Governance, Risk and Compliance

Our governance, compliance and risk advisory services include:

  • Establishment of internal audit function
  • Internal audit outsourcing & co-sourcing
  • Enterprise risk management
  • Sarbanes-Oxley S.404 review
  • Corporate governance review
  • Quality assurance review
  • Pre-IPO internal control framework review
  • Pre-IPO due diligence review
  • Sustainability reporting
  • Standard operating procedures review and write up
  • Compliance review
  • With the ever-changing landscape of threats, organisations are faced with mounting challenges and risks as a result of increased market competition, continuous technological advancement and changes to the regulatory environment.

All these factors affect business survival and success, and at the same time make risk management and the maintenance of good corporate governance more complicated and important. Thus, effective corporate governance structures encourage companies to create value and provide accountability and control systems which commensurate with the risks involved. 

RSM’s governance, risk and compliance (GRC) services help clients tackle the broad issues of corporate governance, focusing on areas of increased risk, addressing the entire spectrum of emerging risk, and effective compliance framework. 

Our risk management specialists provide consulting services that are relevant and focused on our client’s specific requirements, and customised based on clients’ needs and business nature.


Risk advisory

The world is constantly changing, and organisations are having to adapt to respond to new risks and take advantage of new opportunities. Many organisations now accept that by successfully balancing risk and control, they can significantly enhance the value they deliver to stakeholders. 

Internal audits; risk management solutions and advice; corporate governance; and IT audits are of particular interest to international and local active companies. These services can give assurance on underlying issues that will help preserve not just assets, but also a company’s reputation and future success.

Our approach involves working proactively with the Audit Committee and Management to ensure their expectations and concerns are addressed in achieving their key strategic and operational objectives. 

Our professionals have a wide and varied range of industry experience and we work closely with our clients to ensure that their expectations and concerns are addressed. We believe that our work should be designed to add value and offer the potential to improve our clients’ operational efficiency and effectiveness while maintaining a cost-effective internal control system.

Through the risk management services we provide, we help our clients identify and minimise their risks. This is done while simultaneously achieving strategic goals by improving business processes and operational efficiencies and enhancing corporate governance.


Internal audit

We seek to assist the Audit Committee in discharging their oversight function by providing them with independent, objective and reasonable assurance on the adequacy and integrity of the organisation’s internal control systems.

In carrying out the activity, we adopt a risk-based approach which allows us to prioritise our audit on functions or processes that are of the highest concerns and significant impact to the company in the event of control failures.

Core to these risk-based advisory solutions is an understanding of the risk profile of organisations and assessing where internal audit work can add most value:

  • enhancing your management effectiveness by identifying improvement opportunities and turning them into business advantages; and 
  • raising corporate governance standards by improving on current practices. 

Our internal audit and risk management services include: 

  • Process improvements and control enhancements 
  • Internal audit outsourcing and co-sourcing 
  • Special operational review
  • Establishment of internal audit function
  • Control self-assessment

Enterprise Risk Management: facilitation of risk management framework

At RSM, we believe that unless the board and management fully understand the level of risk that the organisation is willing and able to take in pursuit of value creation, it will be difficult for the board to effectively fulfil its risk oversight role.

RSM’s methodology for risk management is based on the Risk Management Standards (ISO 31000) and is adapted to meet the specific needs of the client. This is implemented in five stages:

1.    Risk framework development

2.    Risk assessment and prioritisation

3.    Identification and effectiveness of existing controls

4.    Risk treatment and strategies

5.    Risk validation and monitoring

Our risk services include:

  • Formulation of risk policies
  • Establishment of ERM function
  • Risk reporting framework 
  • Risk workshop and awareness session


Risk management and internal controls system review

Pre-initial public offering 

Bursa Listing Requirements determines that prior to being a listed issuer, an Applicant must have adequate risk management and internal controls system before being admitted to the Official List. A Sponsor must be satisfied that the Applicant has met the above requirements for compliance with applicable laws and regulations. 

Our scope of work will involve an assessment of Applicant’s overall risk management and internal controls system. This includes a review on key accounting and management 
In relation to this, we will also examine the adequacy of controls and their associated resources which include policies and procedures, control environment, organisational structure, communication and information system and its monitoring activities. 

PN17 issuer and GN3 company

A PN17 Issuer and GN3 Company must review its risk management and internal control system and submit to the Bursa the results of such review, together with its action plans to address the weaknesses identified. Our scope of work includes an assessment of the affected issuer’s overall risk management and internal controls system.

Sarbanes Oxley review  

Under the requirements of the Sarbanes Oxley Act, management must review, test and document internal controls over financial reporting and in a very legal sense, accept full responsibility for the internal control structure of the company. We offer services aimed at assisting companies in meeting their compliance requirements. This includes documentation, assessment and testing of internal controls, as well as information technology processes.

Internal audit quality assessment review (QAR)

The International Standards for Professional Practice of Internal Auditing (SPPIA) stipulate that the chief audit executive of the organisation should develop and maintain a quality assurance and improvement program to continuously monitor the internal audit’s effectiveness.

In addition, the SPPIA also recommends that an external quality assessment review should be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organisation.


Mr Joe Lee 
Managing Director
E: [email protected]

How can we help you?

Contact us  +6 (03) 2610-2888  or submit your questions, comments, or proposal requests.

Contact us