Teolupus successfully implemented a co-sourcing model for internal audit with the Risk and Internal Audit Unit of a client in the retail chain sector with a vast store network.
This project not only met additional resource needs but also established a strategic partnership that elevated our client’s internal audit function in competence, methodology, and technology.
Reasons for Co-Sourcing;
Co-sourcing model risk management and internal audit is an approach that strengthens the institution’s internal audit function by bringing in external expertise and additional capacity where needed, without completely outsourcing it. The organization saw the need for this model for the following reasons:
- Expertise needed: To fill the expertise gap in areas such as HR, OHS, and IT audit.
- To meet increasing audit demands (Flexibility).
- Making risks and vulnerabilities that go unnoticed due to working with the same people and habits for a long time (Operating Blindness) visible through an independent and objective external eye (Independence and Objectivity).
- Rapid integration with IIA Standards and best practices (Compliance with international internal audit standards, international frameworks, etc.).
- Professional development within the existing internal audit team (Competency development).
- Reducing costs by using needs-based specialists instead of permanent staff (Cost effectiveness).
- Ability to perform unit/process audits that could not be done sufficiently before (Meeting Board of Directors’ expectations).
During the Project:
- A risk-based annual internal audit plan was jointly created.
- Joint audits were conducted in processes related to stores: Financial Affairs and Finance, Human Resources, Supply Chain (Purchasing and Logistics), Information Technology, Legal Consultancy, Sales, e-commerce, Marketing, and Business Development.
- Criteria beyond company procedures and job descriptions, such as laws, regulations, the COSO Internal Control Framework, the COSO Enterprise Risk Management Framework, ISO standards, and best practices, were used as evaluation criteria.
- Good and effective communication was established with unit officials.
- Audit findings were addressed not only as findings but were root-cause and solution-oriented, and solution proposals aligned with goals and strategies were reported.
- Additional management consultancy services were provided to implement the solution proposals.
The Teolupus team executed the project with a single-team approach, working together in the field and maintaining open communication with our client’s risk and internal audit unit.
Value Added
Thanks to the co-sourcing model:
- Significant operational risks in processes were detected at an early stage.
- Information technology controls and cybersecurity applications were effectively integrated into risk and internal audit processes for the first time.
- The scope of internal audit expanded to include units/processes that could not be audited until now, and its depth increased.
- The methodological and technical competence of the existing Internal Audit team was developed in the field (know-how transfer).
- The quality of management reporting increased, and findings turned into action.
- The Internal Audit unit became capable of implementing the quality assurance and improvement program.
This project strengthened the internal audit’s strategic partner role, creating value rather than just being a “controller.”
Differentiating Factor
The key to our success in this model was:
- Strong communication,
- Flexible resource management,
- Mutual exchange of information,
- Adaptation to corporate culture,
- Responding to the expectations of the Board of Directors/Audit Committee,
- Results-oriented approach.
Furthermore, Teolupus positioned itself as a reliable and strategic solution partner that not only conducts audits but also provides examples of good practices and guides management on internal control vulnerabilities and suggestions through fieldwork, the sharing of findings, and reporting.
Conclusion
This co-sourced risk and internal audit work proved Teolupus’s expertise in the retail sector and its capability to generate high added value.
Teolupus views assurance services not as a control activity, but as a strategic transformation tool that serves the success and sustainability of institutions.
