Internal control services


Internal control services

Recently, the requirements imposed on companies by shareholders, executive management, regulatory bodies and other stakeholders have significantly risen and continue to rise. As a result, more and more companies view the establishment of an internal control system as a top priority, which assists in enabling the company to attain its objectives. An internal control system provides several advantages for organizations, which collectively have the ability to increase shareholder value. Some of these advantages include: better managerial decisions based on accurate and reliable financial and management information, assures the interests of the company’s shareholders and the security of their investments, improved stakeholder perception, greater management of risk, and Implementation of robust, approved procedures.

Internal control system improvement projects involve our consultants assisting companies to identify and assess risks related to the accuracy of their financial statements and the security of their assets. Based upon these risks they make an assessment as to the adequacy of the internal control procedures designed and perform checks on whether these procedures are appropriately implemented. Upon completion of these assessments our consultants develop documentation that clearly describes the processes, risks and controls identified, and any recommendations for internal control improvements based upon leading practices.

In conducting these projects we place emphasis on control efficiency and continually search for ways that the internal control system can be further rationalized in order to achieve reduced costs for the organization. We apply a “top-down” approach to our engagements to ensure that the key risks of the company are addressed. Our proprietary risk and control database which is based upon best practice allows our consultants to focus on only those controls that cover the key risks of the company, resulting in a more efficient control environment for the company.

Download the leaflet and learn more

Internal control  improvement

The implementation of an Enterprise Resource Planning (ERP) System is a major undertaking of any organisation. In almost all cases, it leads to the redesign of business processes, resulting in significant changes to the organisation's business control environment.

Our services span through the life cycle of an ERP System: from designing controls and security, as part of the implementation process, ongoing monitoring and assessment, or one-time reviews.  You will benefit from the highlighting of the main risk affecting your business, avoid costly re-work after implementation, reduce the risk of fraud and the project will be brought back on track as needed.

ERP controls

Many governance, risk management and compliance projects are labour-intensive, disruptive to business operations and are silo-orientated. Companies recognise that in order to sustain governance, risk management and compliance (GRC) efforts, they have to move these disjointed tactical-level approaches into a more integrated and strategic framework through the use of technology.

We provide the services for the integration of technology into GRC activities and processes to ensure that the right information get to the right person at the right time.

Automated GRC solutions

The Sarbanes-Oxley Act of 2002 establishes stricter requirements regarding corporate governance and internal controls in relation to financial reporting for US-listed companies. In particular, the Act includes the requirements for the documentation and annual assessment of the internal control system.

Numerous leading companies have obtained significant advantages due to SOX compliance, or voluntary partial compliance, in case the company is not required to be in full compliance with this Act.

Deloitte is a leader in preparing Russian companies for SOX compliance.

Our experts can be involved in various project stages related to SOX compliance, including: 

  • Design of the internal control system monitoring process
  • Provision of SOX training for the company’s employees
  • Preparation of recommendations on the improvement of the internal control system to bring it in compliance with SOX requirements
  • Preparation of documentation and the selection of software for controls procedures monitoring

Sarbanes-Oxley Section 404 compliance

Russian companies are increasingly interested in IPOs on the UK stock market. To be listed on the London Stock Exchange, the issuer should meet a number of corporate governance and internal control requirements.

Such requirements are defined in the Combined Code of Corporate Governance as best practice principles which the company should comply with. Every year, the issuer’s compliance with the Code should be disclosed in their annual report, including the methods used to address specific principles, or the reasons why such principles have not been met.

The Combined Code of Corporate Governance recommends, in particular, that the effectiveness of the corporate internal control system should be reviewed and the annual report to shareholders should be prepared based on the results of this review. The review should address all material control, including operational and financial controls, the existence of the required internal regulations as well as the risk management system.

More detailed internal control requirements are provided in the Turnbull report, which forms an integral part of the Combined Code of Corporate Governance.
Our internal control experts will provide issuers or potential issues with all the necessary advice to ensure compliance with the requirements of the Combined Code of Corporate Governance prior to their securities being listed on the London Stock Exchange.

These services are provided under both the "Don't Go to London without Deloitte" program and individual projects.

UK regulatory compliance

Russian regulatory authorities have developed a number of internal control requirements related to listed companies and all lending institutions operating in the Russian Federation.


The issuer’s Board of Directors should approve the document defining the internal controls over the issuer’s operations, which are supervised by a separate structural division of the issuer that informs the Audit Committee of all identified violations.

Order No. 04-1245/пз-н of the Federal Service on Financial Markets, dated 15 December 2004 on “The approval of the provision regarding trading arrangements on the securities market.”


The best internal control practice recommendations are presented in the Code of Corporate Conduct, compliance with which is recommended for joint-stock companies and is mandatory for listed companies. Compliance with the Code is a demonstration of the company’s transparency and its responsibility to shareholders and other stakeholders. This in turn has a positive impact on company’s reputation and how it is perceived by others.

Our experience in implementing and optimizing the internal control systems of companies based on international best practices is valuable both to ensure regulatory compliance and in order to obtain additional benefits for the shareholders and executive management.

Our specialists provide assistance in the development of the internal regulatory documents which are based on the Russian regulatory requirements and innovative internal control principles recommended by international organizations such as the International Organization of Securities Commissions (IOSCO) and the Basel Committee for Banking Supervision.

In addition to development of such systems, we also provide services related to the independent assessment of existing internal control systems and corporate governance systems. These projects assess the existing systems in place for compliance with the standards established by the regulatory authorities or international principles. Upon completion of the assessment our specialists provide recommendations for improving organizational, procedural and documentation aspects of the existing internal control system.

Russian regulatory compliance