Non-governmental organisations (NGOs) and governments are faced with difficult decisions when trying to balance the needs of the communities they are trying to support with the necessity to manage possible harm to people, resources and reputation. In response to these risk, increasingly sophisticated risk management strategies and procedures are being adopted by a number of large, international NGOs. Risks faced by NGOs include critical areas such as security and safety in addition to traditional uncertainties faced by most organisations such as economic or political events, technology, financial, legal, reputational, operational, and information risks.
To navigate these uncertainties, organisations need a comprehensive strategy and a unified approach to risk management. Prudent, forward-looking risk management can help organisations improve their ability to achieve their objectives and maximize the value they bring to their communities.
For USAID & HHS/CDC/NIH Recipients of US Government funding there are separate but similar pieces of legislation that deal with the requirements of internal controls. For USAID Recipients the Federal Register 2 CFR 200.303 requires that entities have an internal control system. "The non-Federal entity must:
Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in "Standards for Internal Control in the Federal Government" issued by the Comptroller General of the United States or the "Internal Control Integrated Framework", issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)." For HHS Recipients, the same requirement is called out in 45 CFR 75.303.
In addition to legislation requiring internal controls, an effective internal control system can also help organisation manage change in their operating environment, demands, risks and priorities. As programs and technology evolves, the organisation should evolve with it, should strive to continuously improve operations, risk management processes and the system of internal controls.
A competent and knowledgeable internal audit function is essential to ensure a healthy system of internal controls, strong corporate governance, effective and efficient risk management strategies, and robust compliance practices. As organisations recognize the value that an internal audit function can add, the demands on internal audit increases. Internal audit is often required to provide the proficiency and understanding needed to address a broad spectrum of risks.
Our risk management approaches are grounded in the real-world realities of business while also keeping the big picture in mind. We work with our clients to understand their operations, objectives, compliance requirements and the uncertainties they face.
This leads us to help our clients implement effective risk management strategies that enable them to achieve their goals. As part of these risk management strategies, we perform the following:
As part of our internal audit service offering, we perform the following: