Internal Audit & Risk Advisory
Systematic identification, evaluation and remediation of business risks — using our proprietary REEM framework developed and refined over a decade of internal audit practice.
Internal Audit & Risk Advisory
The business environment has never been more complex. Regulatory changes, cyber threats, supply chain disruptions, and governance failures can materialise rapidly — threatening operations, reputation, and value. Effective internal audit and risk management is a fundamental requirement for sustainable growth.
Our practice is led by Nikhil Jain (FCA, ACA, US CPA, CS), who trained majorly at PwC and also at Lodha & Co. At the heart of our methodology is the REEM framework — covering Risk identification, Existence of controls, Effectiveness testing, and Monitoring — a complete, documented cycle of assurance that goes well beyond a compliance checklist.
- Internal Audit (Outsourced) — quarterly or half-yearly, reporting to Audit Committee
- Internal Audit (Co-sourced) — augmenting your existing team
- IFC — Internal Financial Controls design, documentation and testing
- Standard Operating Procedures (SOP) development
- Concurrent Audit for Banks, NBFCs and Financial Institutions
- ERP Implementation Audit — access controls and role segregation
- Fraud Risk Assessment & investigation support
- Process Reviews & Control Improvement Recommendations
Our Internal Audit & Risk Advisory Services
Comprehensive services by Chartered Accountants, Company Secretaries and US CPAs with Big 4 experienced backgrounds.
Complete outsourcing of the internal audit function — quarterly or half-yearly audits across all business functions, reporting directly to the Audit Committee or Board.
Expert co-sourcing for organisations with an existing internal audit team — augmenting your team's capability with specialist expertise in specific technical risk areas.
Design, implementation and testing of Internal Financial Controls as mandated under Section 134(5)(e) of the Companies Act 2013 — including complete process documentation.
Development of comprehensive SOPs for all key business processes — procurement, sales, inventory, HR, finance, treasury — providing the documented control foundation for internal audit.
Real-time concurrent audit of bank branches and NBFCs — verifying compliance with RBI guidelines, credit appraisals, KYC norms, and advances on a continuous basis.
Pre and post-implementation audit of ERP systems (SAP, Oracle, Tally) — verifying access controls, role segregation, master data accuracy, and system-generated report reliability.
Identification of fraud risk indicators, design of anti-fraud controls, fraud risk questionnaires, and investigation support for suspected irregularities.
Assessment of management effectiveness, decision-making processes, and key performance metrics — providing the Board an independent view of operational performance.
Our Step-By-Step Process
Systematic identification of all significant operational, financial, regulatory, strategic, and reputational risks — through process walkthroughs, stakeholder interviews, and industry benchmarking.
For each identified risk, verifying whether an adequate control exists — preventive, detective, or corrective. Mapping the control landscape and identifying design gaps where risks are unmitigated.
Testing controls through sample testing, re-performance, and observation — providing a realistic picture of actual risk mitigation rather than relying on documented procedures alone.
Tracking remediation of all identified findings, monitoring implementation of recommended controls, and assessing whether new risks have emerged as the business evolves.
Our Key Differentiators
Our proprietary methodology maps every significant risk to a control, tests whether that control is working, and tracks remediation. A genuinely structured approach that produces distinctive, actionable insights.
Our audit reports serve two audiences simultaneously — actionable detail for management, and a clear executive summary for the Audit Committee. Each party gets exactly what they need.
We have conducted internal audits across manufacturing, banking, IT, real estate, healthcare, FMCG, and NGOs — bringing genuine domain knowledge to every risk assessment we undertake.
FCA, ACA, US CPA, CS. Trained majorly at PwC and also at Lodha & Co. Specialises in Internal Audit, Statutory Audit, IFC review, and setting up US & Global outsourcing engagements.
Frequently Asked Questions
Under Section 138 of the Companies Act 2013, internal audit is mandatory for: every listed company; every unlisted public company with paid-up capital ≥ ₹50 crore, or turnover ≥ ₹200 crore, or outstanding loans ≥ ₹100 crore; and every private company with turnover ≥ ₹200 crore or outstanding loans ≥ ₹100 crore. We generally recommend internal audit for any business with revenues exceeding ₹25 crore.
Section 134(5)(e) requires the Board to confirm they have laid down adequate internal financial controls operating effectively. The statutory auditor must also report on IFC adequacy under Section 143(3)(i). IFC covers controls over financial reporting — ensuring financial statements are free from material misstatement. We design, document, and test IFC for all applicable clients.
For most mid-size businesses, quarterly internal audits provide the right balance between risk coverage and engagement cost. High-risk areas like cash, procurement, and payroll warrant quarterly review; lower-risk areas may be reviewed annually. For companies with mandatory internal audit requirements, quarterly reporting to the Audit Committee is the standard practice.
Statutory audit is an independent external audit of financial statements, mandated by law, focused on whether accounts give a true and fair view. Internal audit is an ongoing management oversight function — broader in scope, covering operational efficiency, compliance, risk management, and governance. The same firm cannot serve as both statutory auditor and internal auditor for the same company.
Yes — unlike statutory auditors, internal auditors are not subject to the same independence restrictions for the same client. Internal auditors routinely provide SOP development, process redesign, and management consulting alongside their assurance function. This dual role is a genuine strength as the auditor's operational knowledge makes consulting directly actionable.