Internal Audit Services


  What is Astral Methodology for Internal Auditing?

We use our automated internal audit tools, supplemented by the COSO framework for effective internal auditing. The value of COSO-based auditing is that it helps internal auditors to perform effective evaluation of the controls espoused by COSO while avoiding the faulty, irrelevant findings that can sometimes result from traditional audit methods.

COSO helps internal auditors develop & introduce enabling internal control evaluation tools within organizations, these tools includes a common risk language & process to collect, categorize & evaluate risk & controls, as well as a way to measure progress towards achieving business objectives.

With focus on cost & expenses amongst corporate, there is a need from corporate Governance perspective to ensure that cost is not the only focus when considering the level of internal audit. Our Customer-focused and outcome-oriented approach addresses systemic root causes of internal control deficiencies, avoids placing blame, and produces a workable solution every time.

  Why does an organization need internal controls?

An organization needs internal controls to provide greater assurance that they will achieve their operating, financial reporting, and compliance objectives; in other words to help the organization succeed in its mission.

Internal control designed helps ensure that the directions, policies, procedures, and practices designed and approved by management and the board are put in place and are functioning as desired.

  What are the objectives of good internal control?

There are three objectives of good internal control - all established in the COSO Internal Control -Integrated Framework in 1992. They are:
1) accuracy of financial reporting;
2) compliance with laws and regulations; and
3) effective and efficient operations.

The COSO control components are designed to assist the organization in achieving those objectives.

  What are the COSO components of internal control?

There are five control components to the COSO integrated framework: Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring.

  Are all 5 components important?

Yes, all are important, while all 5 components must be satisfied, each component may operate at a different level, tradeoffs exist between components determining effectiveness involves judgment.

  How to ensure all the five components of internal controls are implemented & operating effectively?

Principles defined in the COSO framework provide guidance to evaluate components. A "principle" is a fundamental concept associated with effectiveness of internal control. A "principle" should remain constant over time and relates specifically to one of the five control components in the framework.

Attributes laid down under the COSO framework provide guidance to evaluate principles.

Attributes represent characteristics associated with the principle. Although each attribute generally is expected to be present within a company, it may be possible to apply a principle without every listed attribute being present.

  What challenges do small companies face regarding internal control and how does the COSO   guidance help to deal with these challenges?

Among the challenges are:
Resources: Obtaining sufficient resources to achieve adequate segregation of duties.
Documentation: Determining the right level of documentation Vs Cost
Risk Assessment: Identifying company specific risk & related process
Running the Business: Taking critical management attention away from running the business in order to provide sufficient focus on accounting and financial reporting.
Information Technology: Controlling information technology and maintaining appropriate general and application controls over computer information systems with limited technical resources

COSO provides practical guidance to overcome such challenges and correlates these examples to the principles they support.

  How much does an internal audit cost?

The appropriate cost of an internal Audit will depend on factors such as the risk identified at entity level risk assessment & level of internal audit involvement in the areas.

  Will use of COSO methodology reduce overall costs of internal control assessment?

We believe that by adopting COSO methodology the management and the board of directors shall be enabled to make smarter decisions regarding the types of controls necessary and the level of controls necessary to achieve the organization's objectives in a cost effective manner.

  What are the Areas ripe for Internal Audit In addition to risk assessment & process review?
  • Project Management
  • Fraud Detection &Prevention
  • Knowledge Management
  • Talent & Organizational Issues
  • Business Continuity
  • Succession Planning
  • Spreadsheets
  • IT Security
  • Expenditure Control
  • Customer Satisfaction
  • Compliance
  • Network Security
  • Continuous Monitoring
  • Data Extraction & Prevention
  How Astral can serve your company?
  • Aligning Internal Audit value proposition with stake holder expectation
  • Monitoring activities top management can not by itself monitor
  • Identify & Minimize Risk
  • Validate Reports to senior Management
  • Protecting management in technical field
  • Helping in decision Making process
  • Review for the future not just for the past
  • Helping Mangers manage
    • Planning Problem
    • Organizing Problem
    • Directing Problem
    • Controlling Problem
  • Benchmark with best practices
  • Review for the future not just for the past