Valor’s professionals consist of Certified Internal Auditor and CPA who are competent and qualified in providing reasonable assurance on the effectiveness and adequacy of the internal control and risk management systems.

An issuer’s internal control and risk management systems are designed to manage the risk of failure to achieve business objectives, and provide reasonable assurance against material misstatement or loss.

With a view to providing reasonable assurance, we can come to your office from time to time and provide the internal audit function as an external consultant.

The scope of work of internal audit function usually includes:

• Conduct risk identification, assessment and develop internal audit plan with the management and the board
• Develop internal control framework based on COSO Internal Control – Integrated Framework (2013)
• Develop risk management framework based on COSO ERM Integrated Framework (2017) or any other framework
• Setup internal control and risk management policy with the management
• Conduct financial and operational audits based on the approved audit plan
• Setup risk register, evaluate the risks likelihood/impact and decide on risk responses with the management
• Monitor the significant risks and update the risk status continuously with the management
• Provide analytics and benchmarks to evaluate the risk status of the significant risks
• Assist the board to conduct regular reviews on the issuer’s internal control and risk management systems
• Identity internal control weaknesses and recommend remedies
• Monitor the follow-up actions agreed upon in response to the recommendations
• Provide internal control and risk management related training to the board, the management and the staffs

Internal Control Review provides an overall assessment on the effectiveness and adequacy of the internal control systems of various business units in an organization to address the relevant risks. Internal control is a process designed to facilitate the achievement of objectives, including effectiveness and efficiency of operations; integrity of financial reporting; compliance with applicable laws and regulations; and prevention of fraud.

Valor’s professionals consist of Certified Internal Auditor and CPA who are competent and qualified in reviewing the internal control system of your company and subsidiaries.

The scope of work of internal control review usually includes the review on the issuer’s implementation of the followings:
• Policies and procedures of various business units
• Entity level control including organizational structure, job descriptions, authorization matrix, code of conduct and etc.;
• Segregation of duties and responsibilities;
• Authorization and approval process;
• Performance review, monitoring and control procedures;
• Safeguarding of assets;
• Completeness, accuracy and exchange of information;
• Manpower management;
• Regulatory compliance; and
• Cost and benefit of control.

Common business units/cycles for internal control review:
• Revenue, receipt and receivable management
• Purchase/sub-contracting, payment and payable management;
• Bank and cash management;
• Project management;
• Research and development management;
• Investment management;
• Financial reporting and disclosure;
• Compliance management and corporate governance practice;
• Human resource and payroll management;
• Information technology (general controls); and
• Fixed assets management.

During the internal control review process, Valor shall:
• Identify weaknesses (if any) in the selected business units/cycles, whether due to fraud or error;
• Propose recommendations to remedy the weaknesses identified (if any); and
• Report the findings to the board.

An effective risk management system should give an organization a clear view of both internal and external risk factors that the organization is exposed to. The system provides information and resources for the management to define the organization’s risk appetite and risk response so that risks can be mitigated while pursuing the business objectives. The risks identified are documented into a risk register with a risk matrix which evaluates the likelihood and impact of the risks. Risks are commonly classified into 4 categories:
• Strategic Risk
• Operational Risk
• Financial Risk
• Compliance Risk

Valor’s professionals consist of Certified Internal Auditor and CPA who are competent and qualified in reviewing the risk management system of your company and subsidiaries.

The scope of work of risk management review usually includes:
• Review the risk management policy and framework
• Review the risks in the risk register, evaluate the risks likelihood/impact and risk responses with the management.
• Review the monitor the significant risks and update the risk status with the management
• Provide analytics and benchmarks to evaluate the risk status of the significant risks
• Assist the board to conduct regular reviews on the issuer’s risk management system
• Provide risk management training to the board, the management and the staffs