Kai Paalberg

Head of Business Risk Services

Article Internal auditor: in-house or service provider? Read more

All owners and management are interested in the success of their company, and they want to ensure that its activities and results are controlled and its systems function seamlessly.

The business risk services support the achievement of these goals. Our business risk services are designed for private entrepreneurs and for government authorities, the institutions under their governance, municipalities, foundations and citizen's associations. 

We provide the following services:

  • Internal audit and internal control – performance of the functions of internal auditor in public agencies and business entities, evaluation of the efficiency of the internal control system and advice for the formulation of internal control procedures.

  • Risk assessment mapping of business processes and risk assessments.

  • Custom tasks – audits, inspections and analyzes with a specific purpose and scope.

  • Prevention of money laundering – audit and advice to meet the compliance and effectiveness of the rules of procedure for management of risks relating to money laundering and terrorist financing

Send us your inquiry

Efficient approach to internal audit

„Initially, we created the internal audit function only to mitigate regulatory risks and comply with legal requirements, but now we have also taken into account the business risks identified in cooperation with Grant Thornton Baltic to ensure better performance of the company.“


Rasmus Õisma, Member of the Management Board of Montonio Finance OÜ

Internal audit and internal control

An internal auditor assesses the functioning of the internal control system. An efficient system of internal control provides assurances to the management that the organisation will achieve its objectives, it follows applicable legal acts and regulations and that financial statements have been prepared properly.

We provide an internal audit service in accordance with the standards of the Institute of Internal Auditors (IIA) and other relevant regulations and legal acts. In the evaluation of an internal control system, we proceed from the internal control concept of COSO. In the evaluation of the control environment in public agencies, we adhere to the international standards of internal control as set by INTOSAI.

  • We perform the function of internal audit either in full or in part: we assess risks, prepare the strategy and annual plan of internal audits; we perform compliance, performance and system audits; we prepare a report to highlight our observations, recommendations and identified risks; and we present these to the management of the organisation.
  • In public agencies, we provide assessments to annual reports and the legitimacy of transactions.
  • We advice in the issues of internal audit and internal control system
  • We consult internal auditors about the setting up of an internal audit function. We provide advice to our customers in connection with preparing the strategy and annual plan of internal audits, planning, conducting and documenting the audit and formulating the audit report.
  • We provide advice to the management of organisations for setting up an efficient internal control system, which covers the control environment of the organisation, risk management, control activities, information and communication systems and monitoring.
  • We also give advice to our customers for the formulation of internal procedures.

Risk assessment

We coordinate the assessment of risks: we conduct a training session on the methodology of risk assessment and set up risk assessment teams in cooperation with the management of the organisation.

We identify risks based both on the structure and operations from three angles: the probability of exposure, the importance of risks and the existence of internal control measures. As a result of the engagement, we present both a report and the risks categorised according to their levels and their hedging options. 

Custom tasks

At the request of the customer, we perform audits, inspections and analyzes with a specific purpose and scope. As custom tasks we perform, for example:

  • Prevention of corruption and conflicts of interest
  • Verification of the legality or regularity of the transaction
  • Internal control service

People are the key

"Thank you for the pleasant cooperation. I can say again that successful cooperation depends a lot on people, their attitude and professionalism. The audit of the EU supported project (as well as the previous project audit) went very smoothly for us and the communication with Kai Paalberg and her team was really pleasant!

We're hoping to use your services again in the future."

Kallo Keelmann
Project manager for EU projects, Port of Tallinn