Why haysmacintyre?
In today’s complex business environment, organisations face escalating compliance requirements, financial risk controls and concerns, and ongoing uncertainties, such as cybersecurity, environmental and sustainability, operational disruption, supply chain risk and geopolitical matters. Above all, decision-makers need confidence in the integrity of the data they analyse and act upon in order to lead their business effectively.
This is where we can support you as a professional assurance partner – by giving an independent viewpoint, we enable timely evaluation of control adequacy and effectiveness by linking these to risks, which lead to enhanced operational efficiencies for your organisation. Our team of specialists brings in-depth industry knowledge and experience to the table, allowing us to offer tailored recommendations that are benchmarked against comparable organisations.
We are here to assist in an independent and objective capacity, and assess performance in different areas of your organisation. We aim to add real value to your business by building on your strengths, identifying areas for improvement, and providing pragmatic and practical solutions, so you get the assurances you need to help you develop your organisation in the ever-evolving business landscape.
Our service will give you the added confidence you need in your decision-making whilst supporting your resourcing and operations with tailored recommendations to prioritise your next steps.
We can give you independent and constructive advice and support through a wide range of services including:
Assurance
- Governance reviews
- Internal audit
- Risk management
- Compliance reviews
- Agreed upon procedures
- Service organisation controls report (ISAE 3402)
Advisory
- Cybersecurity
- Data protection
- Financial controls advisory
- International advisory services
- Enterprise risk management
- Other assurances reporting i.e. grant assurances
- USAID audits
- Financial modelling assurance
- IT security / data protection
Our services
More detail on our services are as follows:
Internal audit
Risks surrounding business are always on the rise. These risks can vary in nature and in severity making it difficult for organisations to achieve their objectives. Financial, operational and compliance risks are just an example of what small, medium, and large organisations encounter on daily basis.
Our team of experienced internal auditors recognise the importance of an effective internal team or function in providing assurance to the Board, sub-committees, management, and other stakeholders. Demonstrating corporate responsibility and a proactive approach to risk management is crucial for organisations of all sizes, and maintaining a robust control environment is essential to achieving these objectives.
How we can help
- Undertake an audit needs assessment and develop a bespoke internal audit strategy (three-year plan) for your organisation.
- Provide a fully outsourced or co-sourced internal audit service function.
- Provide assurances on one-off special projects, such as a review of your finance function or investigation.
- Carry out data analytics on financial information.
- Progress reporting on delivery of internal audit plan.
- Progress reporting on implementation of internal audit recommendations.
Governance
The corporate governance system provides guidance on how an organisation is directed and controlled. Boards of Directors or trustees have the responsibility of governing their organisations. This is done by setting the company’s strategic aims, providing leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship.
In addition, it also helps to foster cooperation and accountability internally, provide reassurance to shareholders externally, and promote the image of the organisation to its stakeholders and the public.
How we can help
- Board effectiveness review on your governance and sub-committees that support the Board in making its decisions.
- Review compliance with Corporate Criminal Offence requirements.
- Assist in creating organisational policy, internal control and information management frameworks.
- Provide independent evaluation on the performance of your board and its sub-committees.
- Compliance review against UK Corporate Governance Code or the Charity Governance Code.
Risk management
Risk management is the process of identifying, assessing, and controlling threats which pose challenges to achieving your organisation’s aims and objectives. These threats or risks could stem from various sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters.
Risk management is essential for protecting your organisation’s assets, ensuring business continuity, enhancing decision-making, and maintaining compliance. It is also crucial for managing reputation, achieving financial stability, supporting strategic goals, and fostering a strong organisational culture.
How we can help
- Assessment of your organisation’s risk maturity.
- Develop a risk management framework tailored to your organisation, aligned to your size and complexity of operations.
- Provide risk management workshops to develop a detailed risk register and raise awareness of risk management requirements.
- Undertake a detailed risk management assurance exercise and provide recommendations where further improvements can be made.
- Develop risk management policy and procedures based on your organisation’s requirements.
Technology assurance
Technology and its ongoing enhancement is critical for organisations to protect sensitive information, ensure business continuity, and maintain trust with stakeholders. These controls safeguard against cyber threats, data breaches, and unauthorised access, thereby preventing financial losses and regulatory penalties. Effective IT security measures also support operational efficiency and enable a swift response to security incidents, ensuring the organisation remains resilient and compliant in an ever-evolving digital landscape.
- Assessment of technology maturity throughout the organisation.
- Provide IT controls assessments and advise management on areas to improve.
- Carry out cyber security and data protection reviews.
- Review IT governance framework.
Internal scrutiny for Academy Trusts
Internal scrutiny is a critical component of an Academy Trust’s compliance with the academy trust handbook. It is the process through which Trusts evaluate the adequacy and effectiveness of their control environment, focusing on risk management, governance, and internal controls. The objective is to provide independent assurance to trustees that the risk management framework, governance practices, and internal control environment is fit for purpose.
How we can help
- Undertake an audit needs assessment and develop a bespoke internal scrutiny strategy (three-year plan) for your organisation.
- Deliver internal scrutiny reviews and report to management and audit committee.
You can read more on internal scrutiny for Academy Trusts here.
USAID audits
A USAID audit is a comprehensive examination and evaluation of the financial statements, compliance with laws and regulations, and overall management practices of programs and projects funded by the United States Agency for International Development (USAID). These audits are essential to ensure that funds are being used appropriately, effectively, and in alignment with the Agency’s objectives and policies.
How we can help
- Perform USAID audits on federal funds received and disbursed by your organisation.
- Guide on USAID audit requirements.
Read more on USAID audits here.
Environmental, Social, and Governance
Environmental, Social, and Governance (ESG) is a framework used to evaluate your organisation’s practices and performance on various non-financial factors that may have a material impact on its long-term sustainability and social influence.
Organisations across multiple industries are increasingly recognising the value and importance of integrating ESG principles into their day-to-day operations. ESG reporting focuses on how your organisation conducts its business concerning its environmental impact, as well as its relationships with employees, suppliers, customers, and the wider community.
The landscape of ESG regulation is evolving rapidly, and organisations can expect further guidelines and requirements for ESG reporting to emerge over time. Staying informed and adaptable will be crucial for meeting these new standards and ensuring compliance.
How we can help
- Perform an ESG assessment and provide recommendations on making improvements to your ESG framework.
- ESG assurance aligned with ISAE 3000 standard by providing ESG credibility of your ESG disclosures and reports.
- Assessment on what impact upcoming regulations have on your reporting requirements.
- ESG advisory by gaining valuable insights into your ESG processes, controls and reporting, and identifying areas of improvement.
- Take our ESG quick quiz: haysmacintyre ESG Starter Quiz
Service organisation control report (AAF 01/20)
A service organisation control report serves as a valuable tool for service organisations to demonstrate their commitment to internal controls and for user entities to assess the risks associated with outsourcing services.
How we can help
- Perform a service organisation report in line with AAF 01/20 requirements.
As we have sought to strengthen and develop our governance arrangements, haysmacintyre has always been on the side lines providing challenge, support and guidance. The number of schools they work with and their involvement with both AGBIS and the ISBA has really benefitted our school.