Knowledge Centre

Strengthen governance, manage risks, and prevent nasty surprises.

Internal Audit & Risk Advisory

1. What You Need to Know 

Internal audit independently reviews processes and controls so management can trust the numbers and systems. 
CBAs scope risks, test controls, and recommend practical fixes that fit the size and complexity of your organisation. 

2. Why It Matters to You 

Better controls mean fewer errors, less fraud, and smoother audits. 
Early detection of weaknesses. 
Stronger compliance and reporting. 
Greater efficiency and accountability. 
Confidence for boards, donors, and regulators. 

3. Frameworks, Standards, or References 

Use recognised models, tailored to your context. 

  • Frameworks: COSO Internal Control, risk registers, process mapping. 

  • Standards & governance: King IV principles, IIA reference practices. 

  • References: CIBA guides on internal control and risk. 

  • What your accountant will actually do: Risk assessment, control testing, internal audit plans, reports with actionable remediation. 

4. How to Apply 

Start with risks, then design audits that matter. 

  1. Build a risk register with management. 

  2. Prioritise high-impact processes (cash, payroll, procurement, IT). 

  3. Execute the internal audit plan and report findings. 

  4. Track remediation to closure. 

  5. Refresh risks annually. 

5. Common Mistakes to Avoid 

Keep it practical and focused on value. 

  • “Tick-box” audits with no risk focus. 

  • Ignoring repeat findings. 

  • Over-engineering controls for small teams. 

  • Letting the risk register go stale.