Receive the latest insights, news and more direct to your inbox.
Dynamic organisations need a broad range of advisory services to support their ambition and growth.
-
Consulting
The Grant Thornton FS Consulting team have a wealth of experience across a wide range of issues. From banks to insurance companies, the FS Consulting team have branched into all areas of Financial Services. Our FS Consulting team can help you with an array of issues, and guide you through the journey.
-
Corporate Finance
Grant Thornton’s Corporate Finance team has built up a vast range of experience providing a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
-
Financial Accounting and Advisory Services (FAAS)
Our team of experts here at Grant Thornton is committed to providing best-in-class solutions to help our clients effectively overcome the hurdles associated with complex regulatory compliance requirements, especially when entering new markets.
-
Financial Crime (AML)
Protect your business from financial crime with expert AML solutions.
-
Forensic Accounting
Resolve disputes, uncover fraud and protect your business with expert forensic accounting, investigations and digital forensics support.
-
Internal Audit & Control Assurance
Strengthen governance, enhance controls, and ensure compliance with expert internal audit and assurance services.
-
IT Risk Assurance and Advisory
Ensure IT compliance, mitigate risks, and enhance governance with expert IT risk assurance and advisory services.
-
Risk Advisory
Our Risk Advisory team delivers innovative solutions and strategic insights for the Financial Services sector, addressing disruptive forces, regulatory changes, and emerging trends to enhance risk management and foster competitive advantage.
-
Sustainability Desk
Grant Thornton’s team of experts provides a wide range of sustainability solutions, combining our knowledge of sustainability with our deep experience in providing professional services.
The Grant Thornton Audit team offers that expertise and knowledge along with a horizontal approach to solving clients’ problems and queries. Clients get access...
Given Bermuda's very attractive tax incentives for overseas investors, our team can advise on all matters relating to expatriate and international taxes. We...
Quick summary
- Internal audit is no longer just compliance – it’s a strategic tool that protects and creates business value.
- Forward-thinking organisations use internal audit as a trusted advisor, improving governance, risk management, resilience and efficiency.
- Applicable across all sectors, internal audit helps identify risks and opportunities, supports transformation, and enables growth.
- A tailored, technology-enabled approach ensures internal audit delivers practical insights and measurable impact.
Think you know when an internal audit is needed? Think again. While many see internal audit as a necessary evil for regulated businesses or something to consider only after a risk event has crystallised, internal audit is in fact a mechanism that can unlock significant value for all sorts of businesses.
Contents
Subscribe to our mailing list
The time has come for boards, audit committees and management teams to rethink and stop seeing internal audit as a compliance burden, but instead as an invaluable tool that can both protect and create value if used optimally.
The truth is internal audit fundamentally supports organisational growth and strategic decision-making, and seeks to protect the intrinsic value and resilience of a business. It involves proactively identifying current and emerging risks and opportunities, offering pragmatic advice to the business on how to mitigate risk and capitalise on opportunity.
A value-add internal audit mechanism (in house, co-sourced or outsourced) assesses governance, risk and control (GRC) structures that support day-to-day business. It also assesses in real-time change programmes, digital transformation and potential target acquisitions through that GRC lens. Few businesses, however, are fully realising the bankable value internal audit expertise can bring to the table.
The role of internal audit continues to become more multifaceted given the dynamic risk landscape, the scale of technological change and the need to keep pace with regulatory and compliance changes across sectors.
Internal audit no longer to be feared
Outdated perceptions still linger
The old-school view of internal audit as a necessary evil – instilling fear, acting as the controls police, and ‘hanging people out to dry’ – is not as commonplace as it was, but it remains inherent in the culture of many organisations.
Cost of inaction outweighs cost of audit
Organisations need to eliminate this archaic view of internal audit if they want to fully exploit its value and save management time and business funds fire-fighting, dealing with the aftermath of risk events and facing the disappointment of lost opportunities. We still see large businesses spending as much as 10 times the cost of an internal audit service every year on such scenarios.
Rather than expending hundreds of thousands of dollars to address significant problems down the line when a risk event crystallises, companies can and should engage an internal audit service to support and enable management in their strategic agenda. Risk and strategy are not mutually exclusive – a business cannot deliver a strategy optimally without actively managing and mitigating risks.
Trust culture enables growth
More forward-thinking organisations see the genuine value of internal audit. They appreciate how it can improve the efficiency and resilience of an organisation’s operations, helping it navigate complex risk landscapes and improve its governance, risk management and control processes.
Embracing a new approach to internal audit involves a cultural shift fundamentally centred on trust – trust between the board and the executive, and between the executive and the business, to allow people to feel safe in saying they have a problem or they need help. This takes the fear out of it and can help businesses to scale much faster as a result.
It’s the alternative to a culture where people constantly try to cover up problems, meaning they don’t get dealt with and the consequences of poor GRC practices then come to the fore. This hampers growth because the business can’t exploit opportunities and deliver as robustly as it wants.
Becoming invaluable strategic advisors
Internal audit is transitioning from its traditional, process-driven role to becoming a more strategic function – a shift reflected in the revised Institute of Internal Auditor standards.
Strong internal auditors act as trusted independent advisors, sharing what ‘good looks like’ across people, processes, and systems, as much as they are ‘assurers’ who assess how well a business is set up and functioning from a governance, risk management and control perspective.
Senior leaders and executives should trust and use internal audit as a key business partner. They can then benefit from the in-depth understanding internal audit has of their business and get to see risk exposures before they cause a loss of talent, customers, knowledge or strategic opportunity.
As large organisations are undergoing significant cultural change anyway, with rapid technological advancement and associated transformation, it’s an ideal opportunity to embrace internal audit as an enabler and supporter of business growth.
An asset for businesses across all sectors
Internal audit isn’t just relevant for regulated businesses such as banks and (re)insurance companies – a common misconception. All sorts of businesses across sectors can unlock value from a thorough internal audit, whether they are private, public, multinational or not-for-profit.
Regardless of the business involved, senior leaders can’t be experts across financial control, outsourcing, business continuity, actuarial, supply chain, data protection, cybersecurity and countless other specialist areas. Internal audit can show what good looks like in all respects, identify opportunities to improve and create an environment in which open conversations can be had safely and advice shared.
Internal audit: our approach
The internal audit process depends entirely on the risk maturity of the business, whether it’s an advisory or assurance need and on multiple other factors. Grant Thornton takes a tailored approach, rather than trying to force a one-size-fits-all model on a myriad of clients.
We see internal audit plans evolving to include a blend of audits, advisory reviews and programme assurance requirements reflected to cater for the risk maturity levels across different areas of a business.
We also provide regular assurance to boards and audit and risk committees on change and transformation programmes to ensure they’re designed and being deployed optimally so they deliver the intended ROI.
Data analytics, automation and other technology is increasingly key to improving the efficiency and effectiveness of internal audit work, and that will only grow, helping to interrogate larger volumes of data and improve the value of the advice we give.
An invaluable internal audit partner
It’s time for businesses to truly exploit what internal audit can bring to the table in driving future success. At Grant Thornton, we understand the new reality of internal audit and continue to make use of our tools, experience and insights to deliver a best-in-class internal audit service to every client at every stage of their journey, regardless of their size, sector or risk maturity.
Discover how internal audit can protect and sustain your organisation. Talk to us today.
Authors
-
Tanya Beattie Tanya joined the firm as a Director in early 2022 and leads the Actuarial team in Grant Thornton Bermuda. Tanya is a qualified actuary with significant expertise across the Insurance industry in areas such as Regulation, Risk Management, Solvency II, Actuarial Function, Pricing Governance and Capital Modelling.View Profile