Controls transformation & assurance


Controls transformation & assurance

In an environment of escalating IT security threats, technology outages, data integrity and quality issues, corporate governance concerns and privacy mandates, organizations need to be sure of the integrity, confidentiality, and availability of their information and underlying systems. This requires information systems that are properly deployed, monitored and controlled.

Leveraging its global network and in-depth industry knowledge, Deloitte member firms assist organizations with mitigating the risks associated with internal systems, business processes, projects, applications, data and third party reliance. Integrated information and controls assurance services including Internal Audit, Information and Controls Assurance, Contract Risk and Compliance, and Sustainability and Climate Change Risk Services.

Internal audit

Many enterprises face problems in their organizations with insufficient internal audit structures; lack of compliance with IIA standards or regulatory requirements (e.g. stock exchange requirements) , the necessary skills and competencies within the internal audit department and need for the implementation of a risk-based internal audit approach.

Our Internal Audit Advisory Services assist boards and senior executives in more effectively managing enterprise risks by helping organizations protect shareholder value and enhance effectiveness, quality and value. Our broad understanding of risks and areas of operational improvement, particularly the nuances of specific industry sectors and markets, can help internal audit functions improve their performance and operating efficiency and bring value to their organizations.


Cosourcing is a flexible and collaborative approach to support existing internal audit departments. We can help build on existing strengths while seeking to improve overall value. You maintain control and responsibility for the function while Deloitte provides advice, leading practices and experienced professionals with industry and specialized capabilities. Our cosourcing services include:

  • Business process or control environment review and testing;
  • IT controls audit; and 
  • Fraud investigation.


In a full outsourcing arrangement, we serve as your organization’s internal audit function, while your chief audit executive or other senior executive retains overall control over internal activities. This provides the benefit of our global, methodical approach and access to professionals with experience best suited for each internal audit project. Internal audit outsourcing services can include:

  • Preparation of a risk based annual internal audit plan
  • Conduct planned or ad-hoc audit reviews, and 
  • Preparation of audit reports for the Audit Committee and follow up of audit findings.

Internal audit advisory

Internal Audit advisory engagements represent assignments to assist organizations with internal audit services not captured by outsourcing or outsourcing. Services in this area may include, for example, general consultative advice or training, Internal Audit transformation services or effectiveness reviews, quality assurance reviews in accordance with your requirements and the IIA Standards, strategic risk assessment and advisory and industry benchmark studies.

Control and process opportunity services

Conducting business successfully in your organization is a complex matter. It requires the effective use of people, processes, systems and technology. Many successful organizations invest heavily in the latest enabling technologies and methods to improve efficiencies. Yet, their investments often don’t yield the promised benefits when they simply overlay existing processes with new technologies. Unsurprisingly, such integration failures are all too common.

To obtain the best results from your investments and to manage associated risks, you need to have assurance that your business processes are adequately controlled and working effectively to meet your business needs. The need for control and the desire for process efficiency are diametrically opposed, which requires careful balancing to avoid unnecessary risk or bureaucracy.

Our Control & process opportunities (CPO) group provides a wide range of professional control and process type services to organisations, and support them in identifying key risk areas within their business processes. The focus of the CPO team can be either all company processes and controls or special areas to improve (monthly closing, reporting, supplier selection, planning and forecasting, master data management and the relating controls).

Our Control and process services include:

  • Control environment maturity assessment
  • Supplier selection, periodic review and evaluation and ownership review
  • Business process re-engineering (reorganization, changes in leadership)
  • Company policy review and comparison to best practices 
  • Enhancement of Master data and contract management 
  • Revenue Assurance and Accounts Receivable Management (credit risk, CRM system, dunning process, discount reviews) 
  • Segregation of Duties review 
  • Planning and forecasting process review 
  • Improvement of Supply Chain and Warehouse management process 
  • Monthly closing procedures / fast closing 
  • Development of as-is business processes and systems documentation (process narratives and flowcharts)
  • Process and controls for T&E expenses

Contract Risk & Compliance

In today's business world, organizations rarely go it alone. They increasingly rely on outsourcing, licensing, alliances, and other business partnerships to meet their objectives. These complex relationships are governed by financial and legal agreements that are often poorly monitored.

A lack of controls around these relationships creates risks, either reporting or operational in nature, and can lead to brand or reputation damage and the loss of significant revenue through uncollected royalties, misreported claims, and inadequate inventory controls.

A well-conceived Contract Risk & Compliance (CRC) program, however, can help organizations better identify and mitigate the risks, while enhancing the benefits of business arrangements. CRC is focusing on risk management that can help organizations optimize relationships with other entities to improve business processes, maximize revenue, manage costs, address risks, strengthen relationships, and boost performance.

The CRC team assists clients in identifying, evaluating, and mitigating key risks associated with external business relationships. Our services focus on assisting you with the validation of information exchanged between you and your customers, vendors, and third party service providers; and helping you improve your contract compliance monitoring processes and controls.

Our services include:

  • Royalty and Franchise Assessment 
  • Advertising Assessment 
  • Distributor reviews 
  • Vendor Compliance Assessment 
  • Internal Control Assessment 
  • Inventory review

Information & Controls Assurance

Information systems rely on work processes that, if not well deployed, monitored and controlled, can be the source of considerable risk. In spite of their sophistication, technical information systems are not infallible. Occasionally, they will produce incomplete, inaccurate and invalid data for a multitude of reasons. With increased IT corporate governance concerns, security threats, data quality issues and privacy legislation, today, more than ever, organizations need to ensure the integrity, confidentiality and availability of information and the underlying systems. Implementing checks and balances for projects, work processes, computer applications and the underlying systems and third parties is one way to mitigate risks. The Information & Controls Assurance services focus on the identification and mitigation of risks affecting internal systems, business processes, projects, applications, data and third parties.

In this respect we provide integrated external audits, ISO (International Organization for Standardization) compliance services, third party reporting and controls transformation services.