Internal Audit has evolved from the traditional “Police man” approach to a value add business partner functions. At RFR Professionals, we provide industry focused internal audit service which is drawn from our vast industry and practice experience. We provide this service as fully outsourced service where we manage the internal audit function of our clients’ organisation on their behalf and report to senior management, the shareholders/audit committee or those charged with governance. Alternatively, this service could be provided as Co-Source where we work with our clients’ in house internal audit team to provide value adding cost saving and process effective internal audit function. Our Internal Audit service is further divided into:
Integrated Internal Audit Functions
RFR Professionals delivers its integrated audit functions using a 3 year audit strategy approach effectively adopting the risk based audit methodology in line with ISA requirements. This, on an annual basis is further broken down into an annual audit plan. Both the audit strategy and plan take into consideration the ERM framework and the risk register put in place during the Enterprise Risk Management and Internal Control Framework design. Our integrated audit covers financial, commercial and operational processes of our clients’ businesses.
IT Audit
RFR Professionals uses various IT audit risk based methodology to deliver value adding and process enhancing IT audit. IT audit is provided by our IT audit experts using different IT audit methodology such as penetration testing, IT security framework, DB management and other relevant IT audit approaches.
Monthly Data Analytics
As part of our internal audit functions RFR Professionals provide our clients with a monthly data analytic report on their activities especially sales and banking transactions. This ensures that all sales and receivables are correctly captured, banked and reported. Our advanced data analytic system ensures that 100% of all transactions are reviewed on a monthly basis. Exception reports are generated and brought to senior management attention.
Value Added Services and Value for Money
RFR Professionals through its wide exposure and international pool of resources have evolved with internal audit development. We therefore deliver strong value added and internal control services to our clients .We aim, after every financial year, through cost saving and revenue enhancing recommendations justify our professional fees.
Sarbanes Oxley (SOX) 404
US listed corporations are mandated to comply with the provisions of SOX 404, and have a reporting and disclosure obligation toward this prescriptive control framework. RFR Professionals deliver Sarbanes Oxley (SOX) control frameworks for clients in emerging economies saddled with the SOX reporting obligations. This is especially relevant for organisations with close interactions or close business relationship with US listed corporations. We implement this through effective control design and testing that enable its relevant process owner’s sign off their quarterly, bi-annual or annual statement of assurance as detailed below:
Control Design
We design controls at the local level that is consistent with the enterprise-level controls of a US listed corporation. We integrate and fit these control design into our clients relevant head office control that allow for synchronised testing.
Implementation and Testing
We implement SOX 404 and test applicable relevant controls on a quarterly, semi-annual and annual basis. Our tested controls are carried out in line with SOX requirements and adequately documented, reviewed, ranked and reported to relevant process owners to give them enough assurance and confidence to sign off their regular statement of assurance.
Statement of Assurance Sign Off
We provide the relevant control data and information to enable our clients’ directors’ sign off their quarterly, semi-annual and annual statement of assurance with peace of mind. We document and retain these tested controls in line with SOX requirements.