Internal Audit Services

Internal Audit:

We provide advisory service to assist your company in reviewing:

1) an entity-wide enterprise risk management (“ERM”), and

2) internal control (“IC”) system including financial, operational and compliance of laws and regulations.

This document details the ERM and IC systems amongst others include the reviewing the ERM framework, step-by-step initial implementation process activities in a plan.

The implementation of this plan will involve a number of activities and considerations, including but not limited to:

  • Discussions with senior members of the company’s management team;
  • The results of management/risk committee’s own assessments of risk;
  • Input from the company’s operational teams about the business/operations;
  • Engaging the management which include enquiry, interviews, surveys; and
  • Consideration of the views of other professionals (e.g. external auditors)

 

ERM – Framework

For an effective Enterprise Risk Management model, we followed the guidance from COSO, which is among the widely-accepted framework for organisations to establish as a model that can be used in different environments worldwide.

Governance & Culture | Tone at the top; ethical values, behaviours; oversight responsibilities

Startegy/Objective setting | Participation in strategy settings, identify, assess, response to risk

Performance| How risk impacting strategy? risk appetite, risk priority, risk implication (quantitative vs. qualitative)

Review/Revision | Performance of Business Unit (BU) and functional effectiveness of risk management components, revisions needs?

Info/Communications/Reporting | Continuous circulation and sharing of info across the entity and BU

 

ERM Approach

We are committed to provide a better people experience. We work hand-in-hand with our clients to provide insight and creating business value for the organisations. We are passionate about getting the right focus for our clients and delivering the right technical excellence in all perspectives. Our service is client focused.

Our commitment to technical excellence, service delivery and value for money are practical means of expressing our commitment of the focus on client.

 

 

ERM Approach – Planning

 

Scopes

  • Meet with management/board to confirm scope and risk management objectives (including guidelines for defining risks category);
  • Analyse the company’s risk universe to consider the extend of identified key risks areas and categories in terms of financial risk, operational risk, regulatory compliance risk;
  • Understand from risk owners (eg. leaders within each business function/segment) of existing policies on enterprise-wide risk assessment; and
  • Conduct interviews with participants to better understand key risk areas within each business function/segment and ascertain risk categories

 

ERM approach – Facilitate Risk Discussions

 

 

Scopes

  • Conduct facilitated risk discussions to evaluate the inherent significance and likelihood of identified risks;
  • Facilitate discussions with participants to holistically evaluate risks. Participants are engaged to discuss and verify issues, facts and reach meaningful conclusions that ultimately enhance risk management capabilities; and
  • Gather initial input on the top risk categories to begin the process to identify specific events and / or scenarios that cause each category to have an elevated priority.

 

ERM Approach – Risk Assessment

 

 

Scopes

  • Explore the specific events within each top risk category that could have a significant or catastrophic impact on company. Evaluate these events in the context of broad organizational impact to identify the discrete risk rating within each risk area;
  • Engage the management on top risk categories and facilitate discussions to identify potential risk events / scenarios within each top risk category. Assess these events and adequately describe how each could contribute to a potential catastrophic outcome; and
  • Consolidate and prioritize the top events in each of the priority risk categories.

 

ERM Approach – Review and Discussion with Management

 

 

Scopes

  • Discuss the prioritised list of critical risks with the management leadership team and obtain feedback to confirm the findings; and
  • Update the risk universe list as necessary.

 

ERM Approach – Action Plan

 

 

Scopes

  • Evaluate company’s current position and consider how to manage the identified risk categories and potential risk events / scenarios; and
  • Identify risks that may not be adequately controlled and consider risk response/decisions with management.