Internal controls fail in the same place every time: they exist in the manual but not in the workflow. We design control systems that are embedded in the way the business runs day to day, which is the only condition under which an auditor will recognise them and a board will trust them.
When clients come to us
After an audit finding has surfaced a control gap that operations did not know existed. When a group is acquiring a business and needs to bring it onto a single control framework. When a CFO is preparing for a debt or equity transaction and needs the controls to survive due diligence. Often when growth has outpaced the original control design.
How we work
A senior advisor walks the actual processes — purchase to pay, order to cash, treasury, payroll — alongside the stated controls. Where the two diverge, we redesign the control to match the workflow rather than the other way round. The output is a control framework written in the language of the people executing it, with documented testing and a review rhythm.
What we deliver
- Risk and control matrix mapped to processes
- Control redesign for priority cycles
- Authority and segregation-of-duties review
- Control testing protocol and evidence pack
- Internal audit programme and calendar
- Board and audit committee reporting template
Typical engagement
A controls engagement runs eight to sixteen weeks. On our side, a senior advisor leads with a controls specialist. On the client side, the CFO and head of internal audit are the principal counterparts, with operating leaders involved at process walkthroughs. The audit committee is briefed at completion.
Why CGLA
We design controls that work in the operating rhythm, not controls that sit in a binder. The senior advisor on the engagement has worked inside finance functions, not only audited them, which means the framework holds when the team is busy. We are independent of the firm's external auditor.
