Internal Audit & Risk Assurance
Independent, risk-based internal audit that finds the real issues — and gives the board the report it actually wants to read.
Internal audit, done well, is the highest-leverage governance investment a privately held business can make. It uncovers the operational and financial risks that management is too close to see, and it gives the board independent confidence that controls are working.
Internal audit, done well, is the highest-leverage governance investment a privately held business can make. It uncovers the operational and financial risks that management is too close to see, and it gives the board independent confidence that controls are working.
Done badly, it's a 200-page report nobody reads. Axcell's internal audit practice is built around the IIA standards, risk-based methodology, and an unusual commitment: every finding comes with a remediation plan management can actually execute — not a 'best-practice recommendation' that gets filed and forgotten.
- Risk-based annual audit plan (built from a documented risk universe)
- Operational audits — revenue cycle, purchase-to-pay, payroll, inventory, treasury
- IT general controls and application controls (ITGC, IT-dependent controls)
- Internal controls over financial reporting (ICOFR) design and testing
- Fraud risk assessment, whistleblower investigations, forensic procedures
- Compliance audits: ZATCA, PDPL, FTA corporate tax, ETA, sector-specific (financial services, healthcare, education)
- Sharia governance reviews for Islamic-financed entities
- Co-sourced or fully outsourced internal audit function for SMEs without in-house audit capacity
Companies where the board (or majority shareholders) want independent assurance that controls are working — most commonly Saudi family groups, Gulf holdings, Egyptian private equity portfolio companies.
Businesses preparing for IPO, debt issuance, or institutional investor onboarding — internal audit is no longer optional.
Companies that experienced a control breakdown, fraud incident, or audit qualification and need an independent diagnostic + remediation.
Companies in regulated sectors (financial services, healthcare, education) where internal audit is mandatory by regulator.
- Risk universe development (workshop with management + board)
- Annual audit plan approved by audit committee or owner
- Individual audit engagements (typically 6–12 per year)
- Quarterly audit committee or board reporting
- Follow-up on prior-year findings
- Annual internal audit function self-assessment against IIA standards
IIA-compliant methodology: independence, due professional care, evidence-based findings, formal reporting.
Lead auditor with CIA / CISA / ACCA / CPA credentials and minimum 12 years of operating experience.
Reports written for the audience: a 1-page executive summary for the board, a detailed annex for management, an action tracker for the owners.
Every finding is rated for severity (Critical / High / Medium / Low), tied to a specific control, and matched to a remediation owner and deadline.
Annual program pricing based on number of engagements, scope, and entity complexity.
Indicative: full annual program SAR 120,000–450,000 / AED 110,000–400,000 / EGP 550,000–2,200,000.
Project-based audits (single area, e.g., revenue cycle audit only) priced from SAR 35,000 / AED 32,000 / EGP 160,000.
Quarterly retainer model also available for ongoing oversight without a full annual program.
- A documented risk universe and audit plan the board can sign off on
- Specific control gaps identified and closed — not generic recommendations
- Quantified exposure: every finding sized in SAR / AED / EGP impact
- Audit-ready posture for IPO, debt issuance, or institutional investor due diligence
- Lower probability of fraud, regulatory penalty, or financial misstatement
Book a free 45-minute internal audit assessment
We'll review your current control environment and outline a right-sized program.
Ask the Axcell assistant
Ask anything about scope, pricing, or whether we're the right fit. It takes seconds, and Hazem reads every productive conversation.
Is Axcell the right fit?
30-minute conversation. No commitment. We tell you honestly whether we're the right fit.