Controls transformation and assurance

Deloitte’s controls transformation & assurance practice helps you gain assurance over your financial, system and operational internal controls. Our services leverage best-in-class methodologies and a vast suite of tools and analytic capabilities to support your control transformation journey.

Assurance solutions

In an environment of escalating IT security threats, data quality issues, corporate governance concerns and privacy mandates, organizations need to ensure the integrity, confidentiality and availability of their information and underlying systems. This requires information systems that are properly deployed, monitored and controlled.

Leveraging our global network and in-depth industry knowledge, Deloitte can help you mitigate the risks associated with your internal systems, business processes, projects, applications, data and third-party reliance. Our integrated information and controls assurance services include:

  • Controls transformation. Adopt the appropriate level of controls to mitigate risk, control costs, maintain regulatory compliance and secure your assets.
  • Integrated external audit. Access world-class internal control and financial statement auditing.
  • International Organization for Standardization (ISO). Adopt internationally-recognized methodologies to evaluate, implement, maintain and manage information security.
  • Third-party reporting. Independently assess the control procedures of your third party service providers.

Extended Enterprise Risk Management

In today's business world, organizations increasingly rely on outsourcing, licensing, alliances, and other business partnerships to meet their objectives. These complex relationships are governed by financial and legal agreements that are often poorly monitored. A lack of controls around these relationships creates risks, either reporting or operational in nature, and can lead to brand or reputation damage and the loss of significant revenue through uncollected royalties, misreported claims, and inadequate inventory controls.

A well-conceived Extended Enterprise Risk Management program, however, can help organizations better identify and mitigate the risks, while enhancing the benefits of business arrangements. Extended Enterprise Risk Management is a service area focused on risk management that can help organizations optimize relationships with other entities to improve business processes, maximize revenue, manage costs, address risks, strengthen relationships, and boost performance.

Internal audit

Overcome the common challenges of an internal audit function from staff turnover to a lack of specialized skills. We offer internal audit co-sourcing, resource enhancement, access to specialized skills or full outsourcing, depending on your needs. We can help improve your internal audit function by introducing risk-based process audit techniques, training and tools. And we can conduct an internal audit quality assessment to benchmark your function against leading practices or the Institute of Internal Auditors (IIA) standards. If you are establishing an internal audit function, we offer a “first 100 days” solution to help you develop a mission and charter, create a risk-based audit plan, assess your staffing model options and select the appropriate methodologies and technologies.

Internal controls certification

Using Deloitte's proprietary tools and methodologies, help your clients assess, design, optimize and maintain their internal control certification programs in a manner consistent with the top-down risk-based approach advocated by security regulators. We deliver a number of services, such as: 

  • Certification program assessment: Provide recommendations to help organizations refresh their programs, benchmark their performance and better align with what we would consider to be leading practices
  • ICFR program development: Work with companies preparing to enter public markets and them to help them understand their ICFR certification requirements and design and implement compliance programs 
  • ICFR program management and execution: Either work with, or in place of an in-house function, assess control effectiveness and provide feedback to management to enable executive certification


We identify, develop and test control policies and procedures related to business processes for a targeted clientele: lottery companies, public and para-public organizations, provincial governments, corporations and private sector companies.

Sustainability and climate change

Drivers ranging from regulation, investor activism and changing consumer behaviour to the need for innovation, operational efficiency and fundamental enterprise cost reduction are putting climate change, carbon management, corporate responsibility, clean technology and the changing energy landscape squarely on the corporate agenda. If you don’t get in front of these trends, your competition surely will.

We apply our unique integrated systems approach across the areas of governance, workplace, workforce, supply chain, operations, products and information technology to help organizations make the connection between sustainability and economic performance. We draw on the extensive experience of our risk management, consulting, financial advisory, tax and audit professionals to drive a client-centric approach to protecting and creating economic, environmental and social value.