THE CHALLENGE

A large multinational insurer engaged InConsult to strengthen its third party risk management (TPRM) program and gain a transparent, year-on-year view of vendor information security capability, modern slavery obligations and operational risk management processes. Key drivers included: clearer alignment with prudential regulation expectations for service-provider oversight (APRA CPS 234/230), better evidence collection aligning with auditing standards and to provide sufficient assurance, and external visibility of vendors’ exposed attack surface through vulnerability assessments.

The existing process included basic questionnaires and some attestations, but lacked:

• independent passive vulnerability / external attack-surface visibility,

• bespoke assurance questionnaires tuned to different vendor tiers and services,

• consistent evidence trails for control verification, and

• comparative reporting showing cohort trends and year-on-year changes.

OUR APPROACH

We delivered a comprehensive, evidence-based third party risk management uplift including the complete end-to-end facilitation of the program to truly define supply-chain risk:

• Program Design & Standards Alignment: Mapped the insurer’s TPRM processes to APRA CPS 234 (information security, including third parties) and CPS 230 (operational risk and service providers), and considered international supply-chain standards (e.g. ISO/IEC 27036) to structure controls, evidence and assurance activities.
• Third Party Ecosystem, Tiering & Bespoke Assessments: Confirmed vendor details, services, data sensitivity and criticality, assigned tiers and set tier-based assessments combining questionnaires, workshops, external scanning and targeted evidence requests (e.g., ISO 27001 certificates, penetration test reports, backup/MFA configurations).
• Passive Vulnerability Scanning of External Attack Surface: Performed non-intrusive scanning to identify exposed services, weak configurations and stale assets for in-scope vendors, aligned with the Open Worldwide Application Security Project (OWASP) vulnerabilities database. Findings fed into each vendor’s risk profile and remediation recommendations.
• Bespoke Assurance Questionnaires: Built tier-specific questionnaires leveraging prudential standard requirements that the insurer is required to comply with internally and across their supply chain. Designed scoring and an easy-to-follow risk rating matrix for identified weaknesses.
• Facilitated Workshops & Evidence Collection: Ran multi-hour workshops with high-dependency vendors to validate responses, walk through configurations, and agree remediation timelines. Collected artefacts to create defensible audit-quality workpapers mapped to each control and risk theme.
• Reporting, Scoring & Trend Analysis: Issued a customised report to each vendor and a portfolio summary report for the insurer showing cohort performance, heat-maps, trend lines versus prior years, and prioritised recommendations. Prioritised residual risks based on severity, regulatory implications, costs, time to rectify and our experience as risk management experts.

OUTCOMES & BENEFITS

As a result of our engagement:

• Enterprise-Wide View of Third-Party Risk
  A consolidated view and summary report covering all vendors with tier-based grades, material issues, and remediation status, supporting executive and audit/risk committee oversight.

• Independent External Visibility
  Passive scanning surfaced misconfigurations and exposed services missed by self-attestations, enhancing remediation and reducing time-to-detect for vendor weaknesses.

• Stronger Evidence & Assurance
  Complete workpapers tied to recognised supply-chain standards to give internal audit and regulators confidence in the control assessments.

• Year-on-Year Comparability
  Vendor and cohort trend analysis showed measurable improvement against the previous year, with risk-based sequencing of “next best” actions per vendor.

• Trusted Partnership
  The structured, transparent approach strengthened the insurer’s confidence in InConsult as a trusted provider for ongoing third party risk management assurance and uplift initiatives.

Would you like to know more about our cyber resilience services? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

A NSW Local Government agency serving more than 40,000 residents within a high-density region wanted independent assurance over its cyber posture and a clear, evidence-based path to reach its targeted Essential Eight (E8) Maturity Level One as set out in its Information Security Strategy. The agency needed an audit aligned to the Cyber Security NSW – Cyber Security Guidelines for Local Government and to be assessed against the Australian Signals Directorate (ASD) Essential Eight assessment guidelines, so executives and auditors could rely on the results for planning and reporting.

For the Local Government agency, this was the first ever comprehensive E8 audit that would reveal any potential shortfalls after many months of uplift and late nights.

OUR APPROACH

InConsult delivered a structured audit and assessment program combining workshops, technical validation and comprehensive documentation:

• Scoping & Alignment: Defined the audit scope against the Cyber Security NSW – Local Government Guideline control set and mapped each control to the ASD Essential Eight maturity criteria and assessment methods.

• Facilitated Multi-Hour Workshops: Ran detailed, multi-hour workshops with IT Operations to:

  • Validate current state for the eight mitigation strategies (application control, patching applications/OS, Microsoft Office macro settings, user application hardening, restricting admin privileges, MFA, and backups).

  • Elicit evidence paths, data sources and system configurations for each target control.

  • Agree on required evidence, sampling volumes and special terms for review of highly sensitive content.

• Evidence-Based Testing & Workpapers: Executed ASD-aligned assessment procedures (configuration reviews, sample-based testing, artifact walkthroughs and spot checks). Produced complete audit workpapers directly aligned to ASD’s Essential Eight Assessment Process Guide, including test steps, results, screenshots and residual risk notes, creating a robust audit trail from requirement to evidence.

• Findings, Ratings & Roadmap: Issued an audit report with clear control ratings, maturity mapping, and remediation recommendations prioritised by risk, effort and dependencies.

OUTCOMES & BENEFITS

As a result of our engagement:

• Target Achieved: Essential Eight Maturity Level One: The agency achieved E8 Maturity Level One, meeting its strategic target with documented, repeatable evidence aligned to ASD guidance, providing confidence to executives, audit & risk committee members and external stakeholders.
• Assurance Over Guideline Alignment: Verified alignment to the Cyber Security NSW – Local Government Guideline, strengthening their policy-to-control traceability and reporting confidence.
• Clear, Actionable Remediation: Prioritised remediations sharpened focus on near-term controls (e.g., admin privilege management, MFA coverage and backup processes).
• Strengthened Partnership: The quality of our workpapers, facilitation and practical recommendations enhanced our standing as a trusted provider, setting the foundation for ongoing advisory and periodic reassessments.

Would you like to know more about our cyber resilience services? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

A rapidly growing private company in a global e-commerce/ eGift business recognised the need for more robust risk management practices. With a commitment to sustainable growth, strong cyber security controls in place and operational excellence, the company recognised the necessity of formalising its approach to enterprise wide risk management to support strategic initiatives, emerging risks and ensure long-term success.

As the company scaled up, it identified a capability gap and encountered challenges in identifying, assessing, and managing risks across its expanding operations. The absence of a clear risk appetite statement and a structured risk management framework led to a lack of clarity in risk ownership and accountability. The company sought expert assistance from InConsult to develop a comprehensive risk management framework that would align with best practices and support its fast growth trajectory.

OUR APPROACH

InConsult was engaged to assist the high-growth company in establishing a robust risk management framework. Our approach included:

• Development of a Risk Appetite Statement (RAS), Risk Management Policy and Strategy: We collaborated with the company’s founder, board leadership to create a risk management policy and strategy that aligned with AS ISO 31000:2018 Risk management – Guidelines, tailored to the company’s specific needs and growth objectives.  The Risk Appetite Statement was designed to help management and the board make better decisions, considering the companies capabilities, environment and stakeholders.  We included tolerances to reduce the grey areas in decision making.
• Executive Training: We provided targeted risk management training sessions for the executive team to enhance their understanding of risk management principles, their new framework, the RAS, and their roles in fostering a risk-aware culture.
• Strategic and Operational Risk Workshop: Facilitated a workshop with key stakeholders to identify and evaluate strategic and operational risks, ensuring that critical risks were recognised and appropriate controls were implemented.

OUTCOMES & BENEFITS

As a result of our engagement:

• The company has adopted a more comprehensive risk management framework, including a clear policy and strategy, enhancing its ability to proactively manage risks.
• Executive leadership now have greater confidence in identifying and addressing risks, leading to more informed decision-making, using their new RAS.
• A structured approach to risk management was embedded across the key areas, promoting consistency and accountability in risk-related activities.
• The company is now better positioned to navigate the complexities of its growth, with a solid foundation for managing risks effectively.

Would you like to know more about our risk management, risk transformation and internal audit & assurance capabilities for high growth companies ? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

A large New South Wales state government agency with more than 700 staff providing essential services to over 50,000 customers across NSW recognised the growing importance of building a strong integrity and accountability culture to safeguard public resources, maintain trust, and comply with state government expectations around fraud and corruption control in line with the Independent Commission Against Corruption (ICAC) expectations.

While the agency had many fraud and corruption control measures in place, there was a need to strengthen awareness, consistency, visibility and oversight across all directorates. Leadership sought to refresh staff understanding of fraud and corruption risks, identify key vulnerabilities, and improve internal controls to prevent, detect, and respond to potential incidents more effectively.

OUR APPROACH

InConsult was engaged to deliver a comprehensive fraud and corruption awareness and risk assessment program. The engagement included:

• Delivering introductory fraud and corruption awareness training to nearly 50 staff across multiple directorates.
• Facilitating multiple interactive fraud and corruption risk workshops attended by around 50 participants from all directorates.
• Developing a detailed Fraud and Corruption Risk Register that identified key risks, potential causes, impacts, and existing controls.
• Assessing the effectiveness of current internal controls and identifying opportunities to strengthen the control environment through targeted risk treatments.

The workshops were highly collaborative and generated open discussion among staff about real-world risk scenarios and potential vulnerabilities.

OUTCOMES & IMPACT

The engagement resulted in a strengthened understanding of fraud and corruption risks across the agency, with staff demonstrating a greater sense of ownership and accountability.

The newly developed Fraud and Corruption Risk Register provided a practical tool to guide prevention, detection, and response activities.

The process also contributed to a positive shift in culture, raising awareness, and reinforcing the agency’s commitment to integrity and public trust.

The agency is now implementing additional risk treatments to further strengthen its fraud control framework and internal control environment.

Would you like to know more about our fraud and corruption prevention, risk management, cyber security and internal audit and assurance capabilities for NSW state government agencies? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

A NSW council recognised the need to strengthen its governance and risk management practices to better align with community expectations, the Office of Local Government (OLG) guidelines, and its strategic objectives. With growing operational complexity, changing regulations, financial sustainability challenges and inherently higher fraud and corruption risks, the council sought to transform its risk management framework and culture across all levels of the organisation.

While the council had an existing risk management framework, many elements had become outdated and inconsistently applied. Risk ownership was fragmented, and the risk culture varied across departments. Leadership recognised the need for a more sustainable, integrated, and proactive approach to managing risks – one that would empower staff, improve reporting to the Audit, Risk & Improvement Committee, and enhance compliance with OLG requirements.

OUR APPROACH

InConsult was engaged to conduct a comprehensive health check of the council’s risk management framework, culture, and practices. Our approach included:

• Reviewing and assessing the current risk management framework, including policy, plan, and procedures.
• Conducting a risk culture assessment through interviews and surveys to understand awareness, accountability, and engagement levels.
• Supporting the communication and rollout of the updated framework across all divisions.
• Delivering risk management training for councillors, executives, managers, and key staff to build capability and consistency.
• Facilitating council-wide risk identification workshops, covering strategic, operational, and fraud and corruption risks.
• Reviewing the risk management function and workforce structure, providing recommendations to establish a more sustainable and embedded model for the future.

OUTCOMES & IMPACT

The engagement delivered a refreshed and practical risk management framework that was clear, compliant, and easy to apply.

The council’s leaders and staff demonstrated greater ownership and understanding of risk, enabling better decision-making and reporting.

The training and workshops significantly improved engagement and consistency across the organisation.

As a result, the council now has a more mature, sustainable, and proactive risk management culture – and is fully compliant with the new OLG guidelines.

Would you like to know more about our risk management, cyber security, resilience and internal audit and assurance capabilities for NSW local government? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

An Australian branch of a major international insurer sought to ensure its operational risk management program was fully aligned with the Australian Prudential Regulation Authority (APRA)’s new Prudential Standard CPS 230 Operational Risk Management. With substantial operations in Australia and growing demands from regulators and stakeholders, the insurer was determined to demonstrate best-practice governance, readiness and resilience.

While the insurer had made good progress in its CPS 230 implementation project, it recognised the need for independent assurance that its project plan, governance structure and implementation progress met APRA’s evolving expectations. Key issues included:

• Verifying that the project plan covered all CPS 230 requirements (governance, risk identification, scenario analysis, business continuity, outsourcing, etc).
• Conducting a gap analysis of implementation progress—how much of the program was “done”, how much remained, and where controls and documentation still needed strengthening.
• Providing clear recommendations to management and the Senior Officer Outside Australia/ Board so that the program would not just comply, but embed operational risk capability across the entity.

OUR APPROACH

InConsult was engaged to lead a structured readiness review and gap-analysis engagement:

• We reviewed the insurer’s CPS 230 project plan and implementation status, examining governance, roles & responsibilities, risk identification and event reporting, outsourcing arrangements, scenario testing, business continuity and recovery.
• We conducted workshops with the Executive Team, Risk Team and operational risk owners to assess current maturity, identify gaps and validate that controls and documentation were aligned to CPS 230 requirements and expectations in Prudential Practice Guide CPG 230 Operational Risk Management.
• We delivered a detailed gap analysis report highlighting areas of strength and improvement – with defined actions, responsibilities and timing to close gaps and strengthen compliance.
• We supported senior management with a briefing summarising findings and recommendations, ensuring clear linkage between the review outcomes and the insurer’s strategic risk governance agenda.

OUTCOMES & BENEFITS

The Australian branch obtained clarity and confidence that its CPS 230 program was broadly on track and that major elements were well controlled.

The gap analysis enabled prioritisation of enhancements – particularly in relation to integrated risk reporting, incident reporting and investigation, and service provider monitoring program.

The executive gained improved assurance on the completeness of their CPS 230 compliance implementation program and a roadmap to full alignment with APRA obligations.

The insurer strengthened its operational risk governance, enabling resilient operations, improved regulatory readiness and increased stakeholder confidence.

The review transformed a solid implementation effort into a well-governed, strategically aligned CPS 230 program, providing the insurer assurance that it could operate with confidence in a demanding regulatory environment. InConsult’s independent review and actionable advice enabled the insurer to embed stronger operational risk management and momentum towards full regulatory alignment.

Would you like to know more about our insurance, CRO as a Service or risk management capabilities? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

A specialist underwriting agency with a growing portfolio of niche insurance products sought to transition from acting as an agent to becoming a fully authorised insurer in Australia. To do so, the organisation needed to meet the Australian Prudential Regulation Authority’s (APRA) stringent prudential and governance requirements and demonstrate robust frameworks for managing risk, capital, and reinsurance.

Applying for an APRA licence is a rigorous and detailed process that demands comprehensive documentation, evidence of sound governance, and an embedded risk culture across the organisation. The client required expert support to:

• Develop key frameworks and strategies required by APRA, including a Risk Management Strategy (RMS), Reinsurance Management Strategy (REMS), and Internal Capital Adequacy Assessment Process (ICAAP).
• Build executive and Board capability in risk and governance to demonstrate that the organisation could operate as a prudentially sound insurer.
• Align all policies, frameworks, and risk reporting practices with APRA’s Prudential Standards (CPS 220, GPS 110, GPS 230, etc.).
• Provide interim and ongoing Risk Officer support.

OUR APPROACH

InConsult was engaged to support the organisation through the end-to-end licensing process. Working closely with the Board, CEO, CFO and executive leadership team, we:

• Developed and documented the required APRA-compliant frameworks and strategies, ensuring consistency and alignment across risk, capital, and reinsurance management.
• Facilitated targeted training sessions for executives and senior managers to strengthen their understanding of APRA’s expectations, risk governance principles, and prudential reporting obligations.
• Reviewed and refined the risk governance framework, risk appetite, and escalation processes to ensure the organisation demonstrated strong accountability and prudent oversight.
• Translated legal compliance documents to practical meaningful practices.
• Supported the preparation of documentation and responses to APRA queries throughout the application process.

OUTCOMES & BENEFITS

With InConsult’s guidance, the organisation successfully obtained its APRA licence and is now operating as a regulated insurer in Australia. The engagement delivered:

• Comprehensive, APRA-compliant governance, risk, and capital management frameworks.
• Increased Board and executive confidence in risk oversight and regulatory engagement.
• A well-structured, sustainable approach to risk management, reinsurance management and capital management.
• Enhanced readiness to manage ongoing prudential obligations and future growth.

The insurer is now confidently underwriting insurance business under its own licence, supported by a mature and well-governed risk management framework. InConsult’s practical expertise and collaborative approach enabled the client to meet complex prudential requirements efficiently – turning regulatory compliance into a foundation for long-term success.

Would you like to know more about our insurance services, CRO as a Service or risk management capabilities ? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

A leading Australian professional services industry body (the “Client”) represents thousands of members in a leading profession. The Board and executive team were focused on maintaining high standards of governance, safeguarding the reputation of their members, and ensuring that risk oversight and reporting kept pace with evolving regulatory, operational and reputational pressures.

While the Client had developed a risk management framework that was robust in many respects, the Board and Audit & Risk Committee identified that risk reporting could be strengthened. In particular:

• Risks were inconsistently categorised across the organisation, making it difficult to compare strategic and operational risks.
• The risk rating and evaluation methodology lacked sufficient alignment with the Board’s expectations for escalation and oversight.
• Reporting to the Board was generally sound but could deliver more clarity on trends, emerging risks and the evolving risk landscape facing the industry body and its members.

OUR APPROACH

InConsult was engaged to conduct an independent review of the Client’s existing risk management framework, with a focus on risk categorisation, rating methodology and board reporting. The engagement comprised three core phases:

1. Framework Review & Benchmarking

We assessed the existing risk management framework against best-practice standards (AS ISO 31000:2018) and peer industry bodies. We evaluated how risks were identified, categorised, rated and escalated.

2. Risk Categorisation & Rating Workshops

We facilitated workshops with the Board, Executive Leadership Team and risk owners to refine how risks were grouped (e.g., strategic, operational, compliance, reputational), to standardise risk rating scales (likelihood-impact matrix) and to align evaluation protocols with the risk appetite statement approved by the Board.

3. Enhancing Board Reporting

Working with the Board, we redesigned the risk reporting template to provide greater clarity: showing trending movements, linkage between controls and residual risk, and clear escalation triggers for principal risks. We also developed guidance for management on using the revised categorisation and rating methodology.

OUTCOMES & IMPACT

As a result of this engagement:

• The Board now receives risk reports that are more consistent, transparent and aligned to the risk appetite and oversight expectations of the Committee.
• Risk categories and rating scales are standardised, enabling clearer comparisons across risk types and time periods, and better identification of emerging risks.
• Management’s ability to evaluate, escalate and monitor key risks is improved – leading to stronger oversight and more timely decision-making.
• The organisation’s risk-culture has strengthened – risk owners are now more confident in their categorisation, rating and reporting, reducing ambiguity and improving accountability.

By enhancing how risks are categorised, rated and reported, the industry body has improved its governance of risk and positioned itself to respond more proactively to both current and emerging challenges (such as regulatory change, member expectations and reputational issues). InConsult’s independent review and guidance helped turn a sound risk framework into a more effective mechanism for Board oversight and strategic risk governance.

Would you like to know more about our risk management and internal audit & assurance capabilities for not-for-profit? Book a risk framework review today and turn risk into a strategic advantage.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

Our client is an ASX listed Australian women’s fashion retailer with a strong national presence and growing international sales. The company operates several well-known brands across both retail and online channels. Following rapid growth and evolving market conditions, the Board sought to strengthen its risk management governance to ensure it could confidently manage uncertainty while continuing to innovate and expand.

Despite a sound governance structure, the company faced challenges common to fast-growing listed organisations in the retail sector:

• No formalised risk appetite statement to guide decision-making and balance opportunity versus risk.
• An inconsistent approach to risk identification and control ownership across divisions.
• Growing exposure to supply chain, cyber security, ESG, modern slavery and reputational risks.
• A need to better align the Board’s oversight and executive risk management practices.

The leadership team recognised that as the company expanded, it needed a more mature, integrated risk management framework to support strategic growth and protect brand reputation.

OUR APPROACH

InConsult was engaged to design and implement a comprehensive risk management framework and strategy, tailored to the company’s size, structure, and strategic ambitions.

Our engagement included four key components:

1. Board Engagement and Risk Appetite Development

We facilitated a series of workshops with the Board and Audit & Risk Committee to clarify risk philosophy, governance responsibilities, and desired risk-taking behaviours.

Through this process, the Board articulated a clear and practical Risk Appetite Statement, defining the acceptable level of risk across key areas such as financial performance, brand reputation, compliance, innovation, and sustainability.

2. Framework and Policy Design

We developed a Risk Management Framework, Policy, and Strategy that aligned with AS ISO 31000:2018 Risk management – Guidelines, the Australian Institute of Company Directors (AICD) guides and ASX Corporate Governance Principles.

The framework clarified governance roles, integrated risk management into strategic and operational planning, and established a clear link between strategy, performance, and risk oversight.

3. Executive and Manager Engagement

Through a series of risk management training and targeted risk workshops with executives and senior managers, we identified the company’s key strategic and operational risks, as well as emerging risks such as ESG reporting, ethical sourcing, and e-commerce cybersecurity.

These workshops fostered shared ownership of risk and strengthened cross-functional collaboration.

4. Capability Building and Implementation Support

We worked closely with management to embed risk management processes, templates, and reporting tools that promote consistent risk assessment, monitoring, and escalation practices.

OUTCOMES & BENEFITS

As a result of this engagement:

• The Board has greater visibility over strategic and emerging risks and a clear understanding of the organisation’s risk appetite and tolerance levels.
• The executive team now applies a consistent framework when assessing new initiatives, supply chain arrangements, and growth opportunities.
• The organisation’s culture has shifted from risk avoidance to risk-informed decision-making, empowering leaders to take calculated risks in pursuit of growth.
• Risk registers, reporting processes, and assurance activities are now aligned, improving efficiency and Board confidence.

InConsult’s approach has helped transform risk management from a compliance exercise into a strategic enabler, giving the organisation the confidence to grow, adapt, and lead in an ever-changing retail landscape.

Would you like to know more about our risk management, risk transformation and internal audit & assurance capabilities for ASX listed entities and high growth corporates? Contact us today.

This case study is drawn from a real-life engagement/project between InConsult and our client. While client details are not disclosed for commercial and confidentiality reasons, this case study is based on a real engagement and reflects genuine results and outcomes. Specific client references and project details can be shared with prospective clients during the proposal process.

THE CHALLENGE

In February 2012 Mr Grant Burley joined the board of Pacific Automotive Holdings (PAH), a franchisee of the highly successful Thrifty Car Rentals, bringing over 25 years of business and entrepreneurial experience. Grant quickly identified the need for change in PAH’s operational, financial and reporting processes.  The Board engaged InConsult to provide them and senior management with a range of risk management and assurance support to improve financial controls. 

THE SOLUTION

Working with staff, InConsult reviewed the existing financial risks, internal controls and vital business processes to help identify and prioritise a number of specific areas for quick and lasting improvement. InConsult began by reviewing the daily cash flow management framework and swiftly introduced improvements to cash flow preparation, monitoring and reporting processes which resulted in immediate improvements to cash flow management.

InConsult then drilled down to specific areas of the cash flow cycle such as revenue, expenses, debtors and creditors. Improved debtor management processes were introduced and strategies developed to prioritise and collect older debts. In addition, a range of KPI’s were developed to ensure effective monitoring and reporting of debtors.

Improved workflow and authorisation processes were introduced to creditors to improve invoice control, validation and approval.

Lease liabilities represented a major expense for the business. InConsult introduced a centralised record keeping system and a lease database to enable improved visibility of monthly lease payments and simplify tracking and reporting of future lease liabilities.

To ensure the new improved internal control systems could be maintained, InConsult reviewed Thrifty’s resourcing requirement and helped realign the finance departments structure to the organisations needs and provided key staff with mentoring and training.

THE RESULT

“The InConsult Team were integral in making lasting and significant improvements to Thrifty’s internal controls and business processes” – Grant Burley, Managing Director.

Thrifty has honoured InConsult’s contribution with an award for “service excellence” to recognise the hard work and professionalism InConsult showed in assisting Thrifty with its risk management and assurance needs.

Would you like to know more about our Internal Audit & Assurance services and capabilities? Contact us today.