In this type of audit, we initially go through the processes with our client. For example, the common purchasing/sales processes, or a process for issuing a fuel card. Once we have identified the customer-specific details of these processes, we can also catalogue the specific internal control risks or business risks.
We discuss with the client which control measures are in place in and around the systems. These may be automated or manual control measures. We test whether the measures cover all the identified risks, after which we also test whether the measures actually work. We carry out assignments of this kind in the form of consultancy assignments, providing hands-on support setting up a control framework if required, or in the form of assurance assignments, providing an opinion about, say, the performance of the control measures over a particular period.