Skip to content
Call Us! +359 899 945 867
Horizon Compliance Logo Horizon Compliance Logo
  • Home
  • Mission
  • Our Services
    • Assurance for Sustainability, NFI and ESG Reporting
      Independent assurance of Sustainability, Non-Financial Information (NFI) reporting, including Environmental, Social and Governance (ESG) issues is increasingly important and part of the corporate reporting landscape transformation. See how our team of experts can help you navigate these waters.
      READ MORE
    • Internal Audits services in compliance with IIA standards
      Learn more about our expert internal audit capabilities to deliver financial, operational, compliance and IT audits in adherence with international best practices and standards that will meet and exceed your expectations.
      READ MORE
    • Risk & Control Reviews in line with listing requirements
      Explore how you can outsource your periodic management assessment over the effectiveness of internal controls and risk management in full compliance with SOX, UK Code and other corporate governance frameworks.
      READ MORE
    • SAP GRC Support (Risk, Process and Access modules)
      If you are running your business on SAP, the SAP GRC module can be critical to decrease compliance costs, improve assurance, mitigate risks and facilitate the achievement of business objectives. We provide specialised hands-on support on: 1) SAP Risk Management, 2) SAP Process Control and 3) SAP Access Control.
      READ MORE
    • SOC Reports in accordance with international standards

      See how we can help user and service organisations to respectively obtain or provide a SOC 1, 2 or 3 report, Type 1 and 2, under both ISAE and SAS standards. We will also share our expert advice about your needs and requirements and suggest optimal solutions.

      READ MORE
    • User Access Governance and Compliance

      Effective governance over user access management is business critical for any corporation. See how we can help you to implement compliance with least privilege access, effective segregation of duties and leverage on advanced IGA (Identity Governance and Administration) solutions.

      READ MORE
  • Our Team
  • Contact
  • Home
  • Mission
  • Our Services
    • Assurance for Sustainability, NFI and ESG Reporting
      Independent assurance of Sustainability, Non-Financial Information (NFI) reporting, including Environmental, Social and Governance (ESG) issues is increasingly important and part of the corporate reporting landscape transformation. See how our team of experts can help you navigate these waters.
      READ MORE
    • Internal Audits services in compliance with IIA standards
      Learn more about our expert internal audit capabilities to deliver financial, operational, compliance and IT audits in adherence with international best practices and standards that will meet and exceed your expectations.
      READ MORE
    • Risk & Control Reviews in line with listing requirements
      Explore how you can outsource your periodic management assessment over the effectiveness of internal controls and risk management in full compliance with SOX, UK Code and other corporate governance frameworks.
      READ MORE
    • SAP GRC Support (Risk, Process and Access modules)
      If you are running your business on SAP, the SAP GRC module can be critical to decrease compliance costs, improve assurance, mitigate risks and facilitate the achievement of business objectives. We provide specialised hands-on support on: 1) SAP Risk Management, 2) SAP Process Control and 3) SAP Access Control.
      READ MORE
    • SOC Reports in accordance with international standards

      See how we can help user and service organisations to respectively obtain or provide a SOC 1, 2 or 3 report, Type 1 and 2, under both ISAE and SAS standards. We will also share our expert advice about your needs and requirements and suggest optimal solutions.

      READ MORE
    • User Access Governance and Compliance

      Effective governance over user access management is business critical for any corporation. See how we can help you to implement compliance with least privilege access, effective segregation of duties and leverage on advanced IGA (Identity Governance and Administration) solutions.

      READ MORE
  • Our Team
  • Contact

Pillar 2 Internal Auditing

Pillar 2 Internal AuditingAttinder2020-04-06T05:08:05+00:00

What is Internal auditing?

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

What are the most common types of Internal Audits?

Financial audits – the purpose of a financial audit in general is to provide reasonable assurance that the financial statements are presented fairly, in all material respects and give a true and fair view in accordance with the financial reporting framework. The objective is achieved through an independent and objective assessment of internal controls over financial reporting (control testing) and additional audit procedures aimed at gathering substantive evidence. Specifically, in case of internal financial audits, the focus of each audit project can be very specific, depending on the audit plan and the contingent requirements

Operational audits – the purpose of operational audits is to evaluate the effectiveness and efficiency of operations and business processes. The scope and objectives of each audit project may vary depending on various circumstances and the specific requirements.

Compliance audits – the objective of a compliance audit is to review an organization’s adherence to laws and regulations, also including company policies and procedures. Compliance audits can be performed before the issuance of the relevant regulations in order to assess the level of the organization preparedness, such as in a readiness review, or after, to evaluate the actual level of compliance, highlight any risk exposure and recommend corrective actions.

Fraud investigations – fraud investigations are a very specific type of audit. They should preferably be performed by certified fraud examiners due to their inherent high sensitivity and the related legal and reputational implications. Usually legal and HR functions are also involved in such investigations. In specific cases, forensic experts may be required, especially if legal evidence that can be used in a court of law or legal proceeding may be needed.

IT audits – an IT audit can be broadly defined as the evaluation of an organization’s information technology infrastructure, policies and operations, to determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business’s overall goals. IT audits can be classified in three broad categories:

a) IT General Controls audits. These cover one or more of the following key areas: System and Program Development, Change Management, Computer Operations, Access to Programs and Data, IT and Cyber-security threats.

b) Application Controls audits, these audits focus on the technical configuration of business systems that enable specific controls to operate, in a full or semi-automated manner.

c) Robotic Process Automation. This is a relatively new IT audit category which is growing in its importance as corporations are investing in robotics to automate business processes. A robotic process automation audit will include a combination of IT General Controls and Application controls audit procedures.

Why is Internal Audit important?

The independence and broad perspective that internal auditors can bring to an organization makes them a valuable resource to enhance risk management, achieve objectives, helping the audit committee and the board to ensure that the organization as a whole is held accountable to all its stakeholders and that it is follows sound management practices

On another note, prolonged periods without independent and objective advice may lead management to fall for certain psychological traps such as “fear of upsetting the status-quo”, “anchoring”, “over-reliance on your echo-chamber” and “hostage to the past”. These “traps” may hamper the growth potentiality of your business and perpetuate inefficient or ineffective courses of action, or both.

How can you respond?

It is important to carefully consider how Internal Audit can assist your organization. You may opt for different approaches and solutions also depending on the applicable laws and regulations. You may wish to have internal audits performed only in specific areas of interest. These could cover specific risks, pain points, projects, the organization’s readiness for new regulations, etc. In some cases you may prefer to have internal auditors define a complete annual internal audit plan which will cover various areas. The annual internal audit plan should be prepared following an internationally acknowledged methodology. The plan should be presented and approved by the Audit Committee or, in absence of such committee, by the board of directors. Another key decision is whether you would like to set up an in-house internal audit function, with full time employees, or fully outsource the function to a specialised service provider such as Horizon Compliance, or work with a combination of both.