Internal Control

Implementing governance and compliance programs:

In principle internal compliance structure decreases the incidents of misconduct within companies, but practice showed that the verification of incidents doesn’t prohibit misconduct practices and on the contrary the preventive practice may serve to cover window dressing activities that provide market legality. 

Governance, Risk and Compliance (GRC):

Defining the GRC is related to the acronym of governance, risk and compliance; however it is related to the serious competences that work collectively to accomplish proper performance. The Competences are related to governance system, management skills and assurance of performance. This necessitates the cooperation of the following divisions: internal audit, risk management, legal and compliance, information technology, finance and Human Resources.

Risk assessment in practice (COSO):

The American institute of CPAs, American institute of internal auditors, the Institute of Management Accountants, the Financial Executives International and the American Accountants Association agreed together to form a committee (COSO) as a joint  initiative to provide thought leadership and framework on enterprise risk management, internal control and fraud deterrence. 

The risk assessment is the power of qualitative and quantitative estimation of risk related to a definite state and known dangers, this requires calculating the risks, the expected losses, the loss probabilities. The adequate risk is accepted because the cost exceeds the benefit.

Cyber-attacks on financial institutions:

The Institute of Internal Auditors Research Foundation stated that cyber preparation at most organizations follows a classic bell curve.

A question was asked to how well prepared the organizations are to respond to a cyber-attack?

•​29% of respondents said “extremely” or “very”

•​44 % said “moderately”

•​23% said “slightly” or “not at all”

Reinforcing Cyber Security through internal audit

With the increasing of Cyber security threats, Internal Audit should:

1- Understand:  

– Business Concept

​          – Objectives

​          – Strategies

​          – Reported information

2- Risk and Data Security:

– Disgruntled Employees

​​           – Careless or Uninformed Employees

​​           – Mobile Devices (BYOD)

                                          – Cloud Applications

                                          – Unpatched or Uncatchable Devices

                                          – Third-party Service Providers

3- Identify Control and policy weaknesses: Continuous monitoring of Duties, Reports , Authorization and Security

Business Process Outsourcing:

A business process is an activity or set of activities that will accomplish a specific organizational goal. Business process management (BPM) is a systematic approach to improving those processes. If an organization is unable to perform certain business processes internally due to cost or resources, the company might utilize  business process outsourcing (BPO). Many companies outsource specific business needs, such as payroll, human resources (HR) or accounting, to a third-party service provider.

Transformation change:

The world is changing in a much accelerated way and technologies are modified in a split of seconds; we decided at Moores Rowland to react and adapt the change in order to discover how can we transfer these challenges to an opportunity.

Our business nature enforces us to stay ahead of the curve to deliver the best services to our clients. This requires following up on new matters that may assist our client and it means opportunities to us in investing in the latest advances and technologies. For example, being a firm that provides and internal audit services, it means that Risk assurance and Cyber security can be achieved with a career in Moores Rowland technology service provider.

Moores Rowland supports innovation and change in the clients business and in its own structure and so we are always in need to develop TEAMS backgrounds (Technology, Empathy, Agility, Mathematics and Science).   

The speed of technology is distressing most companies in the world since the digital technologies are affecting them progressively leading to troubles on their business models, supply chain and customer behavior. Today the technology improvements represent an important part of the board’s agenda worldwide.

We at Moores Rowland are proud to have the opportunity to assist companies in solving this problem through assisting them in conferring together with expert resources from all over the world to make the needed change. We have the right expertise in all the business areas who are able to add value and who are able to put their input and experience to take the business forward. We are hiring “TEAMS” professionals into our people where they have the ability to add their vision and assessment on the work provided.

Elevate Digital Capability Strategy:

Elevating digital capability incorporates how companies has to prepare their digital strategies, their culture, their organization as well as their capabilities to assure that digital conception  is part of the business as a whole.  

The strategy has to be bold, long term and linked to the customer needs and the business strategy, the culture has to consider risk appetite, speed of service, learning and testing, internal cooperation and external orientation, the organization has to consider digital investment, key performance indicators, job descriptions, and leadership talents, and capabilities has to consider IT and Data automation infrastructure as well as customer experience, contents and connectivity.