Internal Audit & GRC
- Internal audit for private sector
- Enterprise risk management
- Regulatory compliance
- Corporate governance
The process by which policies are set and decision-making is executed.
This refers to the process for ensuring that important business processes and behaviours remain within the tolerances associated with those policies and decisions, to avoid an unacceptable level of uncertainty. Risks are addressed with a balance of mitigation through the application of controls, transfer through insurance, and avoidance or acceptance through governance mechanisms.
- Risk identification
- Risk assessments
- Risk workshops
- Strategy to mitigate risk
- Risk monitoring
- Risk response
This entails the process of adherence to policies and decisions. Policies can be derived from internal directives, procedures, requirements or external laws, regulations, standards, and agreements.
- Link the audit plan and GRC framework
- Share available resources wherever and whenever possible
- Cross-leverage each function’s respective competencies, roles, and responsibilities
- Assess and monitor strategic risks