Our Services
VAT is a complex tax which affects most businesses and organizations. Whether it’s completing and submitting quarterly VAT returns or considering the implications of specific transactions, getting it wrong can be a costly mistake. Our sector experts know enough about your business to anticipate risks and opportunities.
In recent years, following the news of high profile corporate scandals and failures, there has been an increased focus on regulation needed to address and minimize the risk of further failure amongst other organizations.
As the scale and complexity of the regulatory demands on organizations increase, alongside the growing need for accountability and transparency, the role of Internal Audit is becoming increasingly important. Indeed, the need to review and report on the continually changing risk profiles, be it of a financial, operational, strategic, governance or reputational nature, in addition to compliance with laws and regulations, can significantly impact on the demand on management time. Active Directory internal audit experts can assist your organization, either in an advisory capacity or as a fully outsourced internal audit function, in meeting such demands placed on your organization
ROLE OF INTERNAL AUDIT AND OUR APPROACH
The role of the Internal Audit function is to provide the Audit Committee and Board with a critical and independent opinion on the adequacy and effectiveness of the control framework across the organization. In order that we may do this, we prepare audit strategies which have been specifically tailored to the risks facing your organization. Such risks could arise due to a change in legislation, development and implementation of a new system and/or procedures to name but a few.
Our approach to ensuring the provision of an exceptional service is based upon consultation with management as well as obtaining a comprehensive understanding of;
- Organization’s objectives and performance targets,
- Organization’s operations, systems, structures and regulatory environment,
- Organization’s risk assessment process, including the fundamental risks of the organization and the allocation of risk ownership,
- The internal audit control system and risk exposure mechanisms in place.
- Sources by which the board receives assurance over risk management, internal control and governance,
- The board's immediate priorities.
WHAT OUR SERVICES MAY INCLUDE
Active Directory provide an extensive range of specialist Internal Audit Services which may include;
- Evaluating internal controls and providing related advice,
- Assessing the tone and risk management culture of an organization,
- Evaluating risk,
- Analyzing effectiveness and efficiency of operations,
- Reviewing compliance with regulation,
- Guidance and advice for implementing best practice.
Information is one of the most important assets in any organization. Technology is the key tool employed in the management of this asset, but it is not always a tool that is managed well.
The increasing use of technology throughout the business environment can lead to significant efficiencies and as such can enhance the overall ability of an organization to achieve its strategic aims and objectives. However, there are substantial costs involved in the development, implementation and maintenance of technology and significant risks and increasing security threats in its operation. In addition, the environment in which technology is deployed is becoming increasing complex with ever greater compliance and regulatory obligations providing a growing challenge to any computerized organization.
OUR IT AUDIT SERVICES
At Active Directory, our team of specialist IT Auditors can support you in the management of your technology through the provision of the following services;
- IT internal audit, assurance and compliance
- IT strategy, governance and oversight
- Application and ERP
- Security audit services
- Forensic IT analysis and review
- Data protection
- Ad hoc investigations
- Network and server
- Penetration testing and ethical hacking
- Business continuity and disaster recovery
- Data analysis
- General IT controls
Our range of IT audit and security services not only assist the auditor in providing assurance around the confidentiality, integrity and availability of critical data within the organization, but can also access management controls, oversight and value for money.
OUR AUDIT METHODOLOGY
The IT audit methodology developed and utilized by Active Directory is a risk based system. It is broadly based upon the respected COBIT framework which is published by the Information Systems Audit and Control Association (ISACA) and is recommended by the Chartered Institute of Internal Auditors in Ireland and the UK.
The advantage of applying the framework is that it provides a transparent and measurable structure for evaluating and improving internal controls. It also highlights performance measurement as a key objective and can use maturity models to benchmark current practices and controls and identify areas of potential improvement.
Risk is essential to business. All organizations face uncertainty and challenges (risks), which, depending on how they are addressed, can either erode or enhance the value of our organization. Enterprise Risk Management can be used as a process to evaluate and monitor such risks, by assessing opportunities and strengths against limitations and weakness, so as to enable the organization to make decisions in a transparent and effective manner.
THE KEY STEPS TO MANAGE RISK ARE:
- Risk Identification: Risks are identified and documented through a process of consultation and discussion.
- Risk Appetite: The amount of risk that an organization is willing to accept in order to achieve strategic goals and opportunities is agreed and defined.
- Risk Quantification: Risks are assessed, scored and prioritized according to their estimated severity and likelihood of occurrence. The product of severity and likelihood will give a score that indicates the relative importance of the risk and an associated priority ranking
- Risk Management: This describes the actions taken and monitoring used to manage risks effectively. As risks are managed, they become less of a threat and therefore a lower priority, while other risks may become more important depending on the level of control or changing circumstances. Incorporating management actions or tools which mitigate risk will yield a Residual Risk which indicates the remaining threat posed by the risks. This forms a comprehensive risk register for management throughout the organization.
OUR SERVICE
Active Directory Enterprise Risk Management services provide a simple but pratical approach to monitoring and managing key risks.
The effectiveness of our approach is based on a high level of interaction and consultation to ensure that the organizational context, management structures and activities which support risk management are captured to provide a practical and tailored solution. We believe this contributes to the achievement of understanding by personal and helps embed a risk management mentality throughout the organization.
ACTIVE DIRECTORY CAN ASSIST ORGANISATIONS BY:
- Supporting risk management activities including:
- Facilitating risk identification and quantification by the organization
- Preparation of enterprise risk registers,
- Developing risk management frameworks to embed risk management,
- Developing organizational risk management policies,
- Providing risk management training
Corporate governance is the system by which an organization is controlled and directed and has evolved from the need to bridge the gap between shareholders, the Board and management with recent developments reflecting the interests of other stakeholders. The cornerstones of good corporate governance are ethical behavior, accountability, transparency and openness.
There is an increasing emphasis on the need for robust corporate governance structures and processes. The current code of corporate governance evolved from the Cadbury Report in 1992, which outlined Corporate Governance best practice, to include a number of other areas including Directors’ remuneration, Internal Controls (Turnbull: 1999), non- executive Directors (Higgs: 2003) and Audit Committee Guidance (Smith: 2003, 2008), to develop a Combined Code of Corporate Governance. Following the financial crisis that peaked in 2008- 2009, Sir David Walker published a report, a number of recommendations were applied to the Code, which was renamed the UK Corporate governance Code and published in May 2010. The current code is applicable to UK listed companies with financial years beginning on or after 29 June 2010. Following its release, the ISE decided to adopt the UK version with effect from 30 September 2010, with new listing on the main securities market of the ISE with financial reporting periods ending on or after December 2010.
In addition to the changes in the code, the regulatory framework is expanding to the wider business environment, particularly in relation to the requirements for unquoted public limited and larger private companies to establish a fully functioning audit committee. The requirement for good corporate governance is also mandatory within the public sector, in accordance with the publication of the Mullarkey Report the updated Code of Practice for the Governance of State Bodies.
OUR METHODOLOGY
We believe it is vital to design governance systems and structures which match and compliment your organization. Active Directory Corporate Governance specialists draw on and integrate best practice guidance, including the Revised Combined Code and Sarbanes-Oxley and within the public sector, the Code of Practice for the Governance of State Bodies and the Mullarkey Report. Our work is carefully tailored to match the requirements of your organization and is designed in order to provide your Board, Audit Committee and senior management with assurance on overall compliance with the principles of sound governance, providing advice on how to improve the overall control environment and thus enabling your organization to fulfill your responsibilities to all stakeholders.