chili peppers


Operational Risk Services

Deloitte helps organizations transform the ways they leverage people, third-party relationships, technology, data, business processes, and controls to manage operational risks and elevate business performance. Developing integrated, strategically-aligned operational risk management solutions allow organizations to make optimized business decisions.


Our services

  • Internal Audit (IA)– We help transform internal audit functions by teaming with, or serving as, the internal audit function to make improvements in internal control and process efficiency and contribute to effective regulatory compliance. We provide input to established internal audit functions on their strategy and purpose, resourcing models, and technology.
  • Assurance– We offer specialized information technology audit services to deliver risk and controls, audit analytics to extract insights from data, as well as third-party assurance to manage risks from the extended enterprise.
    • Third Party Assurance (TPA) – We provide independent attestation services under many different standards, the most common being ISAE3402 (SOC1), SOC 2 (and SOC2 + GDPR), ISAE3000 and ISAE300 GDPR Attestation services. Follow the link for more information.
  • Conduct Risk– We help organizations assess and evolve the values, beliefs, tone, conduct, and understanding of risk culture to align with their strategy and business practices.
  • Extended Enterprise Risk Management– We evaluate and manage third-party risk related to outsourcing, licensing, alliances, and other business partnerships across the organization to maximize business performance, streamline information technology and licensing costs, and optimize supply chains.
  • Operational Risk & Transformation– We help clients transform the ways in which they leverage people, technology, data, business processes, and controls to address their operational risks and drive business performance.  
  • Technology & Data Risk– We help clients transform their enterprise-wide technology and data management frameworks to improve decision-making at the senior stakeholder level.

Download the report: Internal audit insights

High-impact areas of focus

This year’s edition of our Internal Audit Insights series identifies eleven areas of high impact for Internal Audit in the year ahead. It also explains why these areas are important to stakeholders and how Internal Audit might approach the area in upcoming audit plans.

PDF (30,2MB)

Key contact

Endre Fosen

Endre Fosen


Endre leder vår faggruppe innen "Governance, Risk and Compliance", og har arbeidet med risikostyring og etablering av risiko- og internkontrollsystemer for en rekke av Norges ledende virksomheter. Han... Mer