We specialise in providing services to federal, state and local government and government agencies.  Our clients require high technical standards matched with a personal understanding and involvement in their affairs.

• business process improvement
• councillor workshops
• external audit
• indirect tax advice
• internal audit and risk services
• investment advice and review
• IT consulting
• performance reviews

Risk management is becoming an increasingly important aspect of day to day business operations, with a growing recognition in the business community that there is organisational value to be gained though the formal adoption of a risk management framework.

• any threat that can potentially prevent an organisation from meeting its objectives
• any opportunity that is not being maximised by an organisation in meeting its objectives

• what may go wrong
• the areas in the organisation that may be most vulnerable
• the likelihood of a problem occurring and the possible impact if it does
• a technique used to assess the level of risk a Council is exposed to and how effectively it is controlled, and managed

• As a business leader/manager do you know what your risks are?
• Have you identified and evaluated non-traditional risks?
• Do you understand how all your business risks interrelate?

• well organised and up-to-date information about the areas where control deficiencies may exist in your organisation
• to assess the likelihood of the controls failing
• to determine the potential effects if they do 

In addition to providing assurance to Council management on systems that they are responsible for, internal audit also provides a valuable input in suggesting improvements to these systems. 

Risk management, control and governance comprise the policies, procedures and operations established by Council to ensure:

• the achievement of objectives
• the appropriate assessment of risk
• the reliability of internal and external reporting and accountability processes
• compliance with applicable laws and regulations 
• compliance with the behavioural and ethical standards set for Council

Internal audit also provides an independent and objective consultancy service specifically to help line management improve Council’s risk management, control and governance.

Implementation of a compliance audit program provides Council with the following opportunities:

• The development of a dynamic comprehensive long-term compliance audit plan, together with supporting programs, for the efficient and effective performance of the audit function.
• The development of annual compliance audit plans derived from the long-term plan.
• Monitoring management controls to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned and authorised by the Council.
• Monitoring compliance with relevant legislation, Department of Local Government directives and other regulatory instruments.
• Anticipating, identifying, and assessing risks to the assets, activities and interests of the Council.
• Investigating actual and potential lapses of control and incidents of risk over the financial and other operations and activities of the Council.
• Examining and reviewing Council performance indicators/measures, and provide guidance in the derivation and implementation of new performance measures and indicators.
• Carrying out any specific assignments as directed by Council and/or the General Manager.
• Making recommendations for the improvement of control, the responses to risk, and the attainment of Council objectives.

This approach enables us to provide suggestions to improve Council’s business practices by increasing efficiency, effectiveness, control, fraud mitigation and governance.

Our industry specific approach implementing risk management and internal audit functions include:

• a full outsourced internal audit function, where we undertake all aspects of the internal audit role and report to your board and/or audit committee
• a co-sourced function, where we provide technical and managerial resources to support an existing internal audit function
• an ad hoc approach, where we undertake specific internal audit reviews on your behalf
• training for managers and appropriate staff on effective risk management processes

IT Internal Audit Services

Councils rely on efficient, effective and reliable information systems to meet their strategic goals to deliver services. While IT presents considerable opportunities, it also brings significant risks that need to be identified, actively controlled and strategically managed.

Our IT Audit Service assesses IT-related risks and their business consequences, delivers assurance to management, and provides answers to questions like:

• Are my current IT projects under control?
• Are our IT processes consistent with better practice?
• Does my IT help me achieve my business objectives?
• Do my systems comply with privacy requirements?
• Do we have the right IT platforms to meet our future needs?
• Are my systems unnecessarily exposed to fraud?
• What are the IT-related risks that I face?
• How can I better manage the IT risks?

• governance
• planning and organisation
• strategy and architecture
• value and effectiveness
• acquisition and implementation
• vendor and contract management
• service delivery and support
• security and user access
• policies and procedures
• disaster recovery.

• project governance
• project management
• time management
• cost management
• scope management
• people management
• communications management
• procurement, contract and vendor management
• proposed control design
• proposed systems administration arrangements
• quality assurance
• testing
• data migration
• change management
• benefit realisation

Our work can take the form of:

• project health check
• quality assurance review
• pre-implementation review
• post-implementation review

Very few consider the broader risks associated with the loss of their main business operations such as a manufacturing facility or main administration hub. Failure may be the result of a minor issue such as a flood or fire.

A Business Continuity Plan (BCP) is designed to consider the broader continuity risks associated with all aspects of the business.

Development of a BCP broadly involves identification of business continuity exposure, assessment of the potential impact on the business, identifying the critical nature of the exposure, predetermine and document an appropriate course of action for each exposure and test the effectiveness of the plan.

Pitcher Partners’ Risk Services team is able to support you in the development of a Disaster Recovery and Business Continuity framework and recovery plan.

Recent Internal Audit and Risk Services Engagements

• Provision of training on “Risk Assessment for Local Government Managers”, including provision of detailed material, templates and risk categorisation methodologies.
• Information Technology Assessment including review of business critical applications and provision of detailed report and recommendations.
• Internal audit on existence and effectiveness of controls over external collection points.
• Development and implementation of Internal Audit Function Strategic Plan.
• Internal audit of Development Applications and related functions.
• Examination and report on the financial viability of potential tenderers for major construction project.