We’re here to make internal audit work for you.
Not a box-ticking exercise, not a report that gathers dust but a service that helps you run your organisation better, manage risks with confidence, and make decisions you can stand behind.
Every organisation has its own priorities, pressures, and ways of working, so we take the time to understand yours. Then we provide recommendations that are practical, relevant, and ready to act on.
We’re not here to catch you out, we’re here to give you the insight and assurance you need to move forward with confidence.
Our Mission & Core Principles
Our experience spans public sector governance and private sector best practice and we bring the strengths of both to every engagement.
We believe internal audit should be more than a compliance requirement. Done well, it gives you the clarity, confidence, and insight to make better decisions, manage risks proactively, and improve how your organisation works.
We work to the IIA’s Global Internal Audit Standards and ISACA’s Code of Professional Ethics. For you, that means every engagement is carried out with independence, integrity, and the care it deserves and provides assurance and advice you can act on.
Meet The Directors
Experienced auditors and advisors, dedicated to governance, risk management, and operational excellence.
Rebecca Dyson
Director
MChem CIA CIPP/E CISA
I’m a Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), and Certified Information Privacy Professional (CIPP/E) with a strong track record in delivering assurance that leaders can act on.
With over five years’ experience in internal audit and additional expertise in second-line risk roles, I have led reviews across a broad range of areas, from cyber security and IT governance to financial controls, grant expenditure, and sector-specific governance arrangements. My portfolio includes high-profile work such as PCI DSS compliance reviews, assurance for the Competition and Markets Authority, and evaluations of large-scale programmes including system implementations and strategic initiatives.
My career began in risk modelling and reporting, giving me a deep appreciation for the value of data. I bring that into audits through targeted data analytics, ensuring findings are evidence-based and actionable.
Clients from local authorities, professional services firms, charities, regulatory bodies, and private companies value my ability to cut through complexity, explain issues clearly, and deliver practical recommendations that strengthen controls, improve efficiency, and support better decision-making.
Mark Castro
Director
CISM
I’m a Certified Information Security Manager (CISM) with over 20 years’ experience helping organisations strengthen their governance, resilience, and use of technology.
My background spans senior IT leadership across public and private sectors, where I’ve delivered large-scale digital transformations, cybersecurity programmes, and business-critical integrations. I have led disaster recovery and business continuity planning, infrastructure modernisation, and IT governance reviews, ensuring organisations remain secure, compliant, and operational even under pressure.
Alongside this, I bring a strong track record in business assurance, providing evaluation of IT, cyber security, and resilience arrangements. Whether it’s reviewing controls, testing recovery capability, or assessing complex system implementations, my focus is on delivering findings that are clear, evidence-based, and actionable.
Clients value my ability to align technology with business goals, and design solutions that not only solve today’s challenges but also position them for the future. My mission is to help organisations achieve stronger governance, smarter use of technology, and confidence that their critical systems and operations are built to last.
