Skip to content
A practice anchor at D Somani & Associates

Internal Audit & Risk Advisory.


At a glance

The five things you need to know.

What it is

A planned, risk-based review of your processes, controls and compliance posture - designed for the audit committee, not the file room.

Who it's for

Listed companies, mid-to-large promoter-led closely held businesses, manufacturing groups with ₹100 Cr+ turnover.

How we run it

Quarterly cycles. Walk-throughs first, then analytics on full populations. Always validated with process owners.

You walk away with

A one-page executive summary, a structured findings register, root-cause-led recommendations, and our presence in the audit-committee close-out.

Typical timeline

Quarterly engagements (3-4 weeks per cycle); annual IFC review (4-6 weeks).

What we do.

We run internal audit programmes for promoters and audit committees who want a watchdog that does more than tick controls. Each cycle is built around the audit committee's next agenda - what they need to ask, what management needs to fix, what the auditor will see when they return.

The audit committee deliverable.

Every cycle produces three things: a one-page executive summary, a structured findings register with quantified impact, and a presentation we walk the audit committee through. The report is short on purpose. Audit committees read short reports.

IFC testing - design and operating effectiveness.

For listed entities and companies in IFC scope, we run an annual IFC review covering risk-control matrices, design effectiveness walk-throughs, and operating-effectiveness testing on samples sized to the population. For companies that want controls watched every cycle rather than once a year, see Continuous Control Monitoring & IFC.

How we are different.

  • Planning first. We invest disproportionate time upfront - risk universe, data extracts, calendar - before fieldwork begins.
  • Field work executed, not performed. Walk-throughs first, then analytics on full populations (we rarely sample), then validation.
  • Root cause over symptom. Every observation traces to a process gap, control failure or compliance miss - never just "it happened."
  • Cumulative impact, measured. Direct recoveries identified across our engagements have crossed ₹5 Cr. Financial impact flagged is ₹15 Cr+.

What a quarterly cycle looks like.

Week 1: scoping call, data extracts, calendar. Weeks 2-3: fieldwork - walk-throughs and analytics. Week 4: validation, draft, management response, final report and audit-committee close-out. We hold a follow-up review at the next quarter to verify implementation.

Related

You might also need.

Talk to us

A short call is the fastest way to scope a internal audit & risk advisory.

Schedule a call → Read related notes
WhatsApp