BUSINESS ADVISORY SERVICES
23 Jul 2019
Businesses can always benefit from expert advice. Here at PKF, our experienced and professional experts are ready to help your business maximise its strengths and minimise its weaknesses by providing hand-on and practical help, advice and support.
Our internal audit services are designed to provide both assurance and consulting assistance.
Our internal audit services specialise in enterprise risk management, governance regulation and compliance, financial advisory, integrated reporting and business performance improvements. We are fully focused on the best ways to build and implement strategies that are pragmatic and results-oriented.
- Internal Audit
Our internal audit service is designed to provide both assurance and consulting assistance on the adequacy and effectiveness of an organisation’s system of internal controls. We have developed and implemented an “integrated audit” approach and principles that are aligned with the IIA standards for Internal Auditing. This approach entails an intentional audit review process that cohesively combines business process auditing, and IT auditing into a single, coordinated effort.
- Risk management
We provide a range of risk advisory, identification and management services. We assist with:
- understanding, identifying and quantifying the risks that may affect the achievement of their objectives;
- identifying and assessing the effectiveness of existing controls as well as designing future action plans and appropriate risk management strategy; and
- assisting with setting up the risk management infrastructure – function, policies, framework etc. and embedding risk management within the organisation.
- Compliance Management
We assist in the monitoring and reporting back on the adequacy and effectiveness of compliance functions and processes. Our approach assesses the effectiveness of compliance programmes against the following key elements:
- board oversight;
- executive management supervision;
- policies, standards, procedures and reporting mechanisms;
- risk assessment and due diligence activities;
- effective internal controls and monitoring;
- training and awareness programmes; and
- investigatory and disciplinary mechanisms.
- Corporate Governance reviews and Board Effectiveness Review
We apply our customised methodology to provide an objective assessment of corporate governance practices, by reviewing policies, procedures, terms of reference and operating documents, in assessing how key governance practices are operating within your organisation.
Our internal audit service is designed to provide both assurance and consulting assistance on the adequacy and effectiveness of an organisation’s system of internal controls.
- Sustainability & Integrated Reporting
For many organisations, there is now recognition that integrated reporting is not a single event but a process that will evolve to impact a number of organisational aspects including culture, systems and processes, and stakeholder interaction.
- We can assist you on your journey with the following aspects:
- prior to the implementation of integrated reporting process;
- development of stakeholder engagement process;
- integrating reporting process into business;
- assist with assurance approach to integrated reporting;
- forward-looking information;
- non-statutory and varied scope assurance on the integrated report; and
- assurance on integrated reporting processes including a review of various areas required by the Global Reporting Initiative (“GRI”) framework such as, occupational health, environmental safety, safe working conditions, ethical and fair labour practices and human justice.
- Training for Internal Audit Functions, Audit Committees and the Board
We offer training for internal audit functions, audit committees and the board, to help them understand their roles and effectively fulfil them. Training ranges from internal audit methodology and understanding the requirements of the Internal Auditing Standards, to Risk Management, King IV awareness, functions of Internal Audit, roles and responsibilities of the board and audit committees.
- Quality Review of Internal Audit Functions
In performing a QAR, we follow the Quality Assessment Manual published by the Institute of Internal Auditors. Our quality review entails a review of the following:
- compliance with the IIA Standards, the IIA’s Code of Ethics and the internal audit activity’s charter, plans, policies, procedures, practices, and applicable legislative and regulatory requirements;
- expectations of the internal audit activity expressed by the board, executive management and operational managers;
- integration of the internal audit activity into the organisation’s governance process, including the attendant relationships between and among the key groups involved in that process;
- tools and techniques employed by the internal audit activity;
- A mixture of knowledge, experience and disciplines within the staff, including staff focus on process improvement; and
- determination as to whether or not the activity adds value and improves the organisation’s operations.
- Performance Reviews
We provide assurance on management’s controls to measure the organisation’s ability to achieve its objectives and programme outputs in an efficient, effective and economical manner. This includes providing management with information as measured against agreed objectives and criteria and communicating possible areas of improvement by way of a formal report.
- Controls Transformation and Improvement
We assist organisations with mitigating the risks associated with internal systems business processes, projects, applications and data. Our complete controls review is undertaken to gauge the maturity level of such controls and determine whether they have been adequately designed to mitigate or eliminate risk, or alternatively, whether there is a need to re-engineer some institutionalised controls to better manage the potential risks to the organisation.
Information Technology Advisory & Assurance Support
We provide a range of specialist integrated and holistic solutions to Information Communication Technology (ICT) challenges from a business and Information System perspective.
Our solutions simplify and effectively address all the requirements relating to governance, access management, system streamlining, business process, security, data and ERP implementations.
Our Services includes:
- IT Governance
IT governance assists management with the structures and processes of IT strategy in line with the drive to ensure that the goals and objectives of the greater organisation are met. Our IT governance solution is based on the principles in King III, with the objective of ensuring that there are adequate and effective IT Governance controls to provide reasonable assurance that the IT department is operating efficiently and effectively, taking into account accepted best practices. Our assessment focuses on the five key areas of IT Governance namely, strategic alignment, value delivery, risk management (including IT risk assessment), resource management and performance management.
- Information Systems Assurance
IT General Controls are controls in the general computer environment. The Controls’ aim is to assess IT policies and procedures to ensure the adequacy of access and restrictions to systems. We also assess change control, physical and environmental security, IT service continuity and backup, service level agreements with third party suppliers and problem and incident management.
Application controls are the automated controls built into a system to ensure that data input into the system is complete, accurate and valid, and that output is consistent with the input.
- Information Technology Security Solution
In order to provide adequate assurance, we consider all areas of possible risks by evaluating security controls around all key layers of access to information systems such application, database, operating system, network, mobile devices and web applications.
We follow a structured approach which involves identifying and reviewing implemented security controls on these layers, in the following areas:
- operating system security reviews (e.g. Unix, AIX, Sun Solaris, and Windows);
- network security reviews (both internal and external vulnerability assessments, attack and penetration testing, domain controllers and network devices - firewalls, routers, switches and intrusion detection systems;
- application security reviews;
- database security reviews (e.g. Oracle, SQL Server, Sybase and Informix);
- web-application security reviews;
- mobile application security review; and
- security governance reviews.
- Data Analytics and Continuous Auditing
We can perform data analysis on various data stored in our clients’ databases. Our Data Solutions portfolio includes migration assurance solutions to ensure data migrated during a system upgrade or replacement is complete and accurate, data testing solutions to assist in ensuring data is accurate for the required purpose, and meter reading and billing solutions used to assist in ensuring that usage data is accurately billed to the correct user account.
- ERP Solution
ERP (Enterprise Resource Planning) systems aim to integrate a set of business process best practices across the entire business spectrum from finance, HR, logistics to customer and supplier management relationships. We have experience in ERP platforms such as SAP and Oracle. Our solution incorporates:
- access management (managing access to the system and maintaining its governance);
- systems rationalisation (managing disparate systems and ensuring proper interface across the entire spectrum of the IT environment);
- blueprint assessment (matching the original blueprint with the implemented solution); and
- implementation signoffs (planning, managing and monitoring project implementation).