your behalf of the principal features of the control systems
• setting out guidelines on what the organisation should do as part of a risk control assessment
• implementing effective control procedures by training internal auditors and other staff involved in the development of the internal control framework and
• providing ongoing assistance in monitoring the effectiveness of internal controls and addressing the key business risks and objectives.

The benefits
An understanding of the total risk profile of the organisation assists in the development of an internal audit approach, which is focused on high risk areas, rather than the traditional compliance approach

• sources of business risks can be managed effectively and the organisation can be protected against potential consequences of unmanaged risks
• internal controls are responsive to business risks and
• internal controls address the risks associated with the organisation objectives.

Setting up an internal audit function

How KPMG can help
Establishing an internal audit function that will provide an enduring benefit to your organisation is no easy task. The process will be demanding on senior management time and requires careful consideration of a wide range of issues to ensure that the function works to the organisation’s best advantage. KPMG’s business oriented approach and relevant experience can help you with this process. We can assist the organisation by determining the resource requirements, recruiting staff, and developing an operating plan. At a preliminary stage, we can provide assistance in performing a start up analysis to assess the costs and benefits to be derived by the organisation from internal audit. The assessment would consider the structure of your organisation, the degree of autonomy of each operating unit and your organisation’s overall control culture and management philosophy. Having assessed these issues and decided that the organisation will genuinely benefit from an internal audit function, there are a number of steps, as detailed in the diagram below, which will need to be taken in establishing a well-organised and effective function.
KPMG will help the organisation plan for and resolve all these issues, drawing on our in depth knowledge of best practice in structuring and organising effective internal audit functions.
KPMG has built up an extensive inventory of best practices and has an established network of specialists, both locally and internationally. KPMG’s internal audit specialists have worked with a wide variety of organisations throughout the private and public sectors by helping them assess the costs and benefits of internal audit functions. KPMG has also assisted in the development of internal audit functions, thereby leaving management free to concentrate on the key issues facing their businesses.

Ongoing support
KPMG has the resources to provide ongoing support by offering advice and training on a variety of topics throughout the development of your internal audit function. We also have the resources to outsource staff to your organisation during critical reviews where our expertise and experience will enhance those available internally, effectively providing on-the-job training for your own internal audit staff.

Strategic performance review of internal audit

How KPMG can help
KPMG’s Strategic Performance Review for Internal Audit (K’SPRint) can help you build and affirm the strategic value of your internal audit function. Much more than the traditional transaction or process oriented quality assurance review, K’SPRint puts internal audit’s key success factors its people, processes, and positioning into meaningful business context. By providing a clear, in depth, and strategic assessment of your internal audit function, K’SPRint can help you:

• Evaluate the value of internal audit to the business
• Identify gaps in the internal audit function and opportunities for improvement 
• Align the internal audit function with the organization’s business objectives
• Compare internal audit against sound industry practices
• Create an action plan aimed at increasing internal audit’s value

Focusing on Strategic Value: With K’SPRint, we undertake a review of internal audit’s people and processes, incorporating KPN1G’s experience and the Institute of Internal Auditors’ internal audit standards. We also work closely with key stakeholders within the organization to create a dynamic, quality based assessment of the internal audit function. Specifically, K’SPRint focuses on internal audit’s three key success factors:

• People Does internal audit have the right "people strategy" to achieve the objectives as defined by management?
• Processes Are internal audit’s processes efficient, effective, and aligned with the organization’s strategy?
• Position Is internal audit viewed as a valued contributor to the business’s strategy and performance? Through its highly interactive approach and intuitive framework, K’SPRint can help you answer these and other critical questions in a powerful way.

A Flexible Model: K’SPRint uses a structured, yet flexible, framework to gather, analyse, and graphically depict the results of the internal audit review. By comparing internal audit’s current state with the expectations of key stakeholders collected through in depth interviews K’SPRint’s automated modelling system can identify critical performance and expectation related gaps within the function. The results are illustrated in a series of charts, which, taken together, can provide a powerful picture of internal audit’s current and potential value.

Re-engineering the internal audit function – set up a performance enhancement

How KPMG can help
In reengineering an internal audit department, KPMG facilitates the transition from traditional to world class standards, by transforming the focus from compliance to process, adding a risk orientation, and, when appropriate, broadening the department’s scope from local to national or global. Managing the transition from the current compliance internal audit focus to a risk based operational focus requires a structured and planned process to ensure that the new function will meet the needs of management and the Audit Committee now and in the future. The transition process will involve:

The benefits
Reengineering the internal audit function will ensure that:

• internal audit keeps pace with management’s expectations;
• the internal audit focus and planning process reflect the organisation’s needs;
• there are clear reporting lines and that the structure and status of internal audit within the organisation is appropriate; and
• work methodologies comply with internal audit standards and best practice.

Policies and procedures manuals and controls’ enhancement

How KPMG can help
The preparation of policies and procedures manuals is no small task and must be well planned and executed.
KPMG can work in partnership with an organisation providing assistance where needed. We can offer constructive and up to date advice on regulatory and compliance issues, given the range of industry specialist staff and partners at KPMG. We can offer advice on potential efficiencies and the need for additional controls or changes to policies and procedures where these may be of benefit.
Our approach can be summarised in the following steps:

• Review objectives of the organisation and formulate its strategic model;
• Map each of the core processes with recommendations thereon;
• Produce proforma outline of policies and procedures manual; and
• Prepare and deliver policies and procedures manual.

The benefits access to our past experience in helping organisations in many industries to draft policies and procedures manuals;

• we can help management to identify the key issues;
• access to our considerable experience and specialists across all industries;
• access to our technical advisory department for guidance and advice on regulatory and compliance issues; and
• complementing management’s own available resources.

Corporate Governance Services

How KPMG can help
We regularly provide corporate governance advice to boards and directors on a wide range of issues. These include board composition, board committee structures and charters, agenda setting, current board and governance best practices and how to improve the flow of information to the board.

We also develop manuals for Corporate Governance which define in detail the role, functions and responsibilities of a particular board and management team. The code covers a comprehensive range of matters, from compliance through to performance issues.