Internal Audit Services in Singapore

Singapore Internal Audit Services Overview

Internal Audit Services in Singapore play a crucial role in helping businesses maintain robust governance, manage risks, and ensure operational efficiency. While statutory audits (external audits) are primarily focused on providing an opinion on financial statements for external stakeholders, internal audits offer an independent, objective assurance and consulting activity designed to add value and improve an organization's operations for internal management.

Here's a breakdown of what to expect from internal audit services in Singapore:

1. Purpose and Benefits of Internal Audit:

• Objective Insight: Provides an unbiased view of an organization's operations, identifying areas for improvement that might be overlooked by internal teams.

• Improved Operational Efficiencies: Helps pinpoint inefficiencies in processes, leading to recommendations for streamlining workflows and reducing costs.

• Risk Assessment and Safeguarding Assets: Identifies and assesses risks (financial, operational, compliance, fraud, cybersecurity, etc.) and evaluates the effectiveness of existing controls to mitigate these risks and protect company assets.

• Ensuring Compliance: Verifies adherence to internal policies, procedures, and external laws, regulations, and industry standards (e.g., Singapore Companies Act, Singapore Financial Reporting Standards (SFRS), MAS guidelines for financial institutions). This helps avoid costly fines and legal repercussions.

• Fraud Detection and Prevention: Assesses controls designed to prevent and detect fraud, waste, and abuse.

• Enhanced Credibility and Trust: Demonstrates to stakeholders (investors, creditors, regulators) a commitment to transparency and good corporate governance.

• Support for Strategic Decision-Making: Provides valuable insights to senior management and the board, enabling informed decision-making and better achievement of business objectives.

2. Key Activities in an Internal Audit:

The internal audit process typically involves several stages:

• Planning and Risk Assessment: Auditors begin by understanding the business, its objectives, and identifying key risks. This leads to the development of an audit plan outlining the scope, objectives, and schedule.

• Fieldwork/Execution: This is the data gathering phase, where auditors review documents (manuals, policies, financial records), conduct interviews, observe operations, and test internal controls. This may involve transaction testing, observations, and various types of analysis (targeted or randomized).

• Reporting Findings: A formal report is prepared, detailing findings, recommendations for improvement, and a proposed roadmap for remediation. Draft reports may be shared with the auditee for feedback before finalization.

• Follow-Up: Internal audit typically monitors the implementation of recommendations to ensure that identified issues are effectively addressed.

3. Types of Internal Audit Services Offered:

Internal audit services can encompass a wide range of areas, including:

• Financial Audits: Reviewing financial records and statements for accuracy and integrity.

• Operational Audits: Assessing the efficiency and effectiveness of business processes.

• Compliance Audits: Checking adherence to laws, regulations, and internal policies.

• IT Audit/Technology Audit: Evaluating IT risks, governance, and controls, including cybersecurity vulnerabilities.

• Fraud Risk Management: Developing programs to manage fraud risks and investigating red flags.

• Controls Advisory: Designing, implementing, and testing control programs.

• Sustainability Reporting (ESG) Audit: Assessing and assuring sustainability reporting.

• SOX Compliance: For companies needing to comply with Sarbanes-Oxley Act requirements.

4. Who Provides Internal Audit Services in Singapore:

Many professional services firms offer internal audit services in Singapore, ranging from large global firms to specialized local consultancies. A prominent example include Bestar.

Companies can choose to have an in-house internal audit team or outsource the function entirely or partially to external providers. Outsourcing can provide access to specialized expertise, technology, and an independent perspective.

5. Regulatory Requirements for Internal Audit in Singapore:

While statutory audits are mandatory for most companies in Singapore (with exemptions for "small companies" and "small groups" meeting specific criteria), internal audit requirements are more nuanced:

• Singapore Companies Act: Under the Companies Act (Chapter 50), all companies not exempted must have their financial statements audited annually by an independent auditor. While this primarily refers to external audits, it underscores the general importance of financial oversight.

• SGX Listing Rules: The Singapore Exchange (SGX) Listing Rules mandate all listed companies to establish and maintain an effective internal audit function. This highlights the importance of internal audit for public companies in Singapore.

• Monetary Authority of Singapore (MAS): Financial institutions regulated by MAS are subject to stringent guidelines on internal controls and risk management, which often necessitate a robust and independent internal audit function with appropriate reporting lines to the Board or Audit Committee.

• ACRA (Accounting and Corporate Regulatory Authority): ACRA regulates public accountants and accounting entities, ensuring adherence to professional standards and quality control in audit practices.

• Good Corporate Governance: Beyond specific mandates, implementing strong internal controls and a well-functioning internal audit is considered a cornerstone of good corporate governance in Singapore, fostering transparency and accountability.

6. Cost of Internal Audit Services:

The cost of internal audit services in Singapore varies significantly based on factors such as:

• Size and Complexity of the Business: Larger and more complex organizations with numerous transactions and diverse operations will naturally incur higher costs.

• Scope of the Audit: A comprehensive internal audit covering multiple departments and risk areas will be more expensive than a targeted review of a specific process.

• Frequency of Audits: Ongoing or continuous auditing will have a different cost structure than periodic reviews.

• Industry: Highly regulated industries (e.g., financial services) may require more specialized and in-depth audits, affecting costs.

• Auditor's Fees: Reputation, experience, and the size of the audit firm will influence their rates.

While it's difficult to provide exact figures without specific details, indicative statutory audit fees for small companies can range from S$1,000 to S$3,000, and for medium to large companies, from S$3,000 to S$15,000 or more. Internal audit fees would typically be structured based on the engagement's scope and duration, often involving hourly rates or project-based fees. It's advisable to request a detailed quote from potential service providers.

How Bestar can Help

Bestar in Singapore plays a vital role in assisting organizations with their internal audit needs. We offer a range of solutions, from fully outsourced internal audit functions to co-sourcing arrangements and advisory services. Here's how we can help:

1. Access to Specialized Expertise and Diverse Skillsets:

• Broad Industry Knowledge: Bestar works with clients across various industries, giving us a broad perspective on best practices, emerging risks, and effective control frameworks. This allows us to bring valuable insights from similar organizations.

• Specialized Domain Knowledge: We have teams with expertise in niche areas like IT audit, cybersecurity, fraud investigation, regulatory compliance (e.g., MAS regulations for financial institutions), sustainability (ESG) reporting, and complex financial instruments. This is particularly beneficial for organizations that lack such specialized skills in-house.

• Up-to-Date on Regulations and Standards: Bestar constantly monitors changes in Singapore's regulatory landscape (e.g., SGX Listing Rules, Companies Act, SFRS, MAS guidelines) and international standards (e.g., IIA standards for internal auditing, COSO framework). We ensure that the internal audit function remains compliant and effective.

2. Enhanced Objectivity and Independence:

• Unbiased Perspective: As external parties, Bestar provides an independent and objective assessment of an organization's internal controls, risk management, and governance processes. This is crucial for identifying weaknesses that internal teams might overlook due to familiarity or potential conflicts of interest.

• Stronger Credibility: An independent internal audit opinion can significantly enhance the credibility of an organization's financial reporting and operational processes to stakeholders, including the board, audit committee, investors, and regulators.

3. Cost-Effectiveness and Scalability:

• Reduced Overhead Costs: Outsourcing or co-sourcing internal audit eliminates the need to hire, train, and retain a full-time in-house internal audit team, saving on salaries, benefits, office space, and specialized software licenses.

• Flexible Resource Allocation: Bestar can scale our services up or down based on the organization's evolving needs, audit cycles, and specific project requirements. This flexibility is particularly valuable for growing businesses or those with fluctuating audit demands.

• Access to Technology and Tools: Bestar invests in advanced audit technologies, data analytics tools, and automation software. Clients can leverage these sophisticated tools without the significant capital investment required to acquire them in-house.

4. Improved Efficiency and Effectiveness:

• Streamlined Processes: Leveraging our methodologies and experience, Bestar can conduct internal audits more efficiently, leading to faster turnaround times for reports and recommendations.

• Focus on Core Business: By outsourcing non-core functions like internal audit, organizations can free up their internal resources to focus on their primary business objectives and strategic initiatives.

• Continuous Improvement: Bestar can help implement continuous auditing and monitoring programs, allowing for real-time insights into risks and controls, rather than just periodic reviews.

• Proactive Risk Management: Our expertise in identifying and assessing risks helps organizations move from a reactive to a proactive approach to risk management.

5. Support for Governance and Strategic Decision-Making:

• Strengthened Corporate Governance: Bestar assists in establishing and maintaining robust corporate governance frameworks, ensuring accountability and transparency.

• Actionable Insights: We go beyond simply identifying problems, providing practical, actionable recommendations that contribute to process improvements, cost reductions, and enhanced overall business performance.

• Strategic Advisory: Bestar offers advisory services that help organizations align their internal audit function with their strategic goals and navigate complex business challenges.

6. Types of Engagement Models:

Bestar offers the following engagement models for internal audit:

• Full Outsourcing: Bestar takes complete responsibility for the internal audit function, from planning and risk assessment to execution, reporting, and follow-up.

• Co-sourcing: Bestar works alongside an existing in-house internal audit team, providing specialized expertise, additional resources, or support for specific projects. This is common when the in-house team needs to supplement its skills or capacity.

• Advisory Services: Bestar provides guidance on setting up an internal audit function, developing audit methodologies, conducting quality assessments of existing internal audit departments, or offering training to in-house teams.

In conclusion, engaging Bestar for internal audit in Singapore can provide organizations with a critical competitive advantage, helping them navigate complex risks, enhance operational efficiency, ensure compliance, and build trust with stakeholders.