Combining our experience in advising clients in the Financial Services Industry with our expertise in assessing and testing internal controls, we can support you in transforming the internal controls and provisions within your business towards a true value adding function.
This catalogue serves as a collection of materials presenting the wide scope of products and services available within the Risk Advisory practice at Deloitte. Through these offerings we transform your internal controls environment to optimise their capabilities and mitigate your risks. We hope through these to best serve your business and work together to build robust internal controls for your company.
Perform an assessment of your client life-cycle management processes with a focus on onboarding. Leverage these insights to identify potential for optimization and digitalization within your internal controls.
Approach:
Diagnostic-service using our client onboarding benchmarking tool
Assess and further identify areas with digitalization/automation potential
Best practice knowledge/ data-set
Your benefits:
Access to regulatory compliance SMEs (due diligence, AML etc.)
Efficiency gain through clear allocation of duties between 1st/2nd LoD
Review your compliance function including processes and controls and consequently provide guidance on potential redesign of the function with regard to governance and organisational set-up.
Approach:
Compliance function maturity assessment
Segregation of duties assessment
Benchmark analysis
Your benefits:
Fit for purpose compliance specialists conducting the assessment
Market proven analysis framework used as basis for assessment
Perform an overarching review of your risk function including governance, risk assessment processes, and support systems and controls to identify key optimization levers.
Approach:
Diagnostic-service of risk function
Benchmarking against relevant peers, regulatory requirements & market best practice
Review of current infrastructure/tools
Your benefits:
Access to regulatory compliance SMEs (due diligence, AML etc.)
Efficiency gain through clear allocation of duties between 1st/2nd LoD
Assess your F2B credit workflow process in terms of its capability to effectively mitigate e.g. operational risks based on various TOM dimensions including amongst others Policies & Controls, Governance & Processes.
Approach:
Assessment of the maturity of each TOM dimension
Definition of quick fixes and long term levers and to close gaps and to ultima-tely progress to a adequate future TOM
Your benefits:
Access to regulatory compliance SMEs (due diligence, AML etc.)
Efficiency gain through clear allocation of duties between 1st/2nd LoD
Review the overarching bank operating model and assess it in light of current market trends. Classify your current model as well as future vision according to our pre-defined and proven archetypes that will guide your transformation.
Approach:
Review of banking operating model
Classification into archetypes/ identify future vision of archetype
Define levers of change to reach future archetype operating model
Your benefits:
Fit for purpose compliance specialists conducting the assessment
Market proven analysis framework used as basis for assessment
Review your distribution strategy and processes to respond to changing customer habits and increased competition. Using a 3-step delivery model allows fast identification and the potential of agile implementation.
Approach:
Data request and analysis
Documentation of client journey
Identify and prioritize main levers for distribution transformation
Your benefits:
Proven diagnostic approach and tool developed by experienced Deloitte experts
Identification of key optimization levers
Access to SMEs with focus on Asset Management Risk
Perform a 360 degree health check of your FinCrime functions across multiple dimensions using our unique benchmarking questionnaires to define the maturity of your current state and define the ambition.
Approach:
Benchmarking against best practice
Analysis per FinCrime function and different dimensions (e.g. technology)
Definition of a target state ambition based on cost and benefit
Your benefits:
View on current state against best practice
Identification of gaps and clear definition of an individual target state
Prioritized list of measures to achieve target state ambition
Offering 8: FinCrime framework and operating model review
Perform a review of the overall set-up of your FinCrime function, which includes a review of the framework and the operating model across all capabilities.
Approach:
Review including strategy, governance, processes and organizational set-up (3 lines of defence)
Gap analysis to desired target state
Definition of strategic roadmap
Your benefits:
Independent gap analysis to target state
Identification of list of measures to close gaps
Implementation roadmap for target operating model (TOM)
Offering 9: FinCrime alert and monitoring process review
Perform an end-to-end process review of your alert identification and alert processing in order to identify areas to improve efficiency and effectiveness, including the use of advanced analytics.
Approach:
Review and optimization of current alert rule set/scenarios
Review and optimization of the alert review process
Review of potential for advanced analytics
Your benefits:
List of levers to optimize the process
Identification of quick wins
Overview of how analytics can be leveraged to improve the process
Assess the awareness level of employees with regards to social engineering and information security. Simulate an attacker attempting to trick employees into performing sensitive actions.
Approach:
Open source intelligence: collect public information to tailor the campaign
Social engineering: Execute tailor made campaigns based on scenarios
Employee training for awareness
Your benefits:
Assess the cyber readiness and awareness in a holistic approach
Assess the detection/response capability
RTO has become a regulatory requirement for banks in some countries
Simulate a realistic attack by mimicking the threat actors and their tools, techniques and procedures. Identify and exploit the weakest link by taking advantage of the flaws in the processes.
Approach:
Open source intelligence: scenario planning and reconnaissance to gather information about the client
RTO: executing tailor made scenarios by combining different techniques
Your benefits:
Systematic identification of exploitable vulnerabilities within internal network
Assess the existing exposure to internal threats and attackers
Perform a review of the overall set-up of your FinCrime function, which includes a review of the framework and the operating model across all capabilities.
Approach:
Assess current cloud maturity using Deloitte’s Cloud Security Framework
Outcome of technical cloud assessment analysed by cloud security experts
Use teaming capabilities test for weakness
Your benefits:
Holistic View on Cloud Security Maturity
Access to SME knowledge both technical and strategic
Market proven capabilities model to test cloud maturity
Review the organisations third party risk management (TPRM) framework covering the end-to-end third party life-cycle based on best practices and industry standards.
Approach:
Assess the current TPRM capabilities using Deloitte’s TPRM framework
Improve processes to cover 3rd party risk
Conduct third party risk assessments as a managed service for critical third parties
Offering 15: Social media (SM) risk management assessment
Assess current state of the SM strategy and processes by comparing them to best practices and industry standards. Create transparency on the SM maturity and set-up a robust SM Risk Framework.
Approach:
Assess current SM maturity using Deloitte’s SM framework
Conduct a SM risk assessment
Review and optimize SM channel tools, processes and governance structure
Review your information security management system (ISMS) and assess it against known industry standards and frameworks such as ISO 27001/2, NIST v1.1, SANS etc.)
Approach:
Detailed maturity assessment your current state cyber framework
Identification of gaps to known and proven industry standards
Benchmarking to peers
Your benefits:
Access to our standardized and extensive benchmarking data-set
Proven centre of excellence
Deloitte professionals with extensive experience with cyber security
Review Operational Resilience capabilities and assess them and related capabilities such as Business Continuity Management, Disaster Recovery, and Crisis Management against common frameworks.
Approach:
Analysis of existing framework and capabilities and determination of maturity
Assessment of key processes and artefacts such as strategies, policies and plans
Identification of gaps against good practices
Your benefits:
Outside-in view on Operational Resilience capabilities
Concrete, actionable recommendations
Access the subject and industry experts from Deloitte network
Carry out a clear assessment of the position of the organisation with regards to privacy regulations through privacy gap assessments. Provide a tailored privacy program addressing the identified gaps.
Approach:
Governance
Analysis between current state of privacy compliance against selected regulations requirements and target
Design roadmap to prioritise effort
Your benefits:
Clear picture of privacy compliance maturity against the framework and industry best practices
Review your organization’s Enterprise Recovery capabilities, i.e. the ability to recover from catastrophic disruptions, such as a large-scale cyber attack or Ransomware.
Approach:
Assessment of Enterprise Recovery capabilities against Deloitte framework
Identification of key gaps and risks
Development of mitigation roadmaps and support in improving capabilities
Your benefits:
Independent review of Enterprise Recovery capabilities
Concrete, actionable recommendations
Deep subject matter expertise - experts who assisted clients on real incidents
Guide critical considerations and decisions, regardless of position in the Tool journey. Combine point audit solutions and GRC solutions where audit is integrated in the broader platform.
Approach:
Maturity assessment on existing solutions (for Integrated RM)
Solution evaluation of most common GRC platforms
End –to-end solution implementation
Your benefits:
Leverage knowledge of Deloitte of most common GRC platforms in the market
Short solution evaluation
Implementation of a true IRM solution that help audit to improve
Review the inclusion of ESG / sustainability risks within your Enterprise Risk Management System (ERMS) and assess it against best practices, industry standards and legal frameworks.
Approach:
Plan: define scope of benchmark, key stakeholders & documentation
Understand: roll-out questionnaires and perform interviews
Assess: Collate data for performance
Your benefits:
Improvement of the ERMS extending it to an ESG perspective
Benchmark against good practices
Increase compliance where required (e.g. EU Green Deal package)
Review your defined ESG / sustainability targets (e.g. carbon reduction based on SBTi) against your implemented measures (e.g. abatement projects for carbon reduction).
Approach:
Target and scenario modelling
Tool implementation and ESG data import for evaluation
Performance and gap visualisation with dashboards
Your benefits:
Monitoring and evaluation of performance against targets
Review your climate risks from a physical and transformational risk perspective and assess their impact on your strategy, balance sheet and asset portfolio.
Approach:
Risk assessment review compared to benchmarks (industry & good practice)
Scenario analysis review
Review of quantification methodology
Your benefits:
Legal compliance where required (e.g. Solvency II)
Support Life Sciences clients in their transformation journey towards becoming data-centric organisations. Strategy definition, use case collection and prioritization, operating model design.
Approach:
Define organisational vision, capabilities and strategic roadmap
Understand technology elements
Translate vision, tech & capability requirements into op. model choices
Your benefits:
Track record across Life Sciences clients and a variety of use cases
Experience in multiple steps of the transformation journey (e.g. nascent vs. established)
Support the execution of complex transformations in LS clients in the R&D space, especially those that seek to redefine our client’s operating model (e.g. clinical operations).
Approach:
Define transformation roadmap and impact across people, processes
Measure and improve: develop KPIs and gauge performance against objectives
Agile planning and ways of working
Your benefits:
Deep understanding of the interdependencies of R&D organisations
Access to the wider Deloitte service portfolio for data organisations (e.g. Cyber Risk, Controls, etc.)
Leverage our deep an extensive knowledge of the LS R&D market to support clients in their strategic choices (e.g. portfolio strategy, divestitures, acquisitions, clinical development).
Approach:
Project management
Client due diligence with overview of R&D trends, market players and dynamics
Agile ways of working
Your benefits:
Deep scientific understanding of assets and technology, to correctly assess and position opportunities in the market
Strategic Regulatory Compliance enables LS companies to meet regulatory requirements sustainably through innovation in business processes, system architecture and change management.
Approach:
Readiness assessment
Business case
Design & Roadmap
Agile implementation
Your benefits:
Regulatory non-compliance is a major risk, but treated with importance these obligations could have strategic benefits
Enhanced operations efficiency,improved decision making and patient services
Reduce, reuse, recycle - this approach follows the ‘write once, use many times’ principle.
The auto-population of data into its correct content into standardised narrative components.
Approach:
Standardization
Automation
Your benefits:
Increase authoring speed for regulatory documents: get drugs to patients sooner
Improve speed to market: reduction in development costs and faster revenue generation
SAssess current state of an organisation’s regulatory affairs function and design a roadmap to reach a globalized, centralized, and standardized future state in alignment with other functions (e.g. QMS).
Approach:
Develop a process maps, SOPs, trainings and interdependency tracking
Streamline process with tech. solutions
Minimize documentation, while accounting for local deviations
Your benefits:
Consistent global processes and interfaces with authorities
Maintain product portfolios efficiently, effectively and in compliance
Implement RegHub (Deloitte’s comprehensive regulatory solution). It fundamentally enhances how organisations structure, source and manage compliance and transition from reactive to proactive.
Approach:
Ongoing scan to stay updated on policies
Central location for obligations, sliceable by business area and topic
Comprehensive governance structure for monitoring and tracing