Internal audit

Internal audit ordinarily forms a firm’s third line of defence, providing an independent assessment of a firm’s risk management activities. It assesses the key controls introduced to prevent and detect risk and the governance processes around specific sources of risk.

Internal audit is not Compliance 2.0. In order to add value beyond that added by the business and the second line, the third line needs its own perspective. In practice, this means the completion of control reviews that are based on industry-recognised standards. But just as Internal Audit should not just be more Compliance monitoring, it shouldn't lose a genuine grasp of the rules . If testing FCA requirements, the tester should appreciate FCA expectations.

At Bovill Newgate, we have been working in recent years to bridge the gap between regulatory and audit knowledge. We have been hiring ACA-qualified personnel who have worked on regulatory matters, and we have been working to cross-pollinate, upskilling consulting staff on audit standards and upskilling audit staff on regulatory nuance. We now support a variety of clients with an internal audit offering that can cover FCA obligations comprehensively.

This support can be shaped in a number of ways.  We can be engaged for a cycle of work that covers an array of regulatory topics, or we can work with you in a single engagement for an area of particular importance.

Fully outsourced internal audit function

An option attractive to growing firms who are beginning to need an internal audit function but not yet on a scale that warrants permanent staff.

We serve as the third line of defence, providing you with a consistent approach to internal audit from proposing the scope of work to your governing bodies through to testing and reporting. Our reports provide detailed findings anchored in our knowledge of regulatory requirements and industry best practice. The findings are risk-rated in a manner proportionate to your firm, enabling you to prioritise your remediation efforts.

Co-sourced internal audit function

An option that can work well for larger firms with an established function that either lacks knowledge in a specific area or lacks bandwidth during busy periods.

If you already have an internal audit function that needs extra resource or specific SME resource, we can work alongside your team adapting to the methodology used and the specific requirements and areas of assistance needed. Of course, we can also bring our methods to the table, working with you to enhance the broader offering. We can help with anything from risk assessments, scope, designing and performing testing through to reporting and issue validation.

Training to internal audit teams

We provide one-to-one training for senior staff or group-style training for the Internal Audit function. Our training will always be specific to your business and will account for the specific risks relevant to your business model.