Internal Audit is one of the key legs in an effective system of governance, and acts as the final line of defense in the "Three Lines of Defense" model. Effective Internal Audit also acts as a key element of the "Tone from the Top" by demonstrating management's focus on the effectiveness of the system of internal controls.

Strategic Audit Planning:

Development of the Internal Audit Strategic Plan should provide a multi-year risk based internal audit programme. The plan should also provide a framework for the delivery of Internal Audits, a methodology for the delivery of audits, categorization of findings and monitoring of resolution. GRMSi has developed and implemented Terms of Reference (ToR), Internal Audit strategic planning processes and performed risk assessments and multi-year Internal Audit programme development.


Each Internal Audit performed by GRMSi people is done in accordance with the International Standards for the Professional Practice of Internal Auditing of the IIA. The foundation of each audit is the performance of a risk assessment of the auditable area, with reliance on corporate risk registers and the risk management programme. The audits include controls-based testing subject to the importance of the area within the audit. Draft reports and issues are addressed with auditees for agreement to the risks, and recommendations are presented.

IT Audit:

In a world so reliant on information technology for all facets of corporate and company performance, it is critical to have confidence in the effectiveness of controls over information technology. Cyber threats abound, and will intensify. Cloud vs "In-house" environments pose additional challenges. Development methodologies and project management now have the ability to deliver massive benefits, with corresponding levels of risk. And of course IT Governance overall should be reviewed for assurance.