Home/Services/Audits & Attestation/Internal Audits

Audits & Attestation

Internal Audits

Risk-based internal audit programmes — including co-sourced and outsourced internal audit — that give management and the board independent assurance over key controls.

Request this service → See our approach

Overview

Independent assurance, on your terms.

A strong internal audit function gives leadership confidence that risks are managed and controls work. Many organisations lack the in-house bandwidth or independence to deliver it.

We plan and execute risk-based internal audits across your priority areas, reporting findings objectively with practical recommendations — as a fully outsourced function or alongside your team.

What’s covered

The areas this audit examines.

Risk-based planning

Focusing effort where risk is highest.

Control testing

Design and operating effectiveness across processes.

Process & efficiency review

Control gaps and operational improvements.

Compliance checks

Against policies and applicable obligations.

Reporting to management

Clear findings and tracked actions.

Who needs this

Could this be what you need?

Common situations where this engagement makes sense.

Companies under Section 138Statutory internal-audit requirement.

Listed entitiesSEBI governance expectations.

Growing organisationsIndependent control assurance.

Boards / audit committeesObjective oversight.

Orgs without in-house IAAn outsourced function.

Any risk-conscious enterpriseRisk-based assurance.

Regulatory drivers

Why this is required

An effective, risk-based internal audit function is expected of regulated and listed entities and underpins board assurance, providing independent confirmation that controls across the organisation are working.

Companies Act 2013 (Sec 138)

Requires prescribed classes of companies to establish and maintain an internal audit function.

SEBI LODR

Listed entities must operate internal audit reporting to the audit committee.

RBI / sector regulators

Regulated entities are expected to run risk-based internal audit over key processes.

How we work

A structured path, start to finish.

An orderly lifecycle designed for a credible, defensible result.

Risk assessment & annual plan

Building a risk-based internal audit plan for the year.

Engagement scoping

Scoping each engagement to the risks that matter.

Walkthroughs & control testing

Walking through processes and testing key controls.

Findings & root-cause analysis

Analysing findings and their underlying causes.

Reporting to the audit committee

Clear, objective reporting to the audit committee.

Remediation tracking

Tracking agreed actions through to closure.

What you receive

Documentation built for every audience.

Internal audit reportObjective findings for each engagement.
Risk-based audit planAn annual plan focused on what matters.
Findings & root-cause analysisIssues with their underlying causes.
Audit committee summaryA board-ready summary of results.
Remediation trackerAgreed actions tracked to closure.

Standards & frameworks

This work maps to the standards and regulatory requirements relevant to you.

IIA StandardsCOSOCOBITISO 27001 (where relevant)

Checklist

Are you ready? A quick checklist

What to have in place before we begin.

Risk universe / audit areas agreed

Annual audit plan approved

Process documentation available

Control owners identified

Prior audit reports shared

Reporting lines (audit committee) set

Data / system access arranged

Follow-up / tracking process

FAQ

Common questions

Can you act as our internal audit function?

Yes. We provide both fully outsourced internal audit, where we run the entire function, and co-sourced support, where we supplement your existing team with specialist skills or extra capacity. Either model is scaled to your size, sector and risk profile.

How is this different from an external audit?

Internal audit serves management and the board with broad operational and control assurance; external audit gives an independent opinion to outside stakeholders. They’re complementary.

How do you decide what to audit?

We build a risk-based annual audit plan with you, prioritising the processes and controls that carry the most risk to your objectives, obligations and reputation. The plan is reviewed with management and the audit committee, and stays flexible so we can respond to emerging risks during the year.

Are we required to have internal audit?

Companies meeting the thresholds in Section 138 of the Companies Act 2013 are legally required to appoint an internal auditor, and listed entities have further obligations under SEBI’s listing regulations. We can serve as your outsourced internal audit function to meet these requirements.