External audit (compliant and high quality financial audits)


Value propositions for external financial audit firms

External financial audit Partners & Directors

Your questions & needs

  • You face quality issues in your financial audits.
  • You are short of qualified/certified experienced staff to perform audits.
  • Your staff is leaving due to work pressure or bored given too much focus on non-adding compliance related standard work. How to improve the job-satisfaction of your staff and increase retention?
  • You don’t have enough resources to meet peak periods (final).
  • You have/anticipate issues with your regulator (AFM/The Netherlands).
  • You need to implement/improve your quality & risk system (ISQM).
  • You need to implement technology for ISQM.
  • You are in need of people to meet your WTTF, AML, corporate policy, and audit file requirements, and other quality/compliance requirements.
  • How to make your audits effective and efficient with data-analytics?
  • You need to select/implement/optimise your audit management system.
  • Your clients expect you to deliver added services, such as IT-audits, security assessments, fraude reviews, or other financial, risk or IT related advisory services.
  • You anticipate a huge need of ESG capabilities.
  • You need SAP expertise to understand the audit risks, audit SAP authorisations, security & controls.
  • How to drive a quality/compliance imporvement program, including benefit tracking, project management, quality assurance, and training.

Technology, specialist consulting & managed services

Our propositions

Our propositions focus on strategy, structure, processes, people, and technology to optimise our client’s business & finance controls.

Strategy and structure. Our strategic consulting include workshops and coaching sessions to help you define what you need to do to become compliant, improve audit quality & risk management, reduce costs, improve job satisfaction, and become more relevant to you clients. This results in a concrete business case and improvement program.

You can choose to co-source your ‘repetitive’ ISQM compliance activities, in combination with flexible Dutch and English-speaking audit expert to support you during your ‘busy season’. This can be realised out of our service centers, or in a hybrid arrangement that can help to improve resource availability, job satisfaction, resource flexibility, and reduce costs by up to 30%. We provide flexibility to up- and downscale as needed. We can be your advisory firm if your clients need support in specific areas you don’t have available.

Operational processes. Our hands-on consulting propositions help you meet your ISQM requirements and improve you audit quality via data-analytics. We have high-quality auditors in specialist areas, and topics such as ESG, SOx controls, ITGC’s, (SAP) application authorisations and controls. We also offer controls effectiveness audits on any controls area or topic.

Our people & change propositions include training on ISQM, audit management system (AMS), ITGC and IT-control. We provide ISQM best practices, frameworks, and content, which are often readily available in our technology. We assess, improve or manage all your change programs.

We use or implement technology to perform audits (SAP-authorisations, application controls, process mining and data-analytics). We select and implement technology to improve your audit quality and risk management (ISQM and AMS) and bring it up-to-standard.  All technology implementations are done in an agile way, in-time, and for fixed-prices. 


Our solutions for external auditors

ISQM and Audit Management Software

Our best practice AMS and ISQM software helps you to realise effective (high quality) and efficient audits, of high quality, meeting (external) compliance requirements and provide transparency, accountability and trust. Our services include:

  • ISQM and AMS software selection and implementation,
  • optimisation of usage of technology,
  • software integration with client systems to pre-accumulate audit files (API-connectivity).

Read more.

External audit advisory services

We provide 2 types of advisory services for external audits:

  • implement and improve strategies and hands-on realisation of ISQM and AMS processes.
  • provide with technology supported advisory services to audit firm clients in the areas of controls improvement, risk management, GRC, ESG, compliance and (internal) audit.

Read more.

ISQM managed services

For audit firms who aim to outsource their more repetitive compliance activities, we provide remote managed services with local representation (feet-on-the-ground):

  • from Suriname for transaction & reporting oriented repetitive audit compliance work,
  • from South Africa for (SAP) security, IAM, active directory and authorisations,
  • with global and local (your region) specialists for specific regulations or topics.

Read more.

Flexible pool with audit specialists

We have a (global) pool (community) of  auditors to support external audit firms in their audit execution. Our auditors are specialised in:

  • Financial auditing (assurance).
  • ITGC, IT-controls and security.
  • ESG-auditing.

Read more.

Process mining & data-analytics

We support external audit firms in the usage of data-analytics and process mining software to analyse client processes and transactions.

We do this as part of audit support or separte advisory engagements.

Read more.

Your value

Happy staff

  • We focus on your repetitive work,
  • Provide staff availability and flexibility (up- and downgrading).
  • Resulting in increased job satisfaction for your staff.
  • High staff retention.
  • Focused knowledge transfer.

Increase effectiveness

  • Technology forces effective and efficient process execution.
  • Experience experts for strategic and operational (hands-on) advise.
  • Effectiveness, efficiency and quality improvement is included in our managed services.

Reliability & trust

  • We meet your objectives and requirements.
  • Our repository of automated controls and application security provides reliability.
  • Reliability and continuous insight for all stakeholders creates transparency and trust.

Cost efficient savings

  • Efficient process execution with technology and well-educated staff.
  • One-time-right quality consulting (less hours, higher value) at competitive prices.
  • Managed services reduce 30% costs (compared to European standards).

High Quality

  • With our technology resulting in high quality process execution.
  • Best in class consulting including content (frameworks).
  • Embedding new way-of-working (make it stick).
  • High quality managed services seamlessly integrated in your process.

Added value

  • We make you best-in-class for you to add value.
  • Full project support.
  • Building your capabilities to continuously improvement.
  • Quality assurance over the transition is included in our managed services.

Client experiences

Let us be your key to successful audits with our ISQM managed services, experienced audit specialist and best-practice technologies

No more stress and incomplete audit files. Improve your external audit Quality and become fully compliant with our ISQM software solutions and Audit Management Systems

We offer repetitive audit activities to comply with ISQM out of our service center in Suriname with feet on the ground in your region

A flexible pool of (external) audit specialist to realise staff availability and flexibility

Process mining and data-analytics to make your audits effective and efficient

Technology solutions


TeamMate Audit Management Software

External audit support solutions



CERRIX is the best value for money full GRC suite from The Netherlands. Strong at financial institutes because of embedded form functionalities to realise KYC/CDD compliance. Best in class to design business process, linked risk & controls, and action tracking. ISQM functionalities are built in to support external auditors to implement their quality system and thus become compliant.

Audit Management

World’s leading (internall) audit and assurance expert solution with over 25 years dedication to auditors. Is used by banks for 2’nd line compliance monitoring departments with a similar methodology as internal audit. TeamMate has more than 3,000 customers in over 150 countries. Among their customers are 30% of Fortune 1000, 40% of Fortune 100, the top 5 Global Audit Firms, and more than 1,000 Public Sector Agencies.

Data Analytics

Qlik is a business intelligence and data analytics platform to extract insights and make data-driven decisions. It provides data integration, visualization, and analysis, including a user-friendly interface to create interactive dashboards, reports, and charts. Qlik’s patented associative engine technology enables users to explore data in a flexible and intuitive way, allowing for deeper insights and faster decision-making.

SAP GRC solution

Soterion has built a business-centric agile GRC solution on top of SAP that enhances accountability of SAP related risk & compliance. The solution has extensive functionalities to analyse user rights, improve compliance and stay compliant. Soterion is quick to install, easy to learn, S/4HANA ready and boasts an award-winning user experience; both on premise, in the cloud or as a managed service.

Process Mining

Software AG’s process mining capabilities help external auditors identify inefficiencies non-compliance, and areas for improvement in business processes. The platform offers real-time data analytics and visualization tools to track process execution, identify bottlenecks and deviations, and provide data-driven recommendations for optimization. 

External audit advisory services


  • Your capabilities to prevent, detect, and respond.
  • Compliance function maturity scans.
  • Your process to independently do internal investigations.
  • Compliance risk assessment methodology.
  • Compliance technology assessments (regtech, GRC software, and tooling related to sanctions & embargoes, TPDD, GEH, S&D).
  • Strategic compliance capabilities assessments, including management of the function, ‘tone-at-the-top’, commitment, capabilities, vision, strategy, continuous improvement.
  • Effectiveness of governance (positioning, alignment with other lines-of-defense, and reporting lines).
  • Operational compliance capability assessments, including policies, risk and control treatment, methodology, plans, handbook, dashboards, and reporting obligations.
  • IT compliance, including ERM (SAP) authorisations and security.
  • Content and frameworks reviews.
  • (Financial sector) compliance monitoring (2.5 line of defense).
  • Compliance staff quality and requirement assessments.


  • Provide ad-interim Compliance Officers.
  • Specialist consulting on topics and regulations (eg, export controls, trading compliance, integrity & soft controls).
  • Board Audit Committee and Supervisory Board consulting.
  • Risk & compliance (awareness) training & ongoing counselling.
  • Executing compliance testing and independent investigations.
  • Strategic improvement program using maturity modelling and our vision towards the compliance function of the future where the focus changes from testing to continuous insight providing trust to boards, stakeholders, and society.
  • Value improvement, and (integrated) governance.
  • Technology selection & implementation and usage improvement.
  • Operational process improvement, code of conduct, risk treatments, policy compliance check, systematic case tracking, sanctions and disciplinary measures, self-disclosure / reporting obligations.
  • Compliance framework and content provision.
  • SAP authorisations & security compliance.
  • Continuous transaction monitoring.


  • We support to make all improvements stick by guiding your staff through all changes and periodically monitor the execution of your new way-of-working.
  • Embed learned skills and realise a culture of continuous improvement.

For those clients who don’t have the right capabilities, or just want to outsource their compliance function, we provide managed compliance services. This includes embedding the new way-of-working over your organisation and BR1GHT.

ISQM managed services

For those clients who don’t have the right capabilities, not enough staff members, want to make fast quality improvement step or just have the strategy to outsource, we provide managed compliance services out of:

  • Suriname. Both ‘high value’ consulting plus repetitive compliance activities with a focus on energy trading, financial institutions and external auditors (ISQM). Our services include controls effectiveness testing, pre-accumulating compliance files, compliance testing, transaction & reporting oriented work, project management office activities, and so on. Read more for details related to banking compliance.
  • South Africa. IT-compliance, including (SAP) authorisations, application security, automated controls testing and identify & access management. We also run specific data-analytics or process mining programs. All our teams are skilled in the latest technology.
  • We provide both co-sourcing and full outsourcing. The biggest difference is that with co-sourcing our teams work fully under our client’s management supervision, in their IT-environment, and in their risk & quality management systems. With full-outsourcing, all risk & quality requirements are clear and written down in a service level agreement and we agreed that we can fully comply with them.
  • Teams in Suriname and South Africa always work together with local BR1GHT people at your location. These local ‘linking pins’ make sure that we always understand your needs and if issues pop-up, we can immediately solve them. They are responsible for the seamless integration of our and our client’s staff.
  • We have our proven methodology for onboarding to guarantee a controlled transition called ‘the 12-successfactors of change management’.

Read more (at our managed service page).

Flexible pool with audit specialists

Process mining & data-analytics

External audit news

BR1GHT dienstverlening voor accountantskantoren

BR1GHT dienstverlening voor accountantskantoren

De dienstverlening van BR1GHT bestaat uit een drietal services: technologische dienstverlening; zijnde het helpen selecteren van technologie, alsmede het implementeren en het optimaliseren van het gebruik. specialistische consulting, zijnde het aanbieden van pure...

read more
Available for work – IT-auditor IT-controls specialist

Available for work – IT-auditor IT-controls specialist

We have a great person and fulltime experienced (senior) IT-auditor and IT-controls (or broader controls) specialist available as of today. Experienced in SAP (multiple modules, controls, authorisation as specialist and trainer), financial & operational controls...

read more
Job – Finance assistant BR1GHT Suriname

Job – Finance assistant BR1GHT Suriname

We are looking for a finance assistant who is motivated to contribute to building a solid finance foundation. If this is you, we have an amazing opportunity for you: learning all about finance at a fast-growing scale-up. In this role, you will be responsible for the...

read more


Vision paper

The digital transformation is reshaping organisations with an increasing pace. Digital solutions using RPA, IoT and mobile are being implemented in the business to save costs, improve business processes or to build client intimacy. But what are the risks of these new digital solutions, how do you control them and what does digital mean for your control environment? In a series of publications, we will dive deeper into these questions and take you with us in our Digital Control journey Towards Continuous Monitoring.

In this publication you will read all about:

  • What are the risks of new digital solutions, such as RPA, ML, IA,
  • The need to continuous monitoring,
  • Wat is continuous monitoring,
  • How 2’nd and 3’rd Lines of Defence can use continuous monitoring,
  • How to use continuous monitoring to provide assurance,
  • Upskilling risk and internal audit specialists.

If you would like to know more about continuous monitoring, please contact us. We can provide you with concrete examples of implementations.

BR1GHT publication Vision on Digital Control Towards Continuous Monitoring

[contact-form-7 id=”237587″ title=”Contact form 1″]

Want to learn more?

Find out what our external audit propositions can mean for you.

Please contact us if we made you curious.

Thank you so much for you interest in us!