Gems image


Controls assurance, remediation and transformation

Controls assurance, remediation and transformation is about delivering a robust control environment that meets the financial, operational, regulatory and legal requirements of a financial institution. Many institutions have significant issues with a costly, burdensome control environment, often built up over many years. Controls are often complicated, multi-layered, poorly understood and costly to operate.

Explore Content

These problems are often exacerbated by complicated IT systems, often inherited through historical acquisitions, poor communication between the front and back office and large volumes of customer / policyholder data to manage and process. Much of the back office's time is often spent rectifying data discrepancies, chasing missing data or clearing backlogs/reconciliation breaks. This is especially the case downstream in areas such as Product Control (banking), Reserving (Insurance) or Finance where the value add tasks and analysis are often secondary to a more re-active workload and on-going issue resolution. All of these issues can result in a waste of resource, are costly and can distract management from running the business.


Our approach addresses the above by reviewing the controls in an area of an institution often by product / process end to end or it can be as a result of an issue that has arisen and the cause of the problem needs to be identified and remediated. Our practitioners have a blend of skills and knowledge that are tailored to specific client requirements – this includes knowledge of vanilla and complex products, accounting and regulatory requirements, IT systems and controls, and an ability to perform process and data analysis. Our teams are therefore able to identify where problems arise or controls breakdown and suggest actions to remediate the control deficiencies and transform the control framework to make it more effective.

  • There is increased scrutiny by the regulator over the effectiveness of control frameworks and in particular that there is appropriate management oversight to identify and remediate issues. This is being highlighted through close and continuous conversations and we are seeing an increase in S166 reviews on the control environment.
  • Control issues have been identified by management or internal audit that the firm does not have the necessary resource or skill set to remediate effectively.
  • Management have acquired a new entity and require assurance that the control environment is fit for purpose.
  • Management are under pressure to reduce the cost burden of control functions and require an independent assessment of their control framework.
  • Major process, organisational and IT change programmes (such as Solvency II in Insurance) demand an upgrade in control environments.


  • Deloitte can undertake an independent review of the effectiveness and efficiency of the controls: front to back in an organisation; across a product set; across an entity; or within a specific function.
  • Deloitte can provide a deep dive review to perform a root cause analysis and remediate specific control breakdowns that that been identified by management or internal audit.
  • Deloitte can help clients proactively assess the effectiveness of their control framework to address current regulatory or industry hot topics such as rogue trader or the implementation of new regulatory requirements.