Internal Audit Solutions
Internal Audit Co-Sourcing Solutions
GRF Internal Audit Solutions allows you to quickly staff up or down to meet the changing needs of your organization, our Internal audit co-sourcing and outsourcing relationships can vary and are highly customizable. Co-sourced internal audit solutions bring a multitude of skillsets and deep expertise to the table. GRF can provide you with teams to readily perform audits on a standalone basis, or the ability to supplement your existing teams with the specific skill levels you might be missing. Need to travel? No problem! Our internal auditors love to travel!
GRF can help guide you
GRF’s team of CPA/CIA/CFE/CISA/CRISC/CITP/CEH certified professionals provide risk-based Internal Audit solutions across all aspects of operations for domestic and international organizations. After developing an in-depth understanding of the client’s operations and risks, GRF helps prioritize and assess key processes to identify vulnerabilities, enhancements, opportunities for automation, and best practice recommendations. GRF can provide you with the right level of financial, enterprise risk management (ERM), operational, IT, Fraud, and other risk resources.
Risk Assessment and Planning
- Annual Risk Assessment and Strategic Risk Identification
- Budget and Timing Projections
- Development of Internal Audit Plan
Internal Audit Plan Execution
- Onsite and Remote Fieldwork
- Observations and Recommendations for Risk Mitigation and Process Enhancement
Monitoring and Reporting Internal Audit Activity
- Maintenance of Risk, Observation Register(s), and Internal Audit Plan
- Reporting to Management, Board, and/or Delegated Committee
- Internal Audit Data Analytics
What We Offer
Risk Assessment and Planning
Performance of an annual risk assessment allows the organization to identify their most critical processes and the areas of highest risk. Using the strategic plan as the basis for assessing risks, the organization can focus on the issues that may pose the most significant threat to the organization’s overall goals and objectives. The organization will be able to appropriately allocate resources to address all strategic risks in the most efficient and effective manner.
GRF works with clients to perform a baseline risk assessment and develop customized, right-sized Internal Audit solutions.
A typical Risk Assessment and Internal Audit Plan Development engagement is 4-6 weeks.
Risk Assessment and Strategic Risk Identification
Identify the organization’s risk universe and aggregate risk information across all departments/divisions/regions/etc. through the use of interviews, surveys, and workshops. Risks are assessed for likelihood and impact for the purpose of prioritizing and developing Internal Audit solutions.
Budget and Timing Projections
GRF develops Internal Audit solutions that fit the client’s budget and address time-sensitive issues. Through proper planning and risk-based audit procedures, GRF performs our engagements efficiently to satisfy all objectives at the convenience of our clients.
Development of Internal Audit Plan
Using the Strategic Plan and Risk Assessment, we develop a comprehensive Internal Audit plan to properly mitigate strategic risks and identify process enhancements across all operations. Internal Audit initiatives/objectives are prioritized and budgeted based on their assessed level of risk to the organization’s strategic objectives.
Internal Audit Plan Execution
GRF takes a risk-based approach to our Internal Audit engagements to increase the overall value to our clients. By prioritizing the highest risk areas, the organization can proactively identify vulnerabilities and enhancements to the most critical processes.
In order to properly administer an effective Internal Audit solution, a hybrid of on-site and remote fieldwork can be utilized to reduce costs and ensure that engagement objectives are achieved. GRF travels across the world for our clients and leverages a network of international professionals to partner on engagements to meet objectives in a timely and efficient manner.
A typical Internal Audit engagement is 6-8 weeks.
Onsite and Remote Fieldwork
Our Internal Audit professionals travel across North America, South America, Europe, Asia, and Africa to administer Internal Audit solutions for our clients. We utilize cutting-edge technology to take advantage of the efficiencies and cost-savings of performing remote procedures when possible.
Observations and Recommendations
At the end of an engagement, organizations receive a Risk & Advisory Report with detailed observations and recommendations. GRF’s recommendations are actionable and customized to leverage an organization’s strengths. The report prioritizes next steps for all elements of the assessment.
Typical Internal Audit Engagement Timeline
- Planning and information gathering (Weeks 1-2)
- Fieldwork (Weeks 3-6)
- Report formation and delivery of drafts (Week 7)
- Report finalization and next steps (Week 8+)
Monitoring and Reporting Internal Audit Activity
As an organization administers their Internal Audit plan and detailed procedures, it is important to track the progress of all projects for reporting to the Board and management. The timeline and achievement of objectives should be monitored and documented using appropriate tracking mechanisms to identify any bottlenecks, missed deadlines, and audit results. This will help the organization improve the Internal Audit process, implement observations and recommendations, and inform key stakeholders. GRF assists our clients with maintaining the risk register and monitoring the progress of Internal Audit activities, as well as following up and reporting on these activities to the Board and management.
Typically, GRF provides support to existing Internal Audit initiatives on an hourly or as-needed basis.
Maintenance of Risk, Observation Register(s), and Internal Audit Plan
The risk and observation register(s) contains detailed information about the prioritized risks to the organization, as well as the status of ongoing mitigation plans of audit observations. Proper maintenance of this data allows for follow up and ensures Internal Audits are completed according to the predetermined timeline/schedule.
Reporting to Management, Board, and/or Delegated Committee
The Internal Audit function should report to management regarding the status of all ongoing Internal Audit projects and provide high-level executive summaries and dashboards to board members. GRF helps facilitate these discussions and develop reports to inform the Board on critical Internal Audit initiatives and their results.
Internal Audit Data Analytics
GRF Internal Audit team members are experts in Data Analytics concepts and key technologies such as IDEA, ACL, and MindBridge. Data analytics can provide a more systematic, complete review of processes and identification of anomalies.
Customized Internal Audit Solutions Provide the Best Results
We serve as independent, trusted advisors to our clients in developing effective and custom-tailored Internal Audit plans through outsourced and co-sourced arrangements. Our practical, right-sized solutions are developed by first understanding your organization’s industry, strategic objectives, and control environment. This allows us to customize our Internal Audit plans accordingly.
We provide a comprehensive offering of Internal Audit solutions including, but not limited, to the following:
- Risk Process Reviews
- Strategic
- Financial
- Operational
- Technology/Cybersecurity
- Risk Management
- Accounting and Financial Controls Assessments
- SOX Project Management (Key Controls Evaluations)
- Financial Audit and Single Audit Readiness
- Fraud Control and Prevention
- Information Technology and Cybersecurity
- Business Continuity and Disaster Recovery
- Third Party Risk Management (TPRM) & Vendor Audits
- Board Governance Assessments
- Environmental, Social and Governance (ESG) Assurance & Advisory
- Enterprise Risk Management
- Pre- and Post-Strategic Initiative Assessments
- Culture, Human Resources and Talent Management Assessments
- Payroll Assessments
- Campaign Finance and Reporting
- Field Office Assessment (specializing in international locations)
- Whistleblower Assessments
- System Assessments
- Global and Deep-Dive Internal Audits
- Program Assessments
- Strategic Plan Assessment
- Procurement Audit
- Uniform Guidance Compliance Assessment
Internal Audits Reduce the Risk Associated with Global Operations
GRF’s Risk & Advisory team is active in the community
Melissa Musser, CPA, CITP, CISA, Partner at GRF, incoming District Representative for the Mid-Atlantic District I on the IIA’s Chapter Relations Committee.
Mac Lillard, CPA, CFE, CISA, CRISC, CITP, PCIP, previously served as Associate Vice President of Programs and as a board member for the IIA DC Chapter.
Mark Tessar, CPA, CIA, currently serves as Incoming President of the IIA Long Island Chapter.
Thomas Brown, CISA, CIA, Security+, CAPM, currently serves as Programming Officer for the IIA DC Chapter.
Andreas Alexandrou, CPA, currently serves as a long-time board member of the IIA DC Chapter.
Members of the Risk & Advisory team hold certifications and professional memberships within a number of industry organizations.
What Clients Say
