Internal audit as a lever for better governance and risk control 

Am I aware of the risks I take and the risks I’m willing to take? This question is more relevant than ever for organisations operating in today’s volatile, uncertain, complex, and ambiguous (VUCA) environment. With rising regulatory demands (ESG, DORA, CSRD, AI Act) and greater stakeholder scrutiny, you need more than good intentions: independent, risk-based insights that help you make better decisions, stay compliant, and safeguard your reputation.

We see internal audit as a critical partner to the business and the board. 

How do we help you?

Our internal audit services provide assurance, insights, and foresight to help your organisation create long-term value. Whether you need a fully outsourced function or targeted support, we work alongside you with a people-first approach and an understanding of your specific risks and goals. Our specialists on ESG, CSRD, cybersecurity, governance, and technology can support you. 

What do we offer? 

  • Full outsourcing of your internal audit function 
  • Co-sourcing arrangements with your existing internal audit team 
  • Interim head of internal audit services 
  • Technology and cybersecurity assurance 
  • Board effectiveness and governance reviews 
  • ESG, DORA, and regulatory thematic audits 
  • Culture and behaviour risk assessments 
  • Project quality assurance for major initiatives 
  • Internal audit training and knowledge transfer 
  • Data analytics to enhance audit insights 
  • Loan staff to strengthen your IA team temporarily 

What’s in it for you?

Working with us means gaining an internal audit partner who understands your business and the regulatory landscape you operate in. You gain access to practical insights, benchmarked best practices, and the expertise to future-proof your internal controls and risk management. This ultimately enables better strategic decisions, builds trust with stakeholders, and contributes to your organisation’s resilience and success. 

Benefits 

  • Independent, objective insights aligned with global IIA standards 
  • Access to specialists in ESG, CSRD, risk, and control 
  • Scalable support tailored to your audit needs 
  • Practical knowledge transfer to your internal team 
  • Improved decision-making, governance, and risk awareness 
  • Continuity and quality in audit delivery 

Do you have a question?

Contact our specialists for more information about our services. 

Our experts

Ralu Nistor-Lustermans
Ralu Nistor-Lustermans
Internal Audit Services Director
Amsterdam
View full profile

    Why choose for Grant Thornton?

    Grant Thornton Netherlands is a member of Grant Thornton International Ltd (GTIL), one of the world's largest networks (#7) of independent accounting and advisory firms, with 76,000 professionals in 156 markets. From eight Dutch offices, more than 700 professionals support our clients with advice and guidance in the fields of accountancy, tax, and (financial) advisory. We deliver world-class expertise in a way that seamlessly aligns with each client's unique situation. We operate from a solid foundation with a flexible and results-driven mindset.

    Duurzaamheid in het mkb

    Frequently asked questions

    Outsourcing your internal audit gives you access to a fully functioning audit department without the complexity of managing one internally. You benefit from a proven methodology, experienced professionals, and industry-specific insights that ensure high audit quality and relevant findings. Our team reports directly to your board or audit committee, offering impartial assessments that support effective decision-making. This allows your management to focus on day-to-day priorities, while we bring a strategic view on risk, control, and governance.

    Co-sourcing means we support your existing internal audit team with additional expertise—where and when you need it. For example, if your team lacks specific knowledge on ESG, cybersecurity or data analytics, we bring in subject matter experts to work alongside you on thematic audits. We follow your internal audit methodology and integrate seamlessly with your team. This approach strengthens your team’s capabilities while allowing for knowledge transfer and flexibility, especially in periods of high demand or change. 

    Yes, internal audit plays a key role in assessing how well your organisation is prepared for—and compliant with—new and evolving regulations. For CSRD and DORA, for example, we can conduct thematic audits to evaluate whether your reporting processes, risk controls and governance structures are robust and aligned with regulatory expectations. This independent review not only supports compliance but also provides strategic insights that help you anticipate risks and adapt in a fast-changing regulatory environment.

    Related insights

    More insights
    The GDPR and the AI Act
    Risk services The GDPR and the AI Act: the upcoming challenge of financial institutions
    February 2025 marks the beginning of the regulatory shift towards the implementation of the EU Artificial Intelligence Act, or the so-called AI Act. By August 2026, the full act will enter into force. The stake is high for financial institutions – 7 out of 8 categories of high-risk AI systems identified by the AI Act involve the processing of personal data. In other words, in more than 87% of the cases involving a high-risk AI system, compliance with GDPR would be necessary. Financial institutions, by regularly dealing with personal and sensitive client data, must take the first steps
    Ralu Nistor-Lustermans
    Ralu Nistor-Lustermans
    | 5 min read | 25 Jun 2025
    AI Readiness
    Risk services AI readiness for financial institutions
    By 2 August 2027, every financial institution in Europe will have to comply with one of the most significant and wide-reaching AI regulations to date, becoming accountable not only for what their AI does but also for how it was built. Moreover, most of the requirements of the AI Act will already become applicable by 2 August 2026
    Ralu Nistor-Lustermans
    Ralu Nistor-Lustermans
    | 7 min read | 19 Jun 2025
    DNB Internal Audit function
    Internal Audit What newly DNB licensed payment institutions need to know about the Internal Audit function?
    In line with the Dutch National Bank (DNB) licensing requirements, your payment institution is required to have an internal audit function in place. A strong internal audit (IA) function is crucial to creating a structure for risk management, supporting compliance activities, and providing opportunities to improve business performance.
    Ralu Nistor-Lustermans
    Ralu Nistor-Lustermans
    | 5 min read | 07 Apr 2025
      More insights