Risk Assurance & Advisory Services

Risks surrounding business are always on the rise. These risks can vary in nature and severity, making it difficult for organisations to achieve their objectives. Financial, operational and compliance risks are just an example of what small, medium, and large organisations encounter on a daily basis.

Our team of experienced internal auditors recognises the importance of an effective internal team or function in providing assurance to the Board, sub-committees, management, and other stakeholders. Demonstrating corporate responsibility and a proactive approach to risk management is crucial for organisations of all sizes, and maintaining a robust control environment is essential to achieving these objectives.

We tailor our risk assurance services to fit the size, structure and goals of your organisation, delivering audit programmes that are effective, scalable and aligned with your broader risk strategy.

• Undertake an audit needs assessment and develop a bespoke internal audit strategy (three-year plan) for your organisation.

• Provide a fully outsourced or co-sourced internal audit service function.

• Provide assurances on one-off special projects, such as a review of your finance function or investigation.

• Carry out data analytics on financial information.

• Progress reporting on delivery of internal audit plan.

• Progress reporting on implementation of internal audit recommendations.

The corporate governance system provides guidance on how an organisation is directed and controlled. Boards of Directors or trustees have the responsibility of governing their organisations. This is done by setting the company’s strategic aims, providing leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship.

In addition, it also helps to foster cooperation and accountability internally, provide reassurance to shareholders externally, and promote the image of the organisation to its stakeholders and the public.

Our risk advisory services support governance structures that are transparent, robust and aligned to best practice, helping you build trust and reduce exposure to reputational and compliance risks.

• Board effectiveness review on your governance and sub-committees that support the Board in making its decisions.

• Review compliance with Corporate Criminal Offence requirements.

• Assist in creating organisational policy, internal control and information management frameworks.

• Provide independent evaluation on the performance of your board and its sub-committees.

• Compliance review against UK Corporate Governance Code or the Charity Governance Code.

Risk management is the process of identifying, assessing, and controlling threats which pose challenges to achieving your organisation’s aims and objectives. These threats or risks could stem from various sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters.

Risk management is essential for protecting your organisation’s assets, ensuring business continuity, enhancing decision-making, and maintaining compliance. It is also crucial for managing reputation, achieving financial stability, supporting strategic goals, and fostering a strong organisational culture.

Through our risk advisory services, we help you develop a forward-looking risk culture and a framework that supports better decision-making and financial risk control at all levels of your organisation.

• Assessment of your organisation’s risk maturity.

• Develop a risk management framework tailored to your organisation, aligned to your size and complexity of operations.

• Provide risk management workshops to develop a detailed risk register and raise awareness of risk management requirements.

• Undertake a detailed risk management assurance exercise and provide recommendations where further improvements can be made.

• Develop risk management policy and procedures based on your organisation’s requirements.

If you receive grant funding from governments or institutions, the funding agreements typically require an audit to ensure accountability, transparency, and the effective use of funds. These audits confirm that the funds have been managed and utilised in alignment with the terms of the agreement and the intended objectives. By conducting these audits, organisations provide donors with assurance that their contributions have been spent appropriately and in compliance with the agreed requirements.

Our team understands the importance of donor audits in ensuring accountability, transparency, and compliance. We are well-equipped to provide an independent and objective audit report that meets donor requirements and supports your commitment to the donor.

Our donor audit work is underpinned by strong risk assurance services, ensuring accountability frameworks and financial risk controls are in place across project funding cycles.

• Audit income and expenditure statement for the project fund

• Provide assurance on the disbursements of the grant funds

• Assess the financial management and controls relating to the grant funds

• Provide an independent report on the management and disbursements of the grant funds

Technology and its ongoing enhancement is critical for organisations to protect sensitive information, ensure business continuity, and maintain trust with stakeholders. These controls safeguard against cyber threats, data breaches, and unauthorised access, thereby preventing financial losses and regulatory penalties. Effective IT security measures also support operational efficiency and enable a swift response to security incidents, ensuring the organisation remains resilient and compliant in an ever-evolving digital landscape.

We offer risk advisory services that assess technology resilience and align your IT controls with broader governance and financial risk control objectives.

• Assessment of technology maturity throughout the organisation.

• Provide IT controls assessments and advise management on areas to improve.

• Carry out cyber security and data protection reviews.

• Review IT governance framework.

Internal scrutiny is a critical component of an Academy Trust’s compliance with the academy trust handbook. It is the process through which Trusts evaluate the adequacy and effectiveness of their control environment, focusing on risk management, governance, and internal controls. The objective is to provide independent assurance to trustees that the risk management framework, governance practices, and internal control environment is fit for purpose.

Our team supports internal scrutiny through tailored risk assurance services, giving academies the tools to meet their governance responsibilities and improve transparency.

• Undertake an audit needs assessment and develop a bespoke internal scrutiny strategy (three-year plan) for your organisation.

• Deliver internal scrutiny reviews and report to management and audit committee.

A USAID audit is a comprehensive examination and evaluation of the financial statements, compliance with laws and regulations, and overall management practices of programs and projects funded by the United States Agency for International Development (USAID). These audits are essential to ensure that funds are being used appropriately, effectively, and in alignment with the Agency's objectives and policies.

These audits form part of our broader risk assurance services for internationally funded projects, giving donors and grant recipients confidence in compliance and financial risk control.

• Perform USAID audits on federal funds received and disbursed by your organisation.

• Guide on USAID audit requirements.

Environmental, Social, and Governance (ESG) is a framework used to evaluate your organisation’s practices and performance on various non-financial factors that may have a material impact on its long-term sustainability and social influence.

Organisations across multiple industries are increasingly recognising the value and importance of integrating ESG principles into their day-to-day operations. ESG reporting focuses on how your organisation conducts its business concerning its environmental impact, as well as its relationships with employees, suppliers, customers, and the wider community.

The landscape of ESG regulation is evolving rapidly, and organisations can expect further guidelines and requirements for ESG reporting to emerge over time. Staying informed and adaptable will be crucial for meeting these new standards and ensuring compliance.

We bring risk advisory services to the ESG agenda, helping you understand the risks and opportunities of non-financial reporting and how they impact long-term financial risk control.

• Perform an ESG assessment and provide recommendations on making improvements to your ESG framework.

• ESG assurance aligned with ISAE 3000 standard by providing ESG credibility of your ESG disclosures and reports.

• Assessment on what impact upcoming regulations have on your reporting requirements.

• ESG advisory by gaining valuable insights into your ESG processes, controls and reporting, and identifying areas of improvement.

A service organisation control report serves as a valuable tool for service organisations to demonstrate their commitment to internal controls and for user entities to assess the risks associated with outsourcing services.

We help clients strengthen service delivery credibility through independently assured control reports, a core element of our risk assurance services.

How we can help:

• Perform a service organisation report in line with AAF 01/20 requirements.

• Perform an ISAE 3402 controls report based on your services