HomeWhat We Do › Organisation & Program Assurance

Organisation & Program Assurance

Internal Audit Services

Internal Audit is a key component of a sound corporate governance structure.  Its role is to provide objective assurance that the internal control framework is operating effectively. 

Traditionally this role has been interpreted as verifying conformance or compliance with legislative requirements and internal policies and procedures. 

At Sustineo we take the view that any internal audit activity must evaluate and contribute to the continuous improvement of an organisation’s governance, risk management, and control processes through a systematic, disciplined, and collaborative approach.  The only way to deliver this is not via a text book approach, but rather through a ‘leveraged approach’ that blends established methodology with experience and knowledge, established industry best practice and practicality.   What’s critical is that the audit team understands that it’s not about ‘the process’ it’s about understanding the objectives, sectors, people and culture within an organisation.   We believe that the role of internal audit is to address four critical areas:

  1. Are operations ethical and legal?
  2. Are financial systems and financial management processes accurate and reliable?
  3. Are reporting obligations being met?
  4. Are operations as efficient and effective as they can be?

Sustineo’s Organisation & Program Assurance consultants bring intelligence, talent, and extensive experience to our clients.  Our experience includes compliance audit, IT audit, financial statement audit, and performance audits for many public and private sector clients.  Our methodologies and approaches are proven and consistent with material published by the Institute of Internal Auditors and the Institute of Chartered Accountants.  What this means for our clients is:

  • - An audit service that is flexible and tailored to the specific organisational context
  • - Practical and audit recommendations that suit the context
  • - Specific identification of issues that impede strategic and operational performance, and
  • - Minimal inconvenience to staff and the business area under review.

Risk Management Services

Risk management is a powerful tool that can drive operational and strategic improvement throughout an organisation, but too often its potential is never realised. Sustineo can help you get the most out of risk.

Sustineo understands that risk management is an integral part of business assurance. It is also a powerful enabler of business improvement and organisational change.  Successful risk management is not just a “tick the box” exercise. Done properly, risk management provides a fundamental level of protection for your business and improves the chances of achieving your business goals and objectives.

Effective risk management identifies:

  • - What’s relied on within or across the business or area of operation
  • - What has worked and what works well (is the control effective?)
  • - Where is improvement required – what needs strengthening, and
  • - How to improve it.

If executed properly, risk management frameworks will improve decision making through the organisation.  In particular, risk information needs to inform the:

  • - Senior management and executive committees. To enable informed decision-making to ensure the organisation’s limited resources are best deployed for maximum benefit
  • - Business planning.  Where improvements need to be made to ensure objectives are achieved, and
  • - Audit program.  To ensure audits focus on the controls and activities that are critical to the success of the business.

Sustineo can help you achieve these benefits through our extensive experience in:

  • - developing robust integrated risk management frameworks
  • - conducting risk assessments
  • - assessing the effectiveness of risk management practices
  • - developing and implementing customised risk assessment tools
  • - providing risk training, awareness and education programs.

Fraud Control Planning

Sustineo’s fraud and risk management capability extends from designing and implementing a complete fraud and risk management solution through to providing tailored services against specific requirements.

Sustineo’s Fraud Control Model is fully consistent with the Commonwealth Fraud Control Guidelines and employs a risk-based approach to managing fraud and related issues.  A fundamental principle to this approach is the recognition that prevention through a rigorous and sound control system is better than to rely too heavily on the resource intensive and high cost consequences of an investigation and subsequent effects on reputation and staff morale.

Minimising fraud means being proactive.  Our approach to fraud prevention involves fraud control planning, risk assessment and management, provision of fraud awareness training to staff and good corporate governance.  The Model uses a range of resources to manage fraud risks including internal controls and data mining analysis.

Unfortunately, some incidences of fraud will always occur in any organisation no matter how good the preventative mechanisms.  If a suspected fraud or related incident occurs Sustineo can undertake administrative and misconduct investigations or provide advice and support as appropriate.

Any investigation or the identification of vulnerability to fraud should be immediately followed with a review of the organisation’s prevention and detection mechanisms.  The final phase of Sustineo’s Fraud Control Model involves designing solutions to prevent reoccurrence and implementing these solutions into your standard business processes.

Sustineo’s Internal Audit and Assurance, Risk Management, and Fraud Control services are fully informed and guided by:

  • - AS/NZS ISO 31000:2009 Risk management – Principles and guidelines
  • - ANAO Fraud Control in Australian Government Entities - Better Practice Guide, 2011
  • - AS 8001-2008 Fraud and corruption control.

Although these are essential sources of methods and standards for risk management and fraud control, the design and implementation of plans and frameworks must take into account the organisation’s particular objectives, context, structure and operations.  Risk management should continue to develop organically if it is to be truly effective and aligned with the organisation’s operating context.

Featured Projects

Supporting Pacific Development Index

The Supporting Pacific Development Index (SPDI) is a joint initiative between Sustineo and the Alfred Deakin Research Institute.
 Read More +

RE-ASOP: Pacific

This project will assess the impact, effectiveness, efficiency, and sustainability of the Australian Sport Outreach Program.
Read More +