Drive You To Top!

Excellence Is Within The Reach….

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Audit and Risks

Internal Audit, Risk and compliance

These services encompass risk assessment and management, control evaluation and management, internal audit services, compliance management system and forensic audits. We provide management with recommendations and guidance on solutions to financial or non-financial quagmire that helps bringing back the averted business from its goals and objectives. Our related services are, but not limited to:

  • Risk Assessment and management
  • Controls evaluation and management
  • Internal Audit Services
  • Compliance Management System
  • Forensic Audits

Internal Audit Services

Internal Audit is perceived in progressive enterprises, as a source of advice and guidance that assists executives in their responsibilities for the management of business risk. Our Internal Auditors help management to ensure that the whole system of controls, financial and otherwise, is adequate and effective in reducing risk to acceptable levels which further assists the enterprise in conducting its business in an orderly and efficient manner..

Risks and systems of control vary according to business needs and it is not practicable to generalize on the scope of the work that should be covered by internal audit.

Some elements of internal audit may include but not restricted to the assessment of the effectiveness of the system of internal controls, its implementation and functioning to assure:

  • Reliability and integrity of financial and operating information and of the means used to identify, measure, classify and report such information
  • Effective implementation of enterprise’s strategic management including its risk management process, a process whereby an enterprise methodically addresses the risks associated with operational, financial and business activities, with the objective of sustaining benefit within each activity and across the portfolio of all activities.
  • Compliance to internally implemented procedures and controls including those for risk management, control and governance, conforming to enterprise’s objectives and strategies and compliance to externally imposed rules and regulations.
  • Safeguards for the enterprise’s assets and interests from losses of all kinds and physical existence of assets.
  • Economical and efficient use of the resources employed.
  • Accomplishment of the established objectives and goals for operations and programs and consistency of results with established objectives and goals.

Indeed it is the Board of an enterprise that will ultimately determine the scope of work of its internal audit function. A recent survey conducted by the Audit Faculty of the Institute of Chartered Accountants in England and Wales, revealed a wide range of work being undertaken by internal audit departments in both the private and public sectors. The highest proportion of internal audit effort is devoted to audits of operations and business processes, followed by financial audits, IT systems reviews, fraud and special investigations and regulatory compliance work.

Internal Audit’s value and effectiveness are linked not only to their attunement to management’s philosophy and direction, but their understanding of risk and its management, and their direct knowledge of operating systems. As an independent appraisal function working within an organization, internal audit provides a pro-active value-added assurance service which helps directly in the achievement of the entity’s goals and business objectives, as well as assisting senior management in meeting their responsibilities.

The Internal Audit Function has gained significance in recent years, accentuated by the Code of Corporate Governance in Pakistan and by specific requirements of regulatory bodies in the developed countries requiring separate independent reviews.

Compliance Management System

Compliance is an integral part of Risk Management, Management Control and Internal Audit Functions. Due to the increasing number of regulations and need for operational transparency, there is need for organizations to adopt methodology which ensures compliance. Compliance is required to externally imposed rules and regulations and internally implemented procedures and controls conforming to organizations’ objectives and strategies.

  • Companies Act 2017 (Formerly Companies Ordinance 1984).
  • Securities & Exchange Commission of Pakistan-Notifications, Circulars & Guidelines.
  • Other Rules & Regulations.
  • Code of Corporate Governance.
  • Stock Exchange Listing Regulations.
Internally implemented procedures and controls including those for risk management, control and governance, conforming to enterprise’s objectives and strategies.
  • Applicable Tax Laws
  • Labour Laws
  • Environment Regulations

Risk Assessment and Management

Risk management is a process which increases confidence in the ability of an enterprise to anticipate, prioritize, and overcome obstacles to the attainment of its strategic goals and objectives.
Risk management facilitates:

  • Implementation of strategic plans more effectively.
  • With clear definition and identification of risk exposures and related causes, the enterprise management can more effectively integrate decisions about risk-taking into their strategic and tactical decision making.
  • Achievement of strategic objectives within the time frame and budget. Minimization of nature of potential losses to the enterprise.
  • Effective and efficient allocation of the resources and capital.
  • Effective competition with competitors and meeting customers’ requirements.
  • Compliance with its own policy and procedures, code of conduct, standards of best / good practice and laws and regulations.
  • Mitigation of strategic, financial, market, operational, information, compliance and hazard risks.

Whether there is a mandatory requirement for risk management and reporting thereon or not, it is still essential and important management process.
Risk management has become an integral part of national and international business strategy, management use quantitative tools to measure and analyze risk. There is a continuous necessity to identify and address all types of risks, establish support and control mechanisms for dealing with it and set the course for the risk management team in terms of its policies and objectives.
The demand of additional reporting requirements as part of the Code of Corporate Governance, relating to risks has increased. Perpetuated by corporate failures in the recent past, has seen the emergence of the Combined Code in UK, S404 of the Sarbanes Oxley Act in USA and other similar codes, acts and standards in developed economies.
These codes, acts and standards now require inclusion of statements in annual reports and listings about risk management, the procedures adopted in this context, and internal controls and its effectiveness.
Risk management and internal controls are correlated. The success of risk management is dependent on the effectiveness of internal controls.
Event, incident, occurrence from internal or external sources that affects achievement of objectives can have negative impact, positive impact, or both. Events with negative impact represent risks.
Risk is a concept that denotes a potential negative impact to some characteristic of value that may arise from a future event. It is possibility of an adverse event that may negatively affect the ability of an enterprise to achieve its objectives. Exposure to the consequences of uncertainty constitutes a risk.
Risk management is a process which increases confidence in the ability of an enterprise to anticipate, prioritize, and overcome obstacles to the attainment of its strategic goals and objectives.

The risks facing an enterprise and its operations can result from factors both external and internal to the enterprise. The risks can be categorized as follows:

Strategic Risk

It is associated with the probability and consequences of failure of strategic objectives. Strategy is interrelated with strategic management of formulating, implementing and evaluating cross-functional decisions that will enable an enterprise to achieve its objectives.

Strategic management combines the activities of the various functional areas of a business to achieve organizational objectives. Strategic management is an ongoing process that assesses the business and the industries in which the enterprise is involved; assesses its competitors and sets goals and strategies to meet all existing and potential competitors and then reassesses each strategy regularly to determine how it has been implemented and whether it has succeeded or needs replacement by a new strategy to meet changed circumstances, new technology, new competitors, a new economic environment or a new social, financial or political environment. These concern the long-term strategic objectives of the enterprise. They can be affected by such areas as capital availability, sovereign and political risks, risks associated with competition, customers and industrial changes, legal and regulatory changes, reputation and changes in the physical environment.

It is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. It excludes credit and market risks. In broader terms an operational risk is a risk arising from an enterprise’s business functions and from the practical implementation of the management’s strategy. The inherent risks include, accounting and financial reporting risks, information system risks, fraud risks, human resources risks, supply chain risks, process risks, pricing risks, legal and regulation, board composition, customer satisfaction and physical or environmental risks, etc.
Compliance risk is defined as the risk of material financial loss, legal sanctions or loss to reputation the enterprise may suffer as a result of its failure to comply with its own policy and procedures, code of conduct, standards of best / good practice and laws and regulations.
The risks associated with the inherent characteristics of material, condition or activity that has a potential of causing harm or loss to the enterprise’s business operations, people, property or the environment. These include risks caused by an enterprise’s own activities (production, manufacturing, services, and operations) or external factors that may result in harm or loss.

The risks associated with threats to information systems that can have adverse effects on operations of an enterprise, assets, individuals and other entities by compromising the confidentiality, integrity or availability of information being processed, stored or transmitted by those systems. Threats to information systems relate to access and security including environmental disruptions, human errors and purposeful attacks. Other risks related to information systems can include accounting and financial reporting assertions risk, availability risk, business continuity risk, infrastructure including program management risk, technology risk, legal liability risk, and the risk from outsourcing.

Internally implemented procedures and controls including those for risk management, control and governance, conforming to enterprise’s objectives and strategies.
Control Evaluation and Management
An organization may be defined in various ways. For the purpose of control an organization is understood to be people working in pursuit of objectives. Thus the objective becomes the defining factor of what is included or excluded from the organization.

Contact Us

Have any questions about the SZS services? Whatever your inquiry, we will be pleased to answer.

+92 423 629 8266

30, Lawrence Road, Jubilee Town, Lahore, Punjab, 54000

M-F: 9am-5pm, S: 9am-1pm, S: Closed