Governance, Risk and Compliance

Confidence through risk management

Non-Financial Risk has become more than a buzz word used only by the largest organisations in the world, but a critical requirement for all organisations no matter the size. With the ever increasing changes in regulation, the demands from the regulatory bodies is never ending, and not having a sufficient operational risk framework can have huge implications for your business, and the way it operates. Non-Financial Risk has now become the leading risk class of focus for all businesses, regardless of nature or complexity, impacting all revenue lines.

At Deloitte, we have worked with the market leaders to help them build risk management frameworks, develop strategies that allows the business to thrive and implement the systems that enable management to reduce the impact of operational risk and let them focus on what they do best, running their business. 

So at Deloitte we have reviewed each and every one of these projects to identify common themes and requirements.  We have combined our market leading knowledge of Risk Management Frameworks with our implementation experience with market leading GRC tools such as RSA Archer® Suite, to produce pre-packaged solutions to meet your needs. 

The Risk Accelerators makes our expertise more readily available and affordable, providing your business with the tools it needs to manage Non-Financial Risk powered by Deloitte risk knowhow and market leading GRC tools. 

Giving you Confidence through Risk Management.

Key industry challenges

Click on the titles to expand the boxes.

Granularity of risk assessments and emergence of risk and control libraries

  • Organisations are now expected to have Operational Risk and Control Self-Assessment (RCSA) data for all entities, functions, business lines and geographies. Deloitte’s Risk Accelerators enable this in an efficient manner by setting up the relevant data hierarchies in the GRC system and allowing RCSA data to be easily captured by the 1LOD teams and reported and analysed by 1LOD and 2LOD teams.
  • If the definition of Risks and Controls are not standardised across an organisation, the volume of RCSA data grows very quickly, reducing the ability to consolidate and analyse risks.

Enabling ‘end to end process’ consideration of operational risk

  • Defining a Process library can play a crucial role in allowing organisations to utilise RCSA data to identify cross-functional impacts. Deloitte’s Risk Accelerators comes pre-built with the capability to run RCSAs from a process perspective.

Increasing 1LOD buy-in and embedding risk culture within the organisation

  • A well designed user experience for the GRC system can be the difference between 1LOD business users completing RCSAs to meet internal policies and using RCSA’s to inform and better manage their business. Deloitte’s Risk Accelerators are designed to make it easy for users to input, report and analyse risk data, enabling 1LOD risk and business teams to embed risk processes for decision making.

Identify, monitor and report on KRIs

  • An efficient and value-add framework to capture and monitor KRI’s has proven to be a significant challenge for organisations for a number of reasons. The number of KRIs tracked needs to be carefully examined to determine the objective and frequency of data capture for each KRI. Operational KRI data typically is recorded in various 1LOD business systems that consumes effort in data consolidation, reporting and analysis. Deloitte’s Risk Accelerators allow for the efficient setup and monitoring of KRIs at various levels of the organisation that becomes the single source of KRI data.

Operational Risk Losses

  • Operational Risk Losses should be driven by a consistent firm-wide framework that allows for the capture, reporting and analysis of loss data. Organisations must overcome the challenge of integrating loss data with the Risk, Control and KRI framework to help establish a proactive rather than reactive risk management approach. Deloitte’s Risk Accelerators come pre-built with an integrated framework to enable this and the system is pre-configured to provide instant value to the organisation.

How Deloitte can help

  • Deloitte’s Operational Risk Governance, Risk & Compliance (GRC) solution based on the RSA Archer platform accelerates the implementation of GRC systems.
  • Our GRC solution is implemented using our proven GRC methodology and deep risk domain insight, whist leveraging the strong Deloitte and RSA alliance to configure pre-packaged products into a solution.
  • Within the Operational Risk Accelerator (ORA), an integrated object model and core-data architecture captures the desired business processes, components and capabilities of enterprise GRC technology solutions. This will help guide the design and configuration of your solution while helping to make sure that the configuration is methodical and considers scalability.


Key benefits

Accelerated implementation Leverages Deloitte insight
Reduced impact on processes Lower cost to deliver

Our approach

Whether you already have a risk management framework that you are comfortable with, or need to develop one – the ORA will get you to a fully working solution within 12 weeks.  We start by comparing our generic risk management framework to the one you currently have and identify areas of difference, no need for a detailed requirements gathering stage.  Deloitte’s risk experts talk to your risk experts.

Operational risk processes in scope

The ORA covers operational risk processes, with the option to extend to other areas that meet your framework needs:

  • Enterprise Hierarchies (Entities, Businesses, Functions, Geographies)
  • Risk Hierarchy (Risk Taxonomy aligned to the Basel Framework)
  • Process and Products Libraries
  • Risk Register
  • Control Libraries
  • Risk and Control Self Assessments
  • Loss Events
  • Metrics (KRI, KCI, KPI)
  • Issue Management (Issues, Action Plans, Exceptions)

Our services

RSA Archer Licensing

  • Deloitte can provide RSA Archer pricing on Term and Perpetual license

Implementation of GRC framework and system

  • Deloitte utilises a GRC delivery methodology that ensures full coverage of requirements in a reduced time-frame

Post-Go live support

  • Plan and deliver end-user GRC training and Rollout Strategy

Single-Tenanted Cloud Hosting and Infrastructure Administration

RSA Archer Solutions Administration

Key contacts

Robert Brooks

Robert Brooks


Robert is a Director in Deloitte’s GRC practice; he co-leads the GRC proposition team in Financial Services. Robert has delivered multiple GRC implementations ranging from Financial Close management, ... More

Jack Pilkington

Jack Pilkington


Jack is a Partner in Deloitte’s Risk Advisory team, and specialises in technology risk and control design, implementation and assurance services in the Financial Services sector. Jack leads the UK Fin... More