Practice Area

Governance, Risk
& Compliance

Internal audit, enterprise risk management, compliance frameworks, and board-level GRC advisory — helping organisations strengthen controls and meet their governance obligations.

Overview

Our GRC Practice

PSCA & Co.'s GRC practice covers internal audit, enterprise risk management, compliance reviews, and board-level governance advisory. Engagements are structured around the organisation's risk universe and reported to the audit committee.

Internal audit engagements are risk-based and conducted in accordance with IIA Standards and SA 610. IFC (Internal Financial Controls) testing is undertaken as required under Section 143(3)(i) of the Companies Act 2013, with management letter observations issued at the conclusion of each engagement.

For companies subject to SEBI regulations, the firm's engagements cover corporate governance reports, related party transaction frameworks, and audit committee charters.

Internal Audit FrameworkRisk-based · IIA Standards · SA 610 · Audit committee reporting
IFC TestingSec. 143(3)(i) Companies Act 2013 · Design and operating effectiveness
Regulatory ComplianceSEBI LODR · Companies Act 2013 · RBI · FEMA · PMLA
ClientsListed companies · Banks · NBFCs · Trusts · Manufacturing · Real estate
What We Do

Scope of Services

Risk-Based Internal Audit

Annual internal audit plans built around the entity's risk register — covering financial, operational, compliance, and IT risks with prioritised scope and reporting frequency.

IFC Testing

Design adequacy and operating effectiveness testing of Internal Financial Controls as required under the Companies Act 2013 — with gap identification and remediation tracking.

Enterprise Risk Management

Risk register development, heat maps, risk appetite frameworks, and periodic review processes — aligned with COSO ERM or ISO 31000 as appropriate.

Compliance Reviews

Periodic compliance review of statutory obligations — Companies Act, SEBI LODR, FEMA, labour laws, and sector-specific regulations — with compliance dashboards and board reporting.

PMLA / AML Advisory

PMLA compliance programme design, KYC/AML policy review, suspicious transaction reporting frameworks, and audit of reporting entities' AML controls.

Board & Audit Committee Support

Audit committee charter drafting, agenda support, audit committee reporting templates, and governance framework reviews for listed and unlisted companies.

How We Work

Our GRC Approach

Risk Universe Mapping

Map the entity's full risk universe through management discussions, process walkthroughs, and review of industry risk frameworks relevant to the sector.

Audit Plan & Scope

Agree a risk-ranked annual audit plan with management and the audit committee — defining scope, timelines, resource allocation, and reporting protocols.

Field Work & Testing

Structured field work with documented testing, exception identification, and management response — conducted with minimal operational disruption.

Reporting & Follow-up

Audit reports structured by risk rating with clear observations, root cause, and actionable recommendations — tracked to closure in subsequent reviews.

Get in Touch

Contact the firm for further information

Contact UsMeet the Partners

Other Practice Areas

Assurance Taxation Transaction Advisory Debt Syndication & Fund Raising IPO & Capital Markets Advisory KPO, Virtual CFO Services & Outsourcing Corporate Law