Internal control services


Recently, the requirements imposed on companies by shareholders, executive management, regulatory bodies and other stakeholders have significantly risen and continue to rise. As a result, more and more companies view the establishment of an internal control system as a top priority, which assists in enabling the company to attain its objectives.

An internal control system provides several advantages for organizations, which collectively have the ability to increase shareholder value.  Some of these advantages include:

  • Better managerial decisions based on accurate and reliable financial and management information
  • Assures the interests of the company’s shareholders and the security of their investments
  • Improved stakeholder perception
  • Greater management of risk


Internal control system improvement projects involve our consultants assisting companies to identify and assess risks related to the accuracy of their financial statements and the security of their assets. Based upon these risks they make an assessment as to the adequacy of the internal control procedures designed and perform checks on whether these procedures are appropriately implemented. Upon completion of these assessments our consultants develop documentation that clearly describes the processes, risks and controls identified, and any recommendations for internal control improvements based upon leading practices.

In conducting these projects we place emphasis on control efficiency and continually search for ways that the internal control system can be further rationalized in order to achieve reduced costs for the organization. We apply a “top-down” approach to our engagements to ensure that the key risks of the company are addressed. Our proprietary risk and control database which is based upon best practice allows our consultants to focus on only those controls that cover the key risks of the company, resulting in a more efficient control environment for the company.

Download the leaflet and learn more

Internal control  improvement

The implementation of an Enterprise Resource Planning (ERP) System is a major undertaking of any organisation. In almost all cases, it leads to the redesign of business processes, resulting in significant changes to the organisation's business control environment.

Our services span through the life cycle of an ERP System: from designing controls and security, as part of the implementation process, ongoing monitoring and assessment, or one-time reviews.  You will benefit from the highlighting of the main risk affecting your business, avoid costly re-work after implementation, reduce the risk of fraud and the project will be brought back on track as needed.

ERP controls

Many governance, risk management and compliance projects are labour-intensive, disruptive to business operations and are silo-orientated. Companies recognise that in order to sustain governance, risk management and compliance (GRC) efforts, they have to move these disjointed tactical-level approaches into a more integrated and strategic framework through the use of technology.

We provide the services for the integration of technology into GRC activities and processes to ensure that the right information get to the right person at the right time.

Automated GRC solutions

The Sarbanes-Oxley Act of 2002 establishes stricter requirements regarding corporate governance and internal controls in relation to financial reporting for US-listed companies. In particular, the Act includes the requirements for the documentation and annual assessment of the internal control system.

Numerous leading companies have obtained significant advantages due to SOX compliance, or voluntary partial compliance, in case the company is not required to be in full compliance with this Act.

Deloitte is a leader in preparing Russian companies for SOX compliance.

Our experts can be involved in various project stages related to SOX compliance, including: 

  • Design of the internal control system monitoring process
  • Provision of SOX training for the company’s employees
  • Preparation of recommendations on the improvement of the internal control system to bring it in compliance with SOX requirements
  • Preparation of documentation and the selection of software for controls procedures monitoring

Sarbanes-Oxley Section 404 compliance

Russian companies are increasingly interested in IPOs on the UK stock market. To be listed on the London Stock Exchange, the issuer should meet a number of corporate governance and internal control requirements.

Such requirements are defined in the Combined Code of Corporate Governance as best practice principles which the company should comply with. Every year, the issuer’s compliance with the Code should be disclosed in their annual report, including the methods used to address specific principles, or the reasons why such principles have not been met.

The Combined Code of Corporate Governance recommends, in particular, that the effectiveness of the corporate internal control system should be reviewed and the annual report to shareholders should be prepared based on the results of this review. The review should address all material control, including operational and financial controls, the existence of the required internal regulations as well as the risk management system.

More detailed internal control requirements are provided in the Turnbull report, which forms an integral part of the Combined Code of Corporate Governance.
Our internal control experts will provide issuers or potential issues with all the necessary advice to ensure compliance with the requirements of the Combined Code of Corporate Governance prior to their securities being listed on the London Stock Exchange.

These services are provided under both the "Don't Go to London without Deloitte" program and individual projects.

UK regulatory compliance

Back to Risk