Skip Navigation LinksHome > Services > EntityRisk Advisory

Entity Risk Advisory (ERA)

Internal Audit Services

In today's changing business environment, entities face a wide array of complex business risks. These risks come in the form of many issues: regulatory compliance, litigation, competitive market pressures, changing technology, investor demands, corporate governance, business ethics, and accountability.

How clients manage these risks is critical to the future of their Entities.

N&A's Internal Audit Services

We assist our clients to effectively manage business risks by providing a complete range of corporate governance, risk management, and internal audit services. These services are tailored to meet clients’ individual needs, and provide effective support to management in meeting the challenges and opportunities presented by today's complex business environment

Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges - and working in partnership with us, clients have the benefits of N&A's experienced, objective, and industry-grounded viewpoints. N&A's Internal Audit Services offer a wide range of services to enhance corporate governance, manage business risk, provide assurance on control effectiveness, and support you in achieving the Entities’ objectives.

N&A's Internal Audit Services include:

Outsourcing of Internal Audit

The board is ultimately responsible for maintaining effective corporate governance and ensuring that the Entities is "in control", the extent and complexity of today's business risks and related controls has led to a heightened expectation from Internal Audit by management. It must assist the board and management to discharge their corporate governance responsibilities by assisting with identifying and managing risks and providing:

  • Objective evaluations of business risk

  • Regular evaluations of the Entities’ system of control

  • Effective reviews of operational and financial performance

The role of Internal Audit is to assist management in maximizing the opportunities and minimizing the threats to the Entities. Internal audit must maximize the assurance provided to the Board, the Audit Committee and management, and contribute to the continuous improvement strategies of the Entities.

With a changing and more cost competitive environment, it is essential that maximum value be obtained from the Internal Audit function. The Internal Audit function must now increasingly contribute to the achievement of overall corporate objectives while remaining an independent and valued voice helping the Entities rationalize risk and reward.

Outsourcing Options

Outsourcing the internal audit function is becoming a strategic decision. There are essentially two options with the entity: Full or partial outsourcing.

Full outsourcing

Entities find that outsourcing the complete internal audit function is the best option, since this also helps Entities focus on their core competence.

Partial outsourcing

This approach, also known as co-sourcing, involves a balance between retaining an in-house team and full outsourcing. The in-house team has control of and responsibility for internal audit, and calls on external advisors for additional support and specialist skills when required.

Many Entities are actively outsourcing their internal audit function as a way of cutting costs, increasing efficiency, and responsiveness, and upgrading their in-house capabilities.

This approach involves an integrated formal partnership between the in-house internal audit function and the external advisors, with each party sharing and contributing complementary knowledge, skills and experiences.

Our Internal Audit approach is designed to address the same business concerns that management is required to deal with, and to provide assurance in the following key areas:

  • Operational efficiencies and effectiveness, with an emphasis on those areas with the greatest

    risk exposure

  • Compliance with regulatory requirements, approved policies and procedures and industry best


  • Quality of management information

Our Internal audit methodology has an operational and business risk focus and allows for a flexible and high quality response to address Audit Committee and management concerns. The risk assessment process is fundamental to our Internal Audit approach, which requires business areas to become formally accountable for internal control assurance by conducting self-assessment of their control infrastructure. The Internal Audit thus becomes a key component of the client Entities’ approach to corporate governance and business risk management.

Our Approach

Our review is carried out by way of questionnaires, Interviews with the Audit Committee, management and Internal Audit staff, observation and review of the internal audit work, and benchmarking with generic comparative criteria. The results are reviewed and the key observations and recommendations are then presented to the Audit Committee.On specific request, our review may include benchmarking the function against Entities of similar size and/or type. This essentially entails comparing the performance of the Internal Audit function with those of the selected Entities in terms of a range of attributes including quality of service, staff numbers, and cost.

Corporate Governance - Review and Assessment

Critical for Entity’s Success and Prosperity

Request for enhancing Corporate Governance standards has been in the media in the last decade.

Regular corporate failures and highly publicized “scandals” will ensure that the governance demands on business leaders will increase and become more onerous. The minimum standards for corporate governance are ever increasing and companies with strong corporate governance structures and policies are valued more among investors and enjoy better terms in trade. Simply stated, good corporate governance makes very good business sense.

Direction and Control

Corporate governance is the system or process by which Entities are directed and controlled. While Boards of Directors are responsible for the governance of their Entities, internal control is a vital component of the process by which they do so. Effective corporate governance however must include the active and collaborative participation of all its principal champions - the Audit Committee, Board of Directors, statutory auditors, internal auditors, and management. Ensuring that this occurs is fundamental to the Audit Committee’s success.

Regulatory Compliance

Regulators are recommending that companies acknowledge responsibility for control and risk management, and regularly assess and report on the risks they are exposed to and the effectiveness of internal controls.

Securities and Exchange Board of India (‘SEBI’), the apex regulatory body for capital markets in India has issued detailed guidelines on corporate governance. In addition to provisions regarding the Board and its committees, this new legislation makes it mandatory for all listed companies (as per the stipulated schedule of implementation) to report annually on compliance with these guidelines, as well as append the independent Auditors’ certificate of compliance to the Directors’ Report.


The Board is accountable for ensuring that the Entities has a risk assessment framework and adequate and effective internal control systems, designed to manage these risks and provide reasonable assurance that the Entities’ objectives are being achieved. Board level accountability and performance expectations from stakeholders are ever increasing, and director remunerations and reappointments are increasingly based on individual contribution to a company’s performance.

Successful boards needs to know the answers to the following key questions, which N&A can help answer:

  • Is the board’s time spent on the critical strategic objectives and the key risks to achieving


  • Does the board have the information, skills and experience to make the right decisions?

  • Does each board member have an input to those decisions and do board members work

    effectively as a team?

  • Are the board’s messages being communicated clearly and implemented consistently?

  • Does the board know exactly what risks face the Entities?

Board composition, board size, frequency of board meetings, directors’ qualifications and work experience, and their relevance to the Entities’ business, are factors that are under increased scrutiny from stakeholder groups.

Establishing an Internal Audit Function

The Issues

Developing an effective Internal Audit capability can be demanding on management’s time, and requires the careful consideration of a wide range of issues to ensure the function works to its maximum potential. The increasing expectations from Internal Audit as well as the changing focus of Internal Audit from transaction-based to risk based is setting the pitch for changes in the process of setting up an internal audit function.

How N&A can help you?

We will help plan for and resolve all these issues, drawing on our in-depth knowledge of ‘best practice’ in structuring and organizing effective Internal Audit functions. We can source NAA Internal Audit professionals who have worked with a wide variety of Entities throughout the private and public sectors by helping them assess the costs and benefits of Internal Audit functions. We have also assisted in the development of Internal Audit functions, thereby leaving management free to concentrate on the key issues facing their businesses.

Key elements of our approach:

  • Determining the Audit Committee's and management's requirements and expectations

  • Agreeing reporting lines

  • Deciding how the function should relate to other parts of the business

  • Determining the scope of the Internal Audit work

  • Developing a risk profile for the Entities

  • Developing strategic and annual Internal Audit plans

  • Defining working practices, including the Internal Audit methodology, risk analysis model, and

    audit software

  • Determining the core skills required in recruiting the right staff for the function

  • Identifying sources of ongoing support and training for Internal Audit staff

  • Establishing accountability and quality control standards

Accounting Procedures Manual

An accounting procedures manual enhances management’s efforts to:

  • Monitor performance against established procedures

  • Help ensure policies and procedures are consistently applied

  • Improve efficiency in training employees during periods of transition

  • Update procedural changes by re-organization or the implementation of a new information


How N&A can help you?

N&A recognizes the challenge faced by companies in allocating limited resources to develop an Accounting Procedures Manual. In response, we have created a service that allows an Entity to outsource this task. We assist in updating or compiling new documentation of the sequence and details of key accounting function procedures.

Our approach

N&A uses a systematic process for documenting procedures. This process includes:

  • Creating a topic outline for key procedures

  • Interviewing staff in key functional areas

  • Conducting a walk-through to validate interview information

  • Observing users performing key procedures

For each activity, we record:

  • The position responsible for the activity

  • The review process and the position responsible for sign-off

  • Required inputs for the procedure

  • Desired outputs

  • The exception handling process

After documenting the workflow and key activities for each process, N&A develops a key reference manual.

The manual includes narratives, matrix tables to clarify interconnected activities, and flow charts for selected procedures. You also receive an electronic copy of the manual, which provides a mechanism for you to update procedures on an ongoing basis.

For further detailscontact us