Unlike traditional, retrospective audits or consultancy, risk assurance takes a proactive approach to evaluate the robustness of a company's strategies, internal controls and processes to address external threats and protect against vulnerabilities across various finance and operational areas.

Our Risk Assurance Services

Internal Audit, Control Self-Assessment (CSA) and ERM Review

Financial Planning & Analysis (FP&A)-as-a-Service

FP&A-driven Strategic Business Review

Review of Internal Controls over Financial Reporting (ICFR)

Internal Review of Sustainability Report

Internal Auditors are a vital part of good governance in any organization in all business sectors

Benefits of Outsourcing or Co-sourcing the Internal Audit Function

Outsourcing and co-sourcing the internal audit function offer organizations benefits like cost savings, access to specialized internal audit expertise including control self-assessment facilitation and risk management assurance, enhanced objectivity, and increased flexibility.

These approaches also allow companies to scale their audit resources efficiently and free up internal resources for core business activities.

Internal Audit is evolving from a risk and control function to a Trusted Advisor and Risk Management Partner who drives insight and influence across the organization

According to the new Global Internal Audit Standards effective January 9, 2025, the profession's mandate has shifted from mere compliance to delivering high-value insights that support long-term organizational success.

Rather than just finding faults, internal auditors now verify if daily operations support a company's strategic goals and identify gaps where resources are misaligned with long-term priorities.

With a strong board relationship, internal auditors can help the board spot new risks early

The Institute of Internal Auditors (IIA)

The Institute of Internal Auditors is the globally recognized professional body and standard-setting authority for the internal audit profession. The IIA provides leadership, education, certification, and research to professionals engaged in evaluating organizational operations, governance, risk management, and control processes.

The Institute of Internal Auditors Singapore, an affiliate of IIA Global, is the only professional body in Singapore dedicated to the advancement and interests of the internal audit profession.

IIA Singapore member designations include MIIA for Ordinary Members and FIIA for Fellow Members, along with other tiers like Associate and Student, allowing members to use these letters after their names, signifying professional standing in internal auditing in Singapore, with international use requiring "(Singapore)" appended.

In Singapore, Control Self-Assessment (CSA) is an effective risk management tools recommended by the Audit Committee Guidance Committee (ACGC) Guidelines (Page 77) for the Board and audit committees to give an informed opinion on the state of internal controls and risk management systems of the organization.

CSA on financial reporting quality is a process where a company's employees from the finance, operation and business functions evaluate the effectiveness of their internal controls over financial reporting. It helps ensure that financial statements are accurate, reliable, and compliant with accounting standards and regulatory requirements, thereby reducing the risk of material misstatements.

Management Assurance

CSA and internal audits are both methods for evaluating an organization's internal controls, but they differ in their focus and execution. CSA emphasizes proactive involvement by operational staff in assessing their own controls, while internal audits are conducted by a separate, objective function to evaluate existing controls and provide independent assurance.

Results from the CSA can be used by both internal and external auditors to gather material information, focus on high-risk areas, and facilitate effective audit planning.

It is therefore a critical proactive strategy for organizations to achieve and maintain audit readiness. It extends the burden of control testing from periodic internal and external audits to a continuous, internal process driven by the people closest to the operations.

There are significant advantages for an organization to appoint an IIA certified member, especially a Certified Internal Auditor (CIA), over those who are not certified, to take up the internal auditor role. Advantages include:

Demonstrated Expertise

Adherence to Global Standards

Enhanced Credibility and Trust

Improved Risk and Governance Management

Access to Best Practices and Insights

Higher Quality of Work and Value-Add

Global Recognition and Transferability

There is no mandatory government or regulatory requirement in Singapore for an internal auditor to hold a Certified Public Accountant (CPA) or Chartered Accountant (CA) qualification.

An internal auditor holding a Certified Information Systems Auditor (CISA) certification, however, provides significant advantage when the audit involves information technology, cybersecurity, risk management, and data governance.

The Institute of Internal Auditors and its standards are highly recognized and formally integrated into Singapore's regulatory and professional landscape.

SGX Listing Rules: Rule 719(3) requires listed companies to maintain an effective internal audit function. SGX RegCo expects IA functions to follow standards from professional bodies like the Institute of Internal Auditors (IIA), ensuring quality and independence for robust corporate governance and risk management.

2025 Standard Update: The new Global Internal Audit Standards (GIAS) became effective on January 9, 2025. IIA Singapore has been leading the transition for local practitioners through dedicated webinars and training to ensure compliance with these updated global requirements.

The Three Lines Model, established by the Institute of Internal Auditors, is a risk management and governance framework that clarifies roles and responsibilities within an organization. Updated in 2020 from the original "Three Lines of Defense," the modern model shifts from a purely reactive "defense" posture to one focused on collaboration and value creation.

The Three Lines

First Line (Operational Management): Frontline teams who own and manage risks daily while delivering products or services.

Second Line (Oversight Functions): Specialized roles such as risk management, compliance, and cybersecurity that provide expertise, support, and monitoring to ensure the first line stays within defined risk boundaries.

Third Line (Internal Audit): An independent function that provides objective assurance and advice to senior management and the governing body on the effectiveness of the entire risk management framework.

The Governing Body (e.g. Board of Directors) is ultimately accountable to stakeholders for oversight. It sets the organization’s risk appetite, delegates resources, and ensures that management and internal audit roles are appropriately structured.

FP&A-as-a-Service is an outsourced model where organizations hire external experts in Finance Business Partnering and Strategic Finance to handle their Financial Planning and Analysis (FP&A) functions rather than maintaining a full internal financial analytical team for cost efficiency, access to specialized expertise and increased scalability and strategic focus.

It is popular for small to mid-sized enterprises (SMEs) or startups that need strategic financial insight but cannot yet justify the cost of high-level in-house finance analysts and managers.

What is FP&A?

FP&A (Financial Planning and Analysis) is a strategic finance function responsible for budgeting, forecasting, and analytical activities that support a company’s major business decisions and long-term financial health. Unlike traditional accountants, who records past transactions for compliance, FP&A specialists are primarily forward-looking, acting as strategic advisors to the CFO and CEO.

Our FP&A-as-a-Service delivers a full lifecycle of financial management components, including:

Data Collection & Consolidation

Scenario Planning

Planning and Forecasting

Budgeting

Performance Reporting and Variance Analysis

Financial Planning and Analysis (FP&A) always involves risk analysis because the focus is shifted from reporting historical data to predicting future performance under uncertainty.

Clients and Partners

Companies listed on the SGX Mainboard, along with their subsidiaries and principal third-party vendors operating in property development and investment, real estate, hospitality and hotels, serviced residences, mining and civil infrastructure and construction engineering sectors

Catalist listed company in the water treatment industry

Heavy equipment, civil infrastructure and mining company in Indonesia

Korean global engineering and construction conglomerate

Multi-specialty hospital in Indonesia owned by private equity firm and Indonesia-based investment management company

Private Education Institutions (PEI)

Registered Fund Management company

MINDEF-Related Organizations (MROs) including country club and media company

Our external network of Strategic Partners in these sectors:

Public Accounting Corporation

Risk Advisory Firm

Technology Firm

Licensed Cybersecurity Firm

Legal Firm

Contact us:

Mckellriskassurance@gmail.com