We have a range of services and capabilities that can be designed to meet a clients’ specific needs.
These cover standardising, integrating and optimising the GRC framework, Request for purchase (‘RFP’) execution for Technology acquisition, strategy and business case definition, change delivery and advisory services
Our experience includes, but is not limited to the below mentioned areas.
Integrated Control Framework
We have experience of working with clients to standardise disparate approaches to Control Assessments and Testing, Risk and Control Self-Assessments, KRIs, Incident and Events and Policy and Standards implementation. Standardisation facilitates the integration of the framework to manage risk through simplified reporting and regular Policy and Regulatory Effectiveness reviews.
We have experience of working with clients to re-define and re-establish the three lines of defence model to ensure the correct responsibilities exist in each line and that resources are applied accordingly. This served to strengthen the understanding and respect between the differing lines of defence.
We have experience of defining audit, risk and compliance reporting to integrate and standardise GRC views that can be replicated and reused across the organisation, designed to deliver value to all three lines of defence.
We have worked with clients to construct risk taxonomies that identify and categorise the long term risks in the firm alongside cause categories and control types. We have also helped construct risk ‘libraries’ at the more granular level.
Delivery & Rollout
We have worked with clients on the delivery, rollout and embedding of various technology platforms not just GRC technology. Our engagements have seen us influence technology, business and data strategy for our clients.
Training and Adoption
We have worked with clients to establish training and adoption strategies to support the rollout of GRC platforms ensuring the appropriate training, knowledge and cultural incentives are in place to fully embed the new platform and processes.
We have overseen the creation and adoption of new Policies and Standards. We hold clients to account and ensure sound structure of Governance in plain English, in a way so that employees can understand how and if, internal and external rules and requirements apply to them. We have also challenged the way data is managed and maintained to foster further standardisation and create corporate language.
Strategy and Business Case
We have worked with clients to establish robust strategies and business cases to establish the case and understanding of GRC transformation and platform delivery within organisations. Ensuring the appropriate understanding and buy-in to the benefits that have relating to cost and efficiency as well as governance, risk and compliance.