Internal Audit

The Internal Audit as part of the third line of defense is considered a strategic component of Corporate Governance designed to add value and improve the operations of organizations, with the objective of evaluating and improving the effectiveness of the processes of Risk Management, Internal Control, and Corporate Governance.

Currently, the Internal Audit activity has come to occupy an important role in 21st-century organizations due to current requirements, including ethics and transparency, economic and social evolution, and the introduction of new methods of business administration and management.

Beyond playing the role of corporate watchdog and monitoring compliance with policies, procedures, and regulations, internal audit plays a critical role in improving the effectiveness and efficiency of governance and oversight, business processes and controls, information technology and information security, and strategic initiatives.

Outsourcing and co-sourcing functions are the solutions as companies find it increasingly difficult to sustain the investment necessary to maintain a highly sophisticated function of this kind.

How can we help you?

Our experts have decades of experience delivering outsourced and co-sourced internal audit services. We combine our industry and technical knowledge with effective best practices to design audit programs in accordance with IIA standards that comply with regulatory requirements and bring value to the audit process.  

Our risk-based internal audit methodology is focused on protecting the assets and security of the businesses we serve while contributing to the control environment with best practices and value-added solutions.

Benefits of our solutions

  • Support for the corporate governance structure
  • Favoring adherence to internal rules.
  • Greater protection for the organization’s assets.
  • Ensuring confidence in accounting records.
  • Timely visibility of errors and internal failures.
  • Continuous monitoring of internal processes.
  • Increased awareness of risk management.
  • Dissemination of the risk and control culture.
  • Better information on the economic situation of the organization.
  • Minimization of fraud, failures, and/or errors.
  • Identification of processes that can be automated.
  • Training for your teams' internal audit.
  • Commitment to supporting the achievement of your goals.
  • Technological solutions that automate.

Our value proposition

  • Knowledgeable subject matter experts in technology, cyber, regulatory compliance, fraud, and anti-money laundering
  • Consultation on the adequacy, effectiveness, and efficiency of business processes controls and systems beyond the audit plan
  • A cooperative and productive internal audit environment
  • In-depth reviews, not boiler-plate assessments
  • A close working relationship
  • A proactive and flexible approach
  • Best practice solutions

Our Internal Audit services


  • Outsourcing of the Internal Audit activity, and Co-Sourcing.
  • Implementation of Continuous Audit, in all business environments.
  • Execution of Internal Audit of specific processes.
  • Conducting internal operational and financial audits.

Risks and controls

  • Providing specialized resources to support audit plan.
  • Elaboration of Internal Audit work program (s).
  • Preparation of test plan (s) for the listed processes.
  • Identification, analysis, assessment, and treatment of risks.
  • Analysis of the design of internal controls.
  • Performing SOX compliance activities


  • Calculation of internal risks.
  • Calculation of residual risks.
  • Calculation for determining the impacts of risks and the level of criticality of these.
  • Specific criteria for qualifying the likelihood of each risk.

Effectiveness analysis

  • Different sampling methodologies as Law of Newcon-Benford.
  • Test of the effectiveness of internal controls.
  • Issuing recommendations for improvements and suggestions for implementation of specific internal controls for risks discovered and/or not mitigated.

Methodologies: COSO ICIF 2013, COSO ERM 2017, COBIT, ISO 27002 (Information Security), IPPF (IIA), ISO 31000 (Risk Management), Newcomb-Benford’s Law, others.