Amstelveen Amstelveen

Audit and Assurance

With a deep understanding of the challenges organisations face, we bring extensive experience in delivering high quality internal audit services. Our team excels in supporting internal audit functions, offering both co-sourced and independent solutions tailored to client needs.

Who we are

We have a highly experienced team that helps organisations navigate risk with expert internal audit support.

Our team consists of senior practitioners who are directly involved in day-to-day service delivery, ensuring that clients receive the benefit of hands-on, expert guidance at every stage. Many of our practitioners have experience on Boards, and Risk and Audit Committees themselves.

Our team is comprised of experienced risk and assurance professionals, with qualifications including CA, CIA, ITIL, CISM, CRISC and PRINCE2, all bringing years of expertise in delivering internal audit and risk management services that drive value and support our clients’ strategic objectives.

Our service offering

We help organisations strengthen governance, manage risk, and drive continuous improvement through impactful internal audit services. We provide outsourced and co-sourced internal audit services to a wide range of private and public sector clients, including those in financial services, telecommunications, energy, education, regulation, law enforcement, aviation and professional services.

Program and Project Assurance

We deliver independent assurance across the
lifecycle of critical initiatives through set-up
reviews, health checks, deep dives, and post
implementation assessments. We support internal
audit to identify risks early, improve execution,
and enhance delivery confidence.

Third Party Risk Management

We assess third-party governance, conduct risk
reviews of key relationships and support supply
chain resilience to help organisations manage
external risk with confidence.

Business Continuity and Crisis Management

We provide assurance over BCM frameworks,
including continuity planning, crisis
communication and technology resilience, to
ensure your organisation is prepared for
disruption.

Environmental, Social and Governance

We evaluate ESG frameworks, regulatory
compliance and reporting practices to help
organisations navigate evolving standards and
meet stakeholder expectations.

Technology and Cyber Risk

We conduct assurance reviews to identify
vulnerabilities and ensure IT systems are secure
and compliant. Our work covers privacy,
information security, vulnerability management,
and cloud services, helping organisations enhance
cyber resilience and meet evolving regulatory
requirements.

Data Governance and Management

We review data governance frameworks,
migration processes, and analytics capabilities.
We also use data analytics to enhance controls
testing and automate assurance activities.

Financial and Operational Risk

We evaluate internal controls over financial
reporting, assess operational risks across people,
processes, and systems to ensure strong
governance and effective risk management.

Risk Culture and Conduct

We assess risk culture and conduct through both
quantitative indicators and qualitative insights,
helping organisations understand behavioural
drivers and strengthen risk-aware decision
making.

How we deliver

At Amstelveen, we leverage a collaborative, risk-led internal audit methodology to deliver impactful results.

We develop and execute internal audit services that provide valuable insights through expert assessments, stakeholder management, and clear, actionable reporting.

We support the development of risk-based internal audit plans, ensuring alignment with industry best practices, such as the Institute of Internal Auditors (IIA) Global Internal Audit Standards (GIAS).

FEATURED STORY

Areas for Internal Audit Focus in 2025

These emerging risks areas across technology, regulatory change and operational risk should be considered for their applicability to Internal Audit priorities in 2025.

Read more
Our Experience

Our Experience

Major Australian Insurer

Co-sourced Internal Audit Technology and Projects

Amstelveen has been supplementing technology and project assurance services for the Internal Audit department of a major Australian insurer for the past 8 years. Through this co-sourced arrangement, we have planned and executed multiple program and technology assurance reviews across the client’s complex technology and project landscape. This has included reviews across the client’s major core insurance platform consolidation and simplification program, data migrations and actuarial data processes, and the client’s broader technology application and infrastructure environment. We have also conducted reviews of enterprise-wide program governance and portfolio management processes. This has included reviews within the client’s EPMO in Australia and New Zealand. These reviews have often been resourced with combined teams to optimise review outcomes and knowledge transfer.

Read more Show less

Medical Indemnity Provider

Technology, Cyber, and Compliance Controls Audits​

Amstelveen was engaged to support Internal Audit through the execution of various technology risk, cyber security and compliance (e.g. CPS 234) reviews. Among these included a Cyber Resilience audit which involved a deep dive assessment of business continuity and IT service continuity practices. Amstelveen was then subsequently engaged to assist the Information Security team with uplifting identified capabilities and gaps, including implementing an information Security Management System and reporting solution.​

Read more Show less

Energy Infrastructure Provider

Internal Audit Support

Amstelveen was engaged to support the Internal Audit function in delivering its FY25 Internal Audit Plan. Our team supported the execution of multiple internal audits focused on key operational risk areas, including fleet management, contractor safety, and procure-to-pay (P2P) processes. This included leading key activities such as scoping, planning, fieldwork, and reporting, in close consultation with the Head of Internal Audit, and in alignment with IIA Standards. These audits have provided assurance over internal controls and supported process and system improvements across safety, procurement, and asset operations. Our recommendations have contributed to improved compliance, enhanced data and monitoring capabilities, and stronger business cases for future system upgrades.

Read more Show less

Major Australian Life Insurer

Co-sourced Internal Audits

Amstelveen has supported the Internal Audit team over a number of years in the execution of technology, operational and project-related internal audit reviews. These have included reviews of core technology management processes and point-in-time assessments of strategically critical programs. This includes audits of CMDB processes and data accuracy, the implementation of Oracle EPM, integration of the insurance services business and associated mainframe applications, and oversight of key vendors. More recently, our work has involved audits of investment operations and ESG governance. Amstelveen continues to support the client in a capability augmentation capacity.

Read more Show less

State Government Agency

IT Disaster Recovery Internal Audit

Amstelveen was engaged by the Department to perform an audit of the IT Directorate's Disaster Recovery (DR) capabilities and practices, including the facilitation of process walkthroughs, performance of document reviews, as well as the drafting, validation and reporting of internal audit issues. Our review assessed key components of IT DR, including technical recovery processes, business recovery objectives, stakeholder communication and the coordination of DR activities with third party service providers.

Read more Show less

We help organisations strengthen governance and manage risk with confidence

Get in touch for any questions, or if you’d like to discuss working together

Talk to us today