Enterprise Risk Management (ERM) is a business strategy aimed at identification, assessment and preparation for any existing and likely risks which may adversely affect company’s operation, reputation and sustenance. It enables corporates to proactively manage risks by adopting following strategies.

• Accepting or limiting risks if they are insignificant in comparison with the cost of control
• Avoiding risks by appropriate risk mitigation and by insuring them when cost of control is less than the risks
• Risks Assessment to prioritise risks based on likelihood and impact post meetings/ discussions with the respective stakeholders
• Internal Audit Plan covering prioritised audit areas and execution of the same
• Risk Register compilation which contains all the risks and corresponding controls / risk mitigation measures

Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish it’s objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process.

• Success of Internal Audit depends on in-depth understanding of business culture, systems and processes. Internal Audit activity provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient, and organisational goals and objectives are met
• Corporates continue to face diverse risks in dynamic economic, political, social, regulatory and technological environment. If corporate objectives are defined without taking the risks into consideration, there is a greater likelihood of adverse implications in terms of financial loss, reputation and business sustenance
• Hence, we follow a client focused collaborative and solution-oriented approach to ensure cost-effective services. We follow both co-sourcing (where we work along with in-house Internal Audit Team) and outsourced model (where an entire assignment is solely executed by us)
• Our Team has wide experience in internal audits and risk advisory services in diverse industries like Financial Services (e.g. NBFCs, Insurance Companies, Banks), Manufacturing, Auto-components and Auto-ancillaries, Engineering. Real Estate, Shipping, Chemicals, Metrology, etc
• We follow Institute of Internal Auditors, USA guidelines and refer COSO Framework, IPPF standards during planning and execution of the assignments. Each assignment is reviewed by Director/Partner to ensure consistent quality of deliverables. Our recommendations to our clients are constructive aimed at improving operational effectiveness and efficiency without compromising on controls
• We also assist corporates for External Quality Review and Internal Quality Reviews of Internal Audit Department drawing from the guidelines of Institute of Internal Auditors, Florida, USA

Internal Financial Control

As per Section 134 of the Companies Act 2013, the term ‘Internal Financial Controls’ means the policies and procedures adopted by the Company for ensuring orderly and efficient conduct of its business, including:

• Adherence to company’s policies, safeguarding of its assets, prevention and detection of frauds and errors.
• Accuracy and completeness of the accounting records, and timely preparation of reliable financial information.

SOX 404 Compliance

The Sarbanes-Oxley Act of 2002 (SOX) was designed to improve the accuracy and reliability of financial reporting. However, over a decade later, many companies still struggle with how to achieve compliance in a cost-effective way. The Sarbanes-Oxley Act of 2002 establishes stricter requirements regarding corporate governance and internal controls in relation to financial reporting for US-listed companies. In particular, the Act includes the requirements for the documentation and annual assessment of the internal control system.

Our SOX Compliance Services can help the organization with the implementation, documentation, evaluation, improvement and maintenance of internal control systems. In each of these services our professionals work closely with clients to establish internal control frameworks and compliance programs, transfer knowledge and provide training to support a successful internal control system.

Foreign Corrupt Practices Act Compliance Services

Worldwide enforcement of anti-corruption law continues to intensify. With increased enforcement, compliance with the Foreign Corrupt Practices Act (FCPA), the U.K. Bribery Act and other foreign anti-corruption laws has quickly become a priority for companies conducting business—directly or through third parties. Now more than ever, a company must have transparency in all transactions to maintain its reputation and stock value. We help clients mitigate risk by providing a comprehensive evaluation and assessment of their international business relationships and practices.

We offer a comprehensive range of services meant to ensure that a corporation, its directors and employees deal only with worthy and qualified partners and agents. First, at the ground level, we can design and implement an effective program – or review and improve on an existing program – that promotes ethical conduct and minimizes the risk of bribery law violations. Our internal controls consulting can ensure that your company is in the best position to minimize the risk of violations.

IT General Controls Review

IT General Controls (ITGC) are the controls that can be applied to IT systems such as applications, operating systems, databases, and supporting IT infrastructure. The objectives of ITGCs are to ensure the integrity of the data and processes that the systems support. Our services cover:

• Logical access controls over applications, data and supporting infrastructure
• Program change management controls
• Backup and recovery controls
• Computer operation controls
• Data center physical security controls
• System development life cycle controls

We assist organizations in designing ITGC frameworks and providing operating effectiveness assurance through co-sourcing and outsourcing of ITGC audits. Our IT audit professionals have experience working with a wide variety of industries of all sizes. We partner with our clients to provide a comprehensive ITGC coverage to manage and mitigate ITGC risks within your IT environment. Our ITGC services will be tailored to the organization’s risk appetite and compliance requirements.

Corporate governance is the ethics combined with business processes which determines the way a company makes choices and decisions in the interests of its stakeholders. It is the responsibility of the board of directors for creating the framework for corporate governance that determines how a company conducts its business and holds itself accountable for its actions. A well-defined structure is essential to ensuring adherence to policy and its application consistently throughout the organisation.

The structure of corporate governance will invariably be guided by the following key principles:

• Fair and equitable treatment of all shareholders
• Acquiescence with legal, contractual and social obligations to all stakeholders, including employees, investors, vendors and members of the larger community
• Accountability, fairness and transparency by the board of directors who must possess adequate skills to review the business and determine its practices
• A specified code of conduct for board members and executives which guide the management practices of the organisation
• Transparency of policies and procedures of the organisation and disclosure to relevant stakeholders
• Mitigation and resolution of conflicts of interest

Trust reduces transaction cost

Stringent regulations by the government coupled with demands from financial markets has put corporate behaviour under a scanner. A higher set of expectations from all stakeholders has created a new paradigm for boards to assess and manage on an ongoing basis. Good Governance is central to creating and preserving shareholder value and protecting corporate reputation. With good corporate governance structures and practices in place, organisations create trust as they are stronger, more efficient and more accountable. They are thus able to mitigate risk, safeguard against mismanagement and attract resources and capital at lower cost.

Our services

We provide specific and actionable advice on how to make improvements. Our services help companies from many different sectors, especially family-run enterprises approaching a generational change and those that have experienced dynamic growth in the recent past. We assist corporates develop a governance framework by addressing its board structure and way of operating, its management and control systems, internal control mechanisms, transparency in its processes, disclosure of information and relationship to its shareholders. We provide a corporate governance development plan with solutions, as listed below, that can be prioritised in

• Preparation of Audit Committee Charter
• Preparation of Internal Audit Charter
• Preparation of Internal Audit Manual
• Clause 49 Compliance Reviews
• SOX Compliance
• Whistle Blower Policy creation
• Designing and review of delegation of authority for financial powers
• Supporting Corporates in certifications by reviewing processes and controls such as Internal Financial Control Testing and Internal Controls over Financial Reporting

Difference between competing companies’ profitability, cost-effectiveness and its quality not only due to the strategies they follow, but also in the effectiveness of design and implementation of processes. This can be achieved by ensuring in-built controls, accountability, measurable KPIs and escalation matrix. Consequently, intended processes flows are streamlined and they can be in sync with automated workflows in ERPs used by the corporates.

We have assisted various clients by:

• Mapping the “As-is” actual processes
• Comparing them with “To-be” processes
• Documenting activity specific maker, checker, activity frequency, Turn Around Time, KPIs and escalation matrix
• Proactively identifying risks associated with the activities and recommending risk mitigation for the same

As per mandates of boards or managements of companies, we provide customised made service to our client which are elaborated below:

• Compliance Reviews: Corporates have to keep pace with the changing compliance framework to avoid non-compliances which may lead to penalties and business disruption. In this context, we support corporates with independent compliance reviews to strengthen compliance framework of our clients. E.g. Compliances pertaining to EOU units, RBI Compliances for Banks and NBFCs and other Statutory Compliances
• Operations Audits: Operations audits are carried out carried out to assist management in specific focus areas to assess effectiveness and efficiency of the operations e.g. Marketing Spend Effectiveness, Customer Satisfaction Measurement, Employee Engagement Reviews, Logistics Cost Management, Production Planning, etc. They help in streamlining the processes, bring consistency in operations, cost savings and explore possible revenue enhancement opportunities
• Data Analytics: Availability of huge data from diverse systems for decision making is a by-product of the current digital age. However, unless objective specific information is not collated and presented in time to the relevant decision makers, data would be meaningless. Our team has assisted corporates in India and abroad in structuring reports based on large volume of data, building corresponding dashboards and creating threshold-based alerts for operational and top management. This has helped corporates in taking timely decisions
• IT Audits : Our IT experts along with subject-matter experts provide a range of services ranging from Information Technology General Control Audits, preparing IT policy, systems review to Cybersecurity. This ensures that intended operations workflows are in sync with the automated workflows; data and systems are protected from unauthorised access or tampering and greater assurance to the management about reliability of data and systems