Governance, Risk & Compliance

Our Services

Governance, Risk & Compliance

Risk has always had a negative connotation unless you flip it around and look at its other face – Opportunity. Successful companies which are able to effectively identify its key risks, and how best to treat or exploit those risks to the benefit of the company, are in a position to reap the rewards. Having a clear risk framework and common understanding of risk management, from Boardroom to storeroom, is key to helping your organisation deal with and respond to, the evolving demands and changes in the global marketplace. 

Whether it’s conducting a current state risk assessment, developing a risk framework, or performing internal audits to assess the effectiveness of current risk management and controls measures, we can assist you to assess and enhance your current controls, and leverage your risk management practices to bring your business to the next level. Our key services include:

  • Risk Consulting & Assessment
  • Internal Audit
  • Scrutineering

Key Contact

Raymond Ang_qr

Executive Director
RHT Governance, Risk &

Frequently Asked Questions

Can’t find the answer you’re looking for? Please contact us, we’d be happy to help.

Internal audit’s role is to provide reasonable assurance to the organisation’s board and senior management that its risk management, governance and internal controls are operating effectively.  For regulated organisations (e.g. public-listed, financial industry, charities), internal audit is often mandated.  However, some private companies and other organisations, have established an internal audit function as a key governance activity. 

Many organisations use external firms to perform its internal audit function as it may not have the capacity to justify a full-time internal audit function. At the same time, external consultants have the benefit of being independent of the organisation and are up to date with the latest requirements and best practices.


Some larger organisations have sufficient capacity to support a full-time internal audit function within its structure. Others use “guest auditors” from other departments or even other jurisdictions to conduct internal audit for its local processes. What is important is that the internal auditor has the knowledge, experience, and independence to perform the role. In other words, the internal audit function should be independent of the area or processes for which it is auditing, so that it may report without fear or favour to the Audit Committee or Board.

This was a Board Director’s response many years ago when we recommended a structured risk management framework for their public listed company. That company has since ceased to exist. Sometimes we are “too close to the action” to notice certain warning signs, or we brush them aside because “we know better”. Sometimes, having an independent party provide an external unbiased viewpoint is useful. Even if we eventually accept higher levels of risk, at least we can be more confident that we have gone through a robust exercise to arrive at that decision.

Raymond Ang

Executive Director
RHT Governance, Risk & Compliance

Raymond has over 20 years of regional experience in the fields of governance and risk management, serving clients in MNCs and statutory boards. He spent 13 of those years honing his skills with international professional consulting firms that include Coopers & Lybrand, Arthur Andersen, Ernst & Young, and Protiviti. He previously helmed the Enterprise Risk Management and CIO Solutions practices at Protiviti for Southeast Asia. He also established and built the Internal Audit and Risk management practice group for a public-listed business solutions provider.

He previously developed and helped implement enterprise risk management frameworks for two of the equities exchanges in the region, a conglomerate of social enterprises, and a public-listed business solutions provider operating across five countries. He also drafted the technology risk management framework for a cluster of healthcare providers. As an advisor for a start-up cybersecurity firm, Raymond developed the IT security framework for a major player in the Singapore energy market, and was involved in security assessments for a rail transit authority.