fbpx Skip to main content

Internal Audit

Internal Audit Approach and Benefits

We, as internal auditors, must understand and be able to evaluate the business processes of our Clients. Audit planning is conducted at the beginning of the audit process to establish the overall audit strategy and set out the relevant procedures to be carried out to implement the strategy and complete the audit.


Gather information and plan

  • Knowledge of business and industry
  • Regulatory statutes
  • Inherent risk assessment


Obtain understanding of internal control

  • Control procedures
  • Detection risk assessment
  • Equate total risk


Perform compliance tests

  • Identify key controls to be tested
  • Perform tests on reliability, risk prevention and adherence to organization policies and procedures


Perform substantive tests

  • Analytical procedures
  • Detailed tests
  • Other substantive audit procedures


Conclude the audit

  • Create recommendation
  • Write audit report

Management relies on internal auditing for insight and objective assurance to ensure that existing internal controls are adequate to:

  • mitigate the organization’s risks,
  • ensure thatgovernance and risk management processes are effective and efficient, and
  • that the organizational goals and strategic objectives are met.

At planning stage (after a thorough review of the organisational processes) we will introduce a holistic audit methodology to establish a robust action plan of engagements to be conducted with the aim to start improving the defense line mechanism with the organisation

Our Internal Audit Team

The internal audit team members have over 30 years of experience in different types of audits.

John Debattista - Partner

John Debattista is a Certified Public Accountant and Registered Auditor. Prior to Zampa Debattista, John occupied the post of audit manager in a medium-sized audit firm, where he developed a specialization in the financial services industry and remote gaming sector. John is one of the founding partners at Zampa Debattista and heads the Assurance function of the organisation. He is the IFRS leader and acts as an advisor on highly technical IFRS issues.

Greg Szabo – Head of Internal Audit

Mr. Szabó has been providing internal audit, IT audit and business process re-engineering, and consultation services to regulated entities for a decade. He is the Head of Internal and IT audit at Zampa Debattista, and his main focus is on investment service, iGaming service providers, and financial institutions.

Matthias Mangion – Senior Auditor

Matthias is a member of the Malta Institute of Accountants (MIA). In 2017, he obtained a Bachelor of Commerce in Accountancy and Banking. Following this, he graduated with a Masters in Accountancy from the University of Malta in 2020. Throughout his work experience, he was exposed to both internal and external audit assignments on licensed funds, iGaming, shipping, manufacturing, and retail.

Zampa Debattista is a full member of Russel Bedford International, a top 20 global network of firms that also grants access to global resources.

Types of Internal audits and assessments

Integrated audit

IT combines financial, operational, compliance, and information system audit steps primarily recommended to regulated entities. Controls are typically composed of policies, procedures, practices, and organizational structures implemented to reduce risk to the organization. As your Internal Auditor, we assess whether the internal controls are developed to assure management that the organization’s business objectives will be achieved and that risk preventive measures are efficient and adequate.

Information System (IS) audit

Our program follows the CISA framework, designed to collect and evaluate evidence to determine whether an information system and related resources are adequately safeguarded and protected, maintain data and system integrity and availability, and achieve organizational goals effectively.

Our team also analyzes the internal controls to see whether these provide reasonable assurance that business, operational, and control objectives will be met.

Corporate and IT Governance – MBR

Every company is unique, but all of them require efficient processes and reliable controls.

We can assist you in evaluating the current operational flows and internal controls, identify risks and recommend actions. We assure you of an enhanced control system with customized reporting solutions and provide you with strategic advice regarding opportunities to improve your business process.

Zampa Debattista can also assist you in improving your corporate governance

Project Audit

To achieve a successful project outcome, the audit function should play an active role, where appropriate, in the life cycle development of a new system or business application. This will facilitate efforts to ensure that proper controls are designed and implemented in the new system. We must understand the system or application developed to identify potential vulnerabilities and points requiring control.

Cash flow management and cost review audit

We are living in a challenging time for businesses and individuals, whereby we are facing a serious global energy crisis, and we are facing soaring rates of inflation whilst governments are trying to defend entities and the general public with rate hikes against inflation. Operational and investment costs are also increasing, and it is getting harder to get financing. The risk appetite of Venture capital investors is decreasing. Considering these factors, it is crucial to monitor oversight of the cash flow management closely, introduce additional strong control measures, and explore new cost optimization methodologies. We aim to assist you at this time and later on with an independent evaluation and recommendations.

Business process and controls

The management focus is on the growth of the business and other essential objectives. The business development should be followed by quality assurance and implementation of accurate controls and procedures. Otherwise, the company can run significant risks, generate losses, and lose control over the business. In this scenario, the company might lose the status quo and face business development-, financial and operational issues. We can support you with a gap analysis and recommend actions to improve your processes and controls.

Security Status Quo

Every business has to consider security seriously regardless of its size or regulatory status. We created a framework to perform a security status quo check on your company to identify weaknesses and recommend preventive actions. It is not an ISO security audit, but the methodology is designed according to the standard.

Individual Audit Assignments – Specific Areas Requested by the Client

We as the internal auditors will perform a risk assessment to establish the audit plan. However if a specific area of business needs to have an independent review, we can assist in this respect to provide relevant recommendations in order to improve the respective controls and procedures, when relevant.


Licensed entities

  • iGaming
  • Investment service
  • Securities and markets
  • Pensions
  • Insurance

Non-regulated entities

  • Bond issuers
  • Family Office
  • Other trading entities

Internal Audit’s role in ESG reporting

Internal Audit’s role in ESG reporting

Strong governance over ESG requires alignment among the principal players, as outlined in The IIA Three Lines Model, Zampa Debattista can support your regulated or nonregulated company with objective assurance, insights, and advice on ESG matters.


  • Review reporting metrics for relevancy, accuracy, timeliness, and consistency
  • Review reporting for consistency with formal financial disclosure filings.
  • Conduct materiality or risk assessments on ESG reporting.
  • Incorporate ESG into audit plans.


  • Build an ESG control environment.
  • Recommend reporting metrics.
  • Advise on ESG governance
03 Latest from Blog

Internal Audit Insights


The Indispensable Role of Internal Auditing in the iGaming Industry

The iGaming industry has surged in popularity, creating vast opportunities for both players and businesses…

Mind the Gap! Navigating the DORA Compliance Labyrinth

Backplanning and Gap Analysis: Proactive Approaches to DORA Compliance The Digital Operational Resilience Act (DORA)…

The Great DORA Race: Planning for Success – The Importance of Planning and Stakeholder Engagement for Successful DORA Implementation

As the deadline for compliance with the Digital Operational Resilience Act (DORA) approaches, financial entities…
04 Get in Touch


Greg Szabo

Internal Audit Leader