Risks surrounding business are always on the rise. These risks can vary in nature and in severity making it difficult for organisations to achieve their objectives. Financial, operational and compliance risks are just an example of what small, medium, and large organisations encounter on daily basis.

Our team of experienced internal auditors recognise the importance of an effective internal team or function in providing assurance to the Board, sub-committees, management, and other stakeholders. Demonstrating corporate responsibility and a proactive approach to risk management is crucial for organisations of all sizes, and maintaining a robust control environment is essential to achieving these objectives.

• Undertake an audit needs assessment and develop a bespoke internal audit strategy (three-year plan) for your organisation.

• Provide a fully outsourced or co-sourced internal audit service function.

• Provide assurances on one-off special projects, such as a review of your finance function or investigation.

• Carry out data analytics on financial information.

• Progress reporting on delivery of internal audit plan.

• Progress reporting on implementation of internal audit recommendations.

The corporate governance system provides guidance on how an organisation is directed and controlled. Boards of Directors or trustees have the responsibility of governing their organisations. This is done by setting the company’s strategic aims, providing leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship.

In addition, it also helps to foster cooperation and accountability internally, provide reassurance to shareholders externally, and promote the image of the organisation to its stakeholders and the public.

• Board effectiveness review on your governance and sub-committees that support the Board in making its decisions.

• Review compliance with Corporate Criminal Offence requirements.

• Assist in creating organisational policy, internal control and information management frameworks.

• Provide independent evaluation on the performance of your board and its sub-committees.

• Compliance review against UK Corporate Governance Code or the Charity Governance Code.

Risk managementRisk management is the process of identifying, assessing, and controlling threats which pose challenges to achieving your organisation’s aims and objectives. These threats or risks could stem from various sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters.

Risk management is essential for protecting your organisation’s assets, ensuring business continuity, enhancing decision-making, and maintaining compliance. It is also crucial for managing reputation, achieving financial stability, supporting strategic goals, and fostering a strong organisational culture.

• Assessment of your organisation’s risk maturity.

• Develop a risk management framework tailored to your organisation, aligned to your size and complexity of operations.

• Provide risk management workshops to develop a detailed risk register and raise awareness of risk management requirements.

• Undertake a detailed risk management assurance exercise and provide recommendations where further improvements can be made.

• Develop risk management policy and procedures based on your organisation’s requirements.

If you receive grant funding from governments or institutions, the funding agreements typically require an audit to ensure accountability, transparency, and the effective use of funds. These audits confirm that the funds have been managed and utilised in alignment with the terms of the agreement and the intended objectives. By conducting these audits, organisations provide donors with assurance that their contributions have been spent appropriately and in compliance with the agreed requirements.

Our team understands the importance of donor audits in ensuring accountability, transparency, and compliance. We are well-equipped to provide an independent and objective audit report that meets donor requirements and supports your commitment to the donor.

• Audit income and expenditure statement for the project fund

• Provide assurance on the disbursements of the grant funds

• Assess the financial management and controls relating to the grant funds

• Provide an independent report on the management and disbursements of the grant funds

Technology and its ongoing enhancement is critical for organisations to protect sensitive information, ensure business continuity, and maintain trust with stakeholders. These controls safeguard against cyber threats, data breaches, and unauthorised access, thereby preventing financial losses and regulatory penalties. Effective IT security measures also support operational efficiency and enable a swift response to security incidents, ensuring the organisation remains resilient and compliant in an ever-evolving digital landscape.

• Assessment of technology maturity throughout the organisation.

• Provide IT controls assessments and advise management on areas to improve.

• Carry out cyber security and data protection reviews.

• Review IT governance framework.

Internal scrutiny is a critical component of an Academy Trust’s compliance with the academy trust handbook. It is the process through which Trusts evaluate the adequacy and effectiveness of their control environment, focusing on risk management, governance, and internal controls. The objective is to provide independent assurance to trustees that the risk management framework, governance practices, and internal control environment is fit for purpose.

• Undertake an audit needs assessment and develop a bespoke internal scrutiny strategy (three-year plan) for your organisation.

• Deliver internal scrutiny reviews and report to management and audit committee.

A USAID audit is a comprehensive examination and evaluation of the financial statements, compliance with laws and regulations, and overall management practices of programs and projects funded by the United States Agency for International Development (USAID). These audits are essential to ensure that funds are being used appropriately, effectively, and in alignment with the Agency's objectives and policies.

• Perform USAID audits on federal funds received and disbursed by your organisation.

• Guide on USAID audit requirements.

Environmental, Social, and Governance (ESG) is a framework used to evaluate your organisation’s practices and performance on various non-financial factors that may have a material impact on its long-term sustainability and social influence.

Organisations across multiple industries are increasingly recognising the value and importance of integrating ESG principles into their day-to-day operations. ESG reporting focuses on how your organisation conducts its business concerning its environmental impact, as well as its relationships with employees, suppliers, customers, and the wider community.

The landscape of ESG regulation is evolving rapidly, and organisations can expect further guidelines and requirements for ESG reporting to emerge over time. Staying informed and adaptable will be crucial for meeting these new standards and ensuring compliance.

• Perform an ESG assessment and provide recommendations on making improvements to your ESG framework.

• ESG assurance aligned with ISAE 3000 standard by providing ESG credibility of your ESG disclosures and reports.

• Assessment on what impact upcoming regulations have on your reporting requirements.

• ESG advisory by gaining valuable insights into your ESG processes, controls and reporting, and identifying areas of improvement.

• Take our ESG quick quiz: haysmacintyre ESG Starter Quiz

A service organisation control report serves as a valuable tool for service organisations to demonstrate their commitment to internal controls and for user entities to assess the risks associated with outsourcing services.

How we can help:

• Perform a service organisation report in line with AAF 01/20 requirements.