Audit and risk management
Deloitte Luxembourg combines its experience and knowledge with that of Deloitte EMEA member firms to offer a wide range of services to meet European Institutions’ audit and risk management needs.
With the EU providing funding and grants for a vast range of projects and programmes, accountability and transparency are vital to ensure that EU funds are used properly. We provide tailor-made audit and risk management services to meet European Institutions’ exigent accountability and transparency requirements.
Audit and risk management
We help European Institution to comply with applicable regulation and governance requirements, as well as to anticipate the key risks they may face. The main focus of Deloitte Luxembourg’s service line is on financial audit and compliance reviews.
Financial audit and compliance reviews
We undertake audits on behalf of the Commission to assess the compliance of the operational and financial management of EU co-funded projects and programmes. This includes: audit of expenditure/ cost statements submitted by the beneficiaries of the EU grants/ subsidies; operational reviews to assess the compliance with contractual provisions (e.g. procurement regulations); process and organisation audits to assess effectiveness of management and control systems put in place by the beneficiaries (including Member States) in the context of direct or shared management of EU programmes.
Organisation-wide and operational assessments
We assist the DG/Agency to develop an adequate risk management response including risk management plan and activities. We do this through the performance of interactive risk assessment exercises to identify risks that can affect the organisation and its operations, using risk maps and assessment frameworks tailored to the specific environment.
Internal control assistance and advisory
We assist the Commission and agencies in implementing general monitoring and internal control frameworks by developing tools and methodologies tailored to their operations and programme activities. This includes assessment tools, control checklists, and control activity planning support.
Business continuity planning
We assist European Institutions with Business continuity planning, enabling them to weather disruptive times, and still achieve a reasonable level of end-to-end availability of essential business practices. Through our services, Institutions are able to overcome challenges ranging from natural disasters to political and economic stability – in the face of which traditional risk management systems are all too often inadequate.
ICT security frameworks and standards
We assist European Institutions by producing technical guidelines and recommendations for the adoption of cybersecurity frameworks, standards and good practices in the public and private sectors. We work with the industry, the Commission, ENISA and the Member States in stimulating the development and adoption of security frameworks, standards and technical norms. Specifically, we perform extensive research, surveys and workshops with key stakeholders, in particular the ICT product manufacturers and service providers, including cloud providers.
Cybersecurity capacity, strategy and policy building
We help European Institutions to assess the maturity of their cybersecurity controls and benchmark those controls against good practices. As such, we help to define the strategy and roadmap for improving the cybersecurity controls at organisational level. We also assist the European Institutions in cybersecurity capacity building, including assisting with training and supporting the creation of relevant policies, strategies and capabilities.