Internal Audit

Our Internal Audit services help organizations to fulfill increasing regulatory requirements and the growing importance of effective corporate governance. The Internal Audit function plays a central role in monitoring as well as control processes and takes on a strategic role in the overall assessment of business risks.

• Regulatory compliance: Internal Audit monitors adherence to legal requirements and internal policies, identifies potential compliance risks, and helps mitigate them.
• Ensuring corporate governance: By independently and objectively assessing the Internal Control System (ICS) and Risk Management System (RMS), Internal Audit strengthens corporate governance.
• Transparency and efficiency improvement: Independent audits analyze organizational processes, identify optimization opportunities, and enhance the efficiency of internal operations.
• Risk mitigation and prevention: Risks are identified and assessed early, allowing for preventive measures to safeguard the organization.
• Protection against financial and operational losses: Weaknesses in corporate governance are uncovered to prevent economic damage and operational disruptions.
• Building stakeholder trust: A well-functioning Internal Audit function reinforces trust among investors, regulators, and other stakeholders.

The key challenge for organizations is to establish a dynamic and independent Internal Audit System (IAS) that not only fulfills regulatory requirements but also serves as a strategic partner in optimizing business processes and managing risks.

BRL provides high-quality Internal Audit services tailored to the economic needs of your organization and the expectations of your stakeholders. Our risk-based audit approach encompasses the analysis of Internal Control structures, processes, and Compliance matters, closely integrated with risk management and process optimization. We adhere to the professional standards of the German Institute of Internal Auditors (DIIR) as well as the Global Internal Audit Standards (GIAS) set by the Institute of Internal Auditors (IIA) to ensure the highest quality and international recognition. 

Together, we identify areas for improvement and more efficient ways to achieve your objectives. You can choose between a fully outsourced solution (outsourcing), a collaborative approach with your Internal Audit department (co-sourcing/partnering), or targeted support for specific tasks (e.g., project-based work). All three models are flexible, scalable, and combinable - offering a significant advantage considering current economic conditions and capital market requirements.

The IIA’s Three Lines Model, an update of the “Three Line of Defense“ Model (The Institute of Internal Auditors (IIA), 2024).

1. Implementation and enhancement of an Internal Audit System (IAS): Establishment and further development of the Internal Audit function and Internal Audit System (IAS) in accordance with international standards such as the GIAS, the DIIR standards, and IDW PS 983. The implementation includes defining roles, responsibilities, and audit processes, as well as developing efficient risk-based audit methodologies.
2. Outsourcing of Internal Audit: Complete outsourcing of the Internal Audit function, ensuring that all audits are conducted professionally, independently, and in accordance with professional standards (e.g. DIIR, IIA, GIAS, IDW PS 983). This reduces the burden on internal resources while enhancing audit process efficiency.
3. Co-Sourcing of Internal Audit: Supplementing the Internal Audit function with targeted support for specific audits, specialized topics, or capacity constraints. This model enables flexible access to external expertise without relinquishing control over the audit function.
4. Partnering in Internal Audit: Strategic collaboration to continuously enhance the Internal Audit function. This model combines the advantages of co-sourcing and outsourcing and is tailored to the specific needs of the organization.
5. Quality Assessment (QA) of Internal Audit: Conducting external and internal quality assessments in accordance with IDW PS 983, DIIR Audit Standard No. 3, and GIAS. These assessments provide an objective evaluation of the design and operative effectiveness of the Internal Audit function, including an analysis of organizational structure, audit processes, and applied methodologies.
6. Risk-based audit planning (strategic and operational) and audit execution: Development of a risk-based audit strategy based on company-specific risk profiles, regulatory requirements, and best practices. This includes strategic planning of audit priorities and operational execution through risk-based assessments of the adequacy and effectiveness of business processes, Internal Control Systems (ICS), risk management, and compliance structures.
7. Special audits: Analysis and audits of specific business areas or issues based on management, supervisory board, or regulatory requirements. Special audits may include fraud investigations, compliance reviews, ad-hoc audits, or targeted risk analyses.
8. Training and coaching: Practical training for audit staff and executives to strengthen methodological expertise in risk-based auditing, process analysis, and compliance requirements. Additionally, individual coaching for audit leaders to support the strategic development of the Internal Audit function. Training sessions are based on current professional standards and best practices and are customized to the organization’s specific needs.

Learn more about our internal audit services and feel free to reach out to our Experts for a non-binding consultation.