We Understand The Changes In The Regulatory Regime And Provide Assistance With Internal Audit And Report The Gaps:
- We provide bespoke Compliance audit for investors looking at the compliance programmes on their investments to check if they meet international best practice standards.
- We undertake annual internal audits as required by regulatory requirements
- We assist firms during mergers and acquisitions where investors seek comfort about the integrity of the compliance structures, controls and processes in place of the target company
Per Paragraph 2.6.1 of the Monetary Authority of Singapore’s (“MAS”) Guidelines on Risk Management Practices – Internal Controls (the “Internal Control Guidelines”), licensed and exempt financial institutions are recommended to “have in place an adequately staffed, independent and permanent internal audit function for assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are independent, effective, appropriate, and remain sufficient for the institution’s business.”
Section 2.6 of the Internal Control Guidelines also includes other recommendations relating to the frequency, scope and methodology of independent audits.
While many large institutions have permanent internal audit functions overseen by sufficiently senior personnel, this is not always true for smaller organizations, primarily for cost reasons. Smaller financial institutions frequently outsource their internal audit function. This outsourcing is considered a “material outsourcing arrangement” per the MAS’ Guidelines on Outsourcing, which means it will be something in which the MAS is “particularly interested” and that a financial institution “should be ready to demonstrate to MAS its observance of [the MAS’ Guidelines on Outsourcing].”
We offer outsourced internal audit services to small and medium-sized financial institutions. While our approach to internal audit is consistent with best practices in independence, methodology and rigor, we distinguish our service on the following basis:
We designed our service as a result of the experiences our management team had (in other roles) with outsourced auditors who did not sufficiently understand the businesses or material risks of the companies they audited and instead approached the work as a one size fits all/check the box exercise.
We choose our words carefully and do not inflate our initial risk ratings with the expectation that they will be negotiated down. While we solicit client feedback and take it seriously, our risk assessments are principle-based rather than unreasonably cautious findings or levers to generate follow-on remediation work.
We prioritize solving gaps identified during the internal audit and helping companies ensure that the issue does not recur. In the internal audit, world, the only thing worse than finding a deficiency is finding the same deficiency two years in a row.