Outsourcing
Whether you are looking to accelerate the establishment of an Internal Audit function or reinvigorate an existing Internal Audit capability, Sunera can provide you with a turnkey solution to get results fast. We follow practices suggested by the Institute of Internal Auditors (IIA) and are adept at preparing annual enterprise risk assessments; planning and scheduling audits; performing audits and reporting audit results; and presenting findings to Executive Management and Audit Committees. We have the breadth and depth of skilled Internal Audit professionals to meet the needs of most organizations.
Co-sourcing
For many midsize entities, hiring and motivating specialized resources in-house is nearly impossible. That’s why it makes sense to partner with a firm like Sunera to provide specialties such as technology auditors or fraud examiners. At Sunera, we can provide you with access to specialists at rates that are competitive with in-house resources.
Sunera offers a flexible approach to integrating our audit professionals with your Internal Audit team:
| Staff Support | Specialist Support | Turnkey Audit |
| Work at your direction | Transfer business risk knowledge |
Perform planning |
| Supplement audit staff | Help develop audit risk approach |
Execute audit procedures |
| Provide industry & subject matter knowledge |
Lead audit effort | Prepare final report |
Our specialized Internal Audit services include:
- Enterprise risk assessments
- Audit planning assistance
- Operational & business process audits (e.g., supply chain audits, executive compensation audits, advertising audits)
- Store/branch audits
- Contract compliance audits (e.g., service level agreement audits, post construction audits)
- Regulatory compliance audits (e.g., HIPAA, GLBA, privacy, PCI)
- Data analysis & computerized testing (e.g., ACL, MS Access, 3rd party reporting tools)
- Training (e.g., CAATs, controls testing, IT auditing)
Internal Audit Methodology & Tools
Sunera’s services are driven by comprehensive, proven methodologies executed by experienced and certified professionals. In particular, our Internal Audit Methodology is risk-based and modular in design. It can be readily tailored to an organization’s specific requirements and supports both an outsourced and a co-sourced service model. It is intended to provide our practitioners with specific, detailed guidance through every phase of an audit (e.g., planning, execution, reporting) as well as with carrying-out the primary responsibilities of today’s Internal Audit function (e.g., assessing organizational risks, multi-year planning, Audit Committee reporting). The methodology is aligned with COSO and encompasses operational, compliance and financial reporting components.
The methodology also incorporates auditing practices commonly followed by public accounting firms and suggested by the Institute of Internal Auditors. Moreover, our methodology is augmented by an extensive toolkit of audit aides including:
- Audit programs (business process, ERP and technology specific)
- Industry-specific control libraries to benchmark best practices, complete with control objectives, risks and assertions (What can go wrong?)
- Training materials (presentations, reference guides, manuals)
- Audit software (ACL, SoD tools, security scanning tools)
- Templates (working papers, reports, management presentations)
- Project management templates and tools (status reports, trackers, MS project)
We utilize these tools to realize significant audit efficiencies and ensure consistent quality. Our clients have access to our methodologies, audit aides and tools.
Risk Assessments
To perform our risk assessments, we often conduct facilitation workshops using Resolver*Ballot software from Resolver, Inc.. Prior to conducting a risk assessment workshop, we populate the software with client-specific risks derived from our risk libraries, industry trends, process and control documentation, annual reports, audit reports and other related documentation. The software enables a four step risk workshop process: (1) risk evaluation and discussion, (2) risk refinement, (3) analysis of the results, and (4) action planning. Participants in the workshops use the software to vote anonymously on risk rankings of the pre-populated risks. In addition, the facilitator can add risks “on the fly” based on responses in the workshop and participants can score or modify the new risks simultaneously. The tool allows for the rapid generation of statistical and graphical analysis during the risk assessment process (e.g., risk heat maps). Final results can be reported and exported in various formats for additional analysis or to be included in workpapers.
Quality Assurance/Peer Reviews
Not sure if you are getting the most from your Internal Audit department? Consider an independent quality assurance review. We analyze all aspects of a functioning internal audit department, providing you with benchmarking data, best practices and performance improvement opportunities.
As part of a quality assurance program, the IIA recommends that Internal Audit departments undergo an external assessment at least once every five years. The scope of the assessment should include:
- Conformance with IIA standards and Code of Ethics as well as Internal Audit’s charter, plans, policies and procedures, and any applicable regulatory requirements.
- Expectations of Internal Audit as expressed by the Board, executive management, and operational managers.
- Integration of Internal Audit activity into the organization’s governance process, including the audit relationship with key stakeholders.
- Tools and techniques used by Internal Audit.
- The mix of knowledge, experiences, and disciplines within Internal Audit.
- A determination whether Internal Audit adds value and improves the organization’s operations.
ACL Training
Are you planning to make your internal audit's more efficient and effective by using ACL? Sunera offers a two-day on-site ACL training course to Internal Audit Departments to help auditors become more proficient with ACL. Our ACL training is designed to be interactive and relevant which should result in the Internal Audit Department staff members applying the lessons learned to their workplace. As part of making the ACL training relevant, we typically utilize data extracts from the client, which are incorporated into the examples developed and used during the training course. The ACL training is presented using a hands-on approach based on ACL license availability.
Day 1:
Day 1 is designed to introduce the attendees to the ACL application and allow them to operate the MS Windows components proficiently, as well as setting up data files. The objective is to familiarize the trainees with the ACL application and enable each user to gain an understanding of the more routine interactive “Windows” features that can be applied in day-to-day situations.
Day 2:
Day 2 focuses on more advanced techniques of the ACL application and practical approaches to automating routine tests such as scripting. This is intended for advanced users and those who will specialize in performing more difficult and challenging interrogation procedures.
Internal Audit Training
Are you looking to enhance the capabilities of your Internal Audit department and satisfy CPE training requirements? Sunera offers cost-effective, on-site training to Internal Audit departments. Our training courses include:
- performing risk assessments and preparing annual audit plans,
- preparing for and conducting operational audits,
- computer-assisted audit techniques,
- Sarbanes-Oxley compliance planning and execution,
- IT general controls and application controls auditing, and
- information security and data privacy auditing.
Our standard training courses can be tailored to client-specific needs. Sunera also offers CPEs to course participants making our training programs a cost-effective alternative to external training courses and conferences.
Sunera LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority of the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Telephone 615.880.4200. Web site www.nasba.org. Sponsor # 108908
