According to the IIA, "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes" 

This is indeed the core of our objective as a GRC firm. Our Internal Audit Practice focuses on strengthening the capabilities of our clients to achieve the above while entrenching a strong third line of defense. We do this in many ways including:

Internal Audit / Control Set Up - where the operations of the client are big enough, we can assist to set up an Internal Audit function, support the function to develop the first Internal Audit plan, provide guidance on what monitoring activities they should do, this sometimes involves recruitment support, candidate scout, organogram design for the department, support with day – to – day templates

Internal Audit Co-Source / Outsource – Here we only come in as Subject Matter Resource (SMR) to execute certain technical audits that the client may not have provision for. Sometimes this service is also applicable to clients who do not have an In – House Internal Audit Function. This helps organisations to quickly build internal capacities.

External Quality Assessment Review (QAR) – According to the IIA, every organization is expected to have its Internal Audit Function independently reviewed at least once in five years. This is a service we specialize in doing. As a member of the IIA, the lead consultant is able to anchor this exercise provide insight with clients leveraging experience gained across markets to the benefit of the client business.

Given the advancement in the field of data and its importance, businesses have come to rely heavily on data, associated with that is the heightened risk of data loss, data hijack and information asset compromise. Our Data Security Management Practice therefore, focuses on assisting clients to identify the weak links in their information security architecture to ensure achievement of the three key objectives of data Confidentiality, Integrity and Availability (CIA) Some of our Data / Cyber services are:

Vulnerability Assessment / Penetration Testing (VAPT) – This is a service to strengthen the data confidentiality and availability objectives. Information assets may be compromised where there are risks of unauthorized access leading to litigation or loss of critical info or inability to access critical information as at when needed. (ransomwares)

Data Cleansing Project – Data integrity is as important as its confidentiality and availability. We are able to assist the client review the entire data program from cleansing to data optimization.

Virtual Services

In addition to our main stream services we also provide virtual support to client across a variety of Administrative functions:

• Virtual Chief Audit Executive (VCAE) - This service is the provision of our Internal Audit Outsource / Co-source on an 100% remote basis. 

• SOX Support - We can support you anywhere within your SOX Testing program. We can either join your team to carry out the Initial Assessment, Mid Year Testing or Year end testing. We can also provide an independent review of the exercise carried out by your SOX team in readiness for the external auditors. Whatever your need on SOX, we are just a mail / phone call away. 

Our Training arm specializes in both in-house and one off trainings. Our trainings focus on Risk Management and Internal Auditing. We run a Risk Academy where students are prepared for the IIA exams and other Risk Management Certification Exams. Our Subject matter resources are available to facilitate Knowledge Sharing Series with your organisation across the Risk management spectrum. We do this by providing boutique trainings and specialized trainings to clients as the case may be. 

We recognize that as organisations grow there will be need for capacity enhancements and getting the right people becomes a crucial factor. We are positioned to assist with executive selections across our areas of specialization – Cyber, Risk and Internal Audit, leveraging our

experience. We can either handle the recruitment process end- to-end or work with clients’ HR team to fill identified vacancies.

At Pharakan & Associates, we recognize that change is the only constant thing and that the success of an entity is dependent on the people as well as the processes. As part of our Governance, Risk Management & Control Process optimization, we assist our clients in identifiying process inefficiencies and can recommend improvements and value additions. This can range from Business Process Documentation including flowcharts, to Org structure review as well as Maturity assessments. Whatever the need, our Rapid Diagnostic Review can help to identify what needs to be optimized and improved.