building the future

 Digital control

Our propositions for all risk, compliance and control functions is centered around the value new technology will bring to professionalise your way of working, lower the cost of control and increase the value of your control responsibilities towards the business, governance bodies, other stakeholders and society in general. We digitise your control.

With our vision of the future ‘towards continuous monitoring’ we can help you to define yours. We implement and optimise the use of technology to get you there using a proven approach and our internal control maturity model. Our consultants can help you on all relevant topics throughout your entire journey to world class. This includes improvement of the digital capabilities of your people and your company’s readiness for change and innovation. With our readily available best practice controls & compliance content we can speed-up your improvement efforts to easily reach your next level of control and stay there.

Your needs

We have an answer to all your control questions, and more

You are at risk or you have control issues?

You need control expertise in specialised areas?

Compliance pressure and in need of content and a methodology?

Adding value, control improvement or cost reduction objectives?

People competences or a lack of controls awareness.

New technology to improve your control function?

Our concept applied to control

Towards continuous controls monitoring

agsdi-gift-heart

Future proof vision

Board with us on a journey towards continuous (controls) monitoring, net risk monitoring, real-time compliance, continuous assurance, trust management and integrated shareholder dialogues. All elements of our vision for the future of control.

agsdi-calendar

Proven technology

Our proven technologies in the control space include among others WolterKluwers’ TeamMate audit software and Enablon GRC, SAP security & controls, Greenlight continuous monitoring, ValueCare analytics and many more.

agsdi-analysis

Result driven projects

With our best risk and control practice content, readily available in our technology, our communities of GRC-specialists and partners, and proven client implementation, we can guarantee a result driven project, in time and fixed priced with a focus on quality.

Continuous improvement

We build control change & innovation capabilities into your company and help your people to become digital in control. Via our control maturity model, we stick with you realising your vision step-by-step continuously adding value.

agsdi-gift-heart

Building the compass

Future proof vision

When you are considering new technology, such as analytics, GRC-software packages, or AMS software, we will help you select the right solution meeting your requirements and we make sure that your solution is future proof. Technology and control go two ways.  

First we need to be ask; ‘how do we control new digital solutions, like RPA, IoT, AI, and the transformation process towards digital? The second question and subject of this proposition is about how we can best use technology in the control functions, such as compliance, risk and internal audit? Both questions are answered with continuous monitoring (CM).

Continuous monitoring uses analytical capabilities of digital solutions and adds a control repository with specialised software to automatically document the operating effectiveness of controls or flag control failure in case of deviations.

CM creates new opportunities for Risk Management to real-time monitor net risk and rapidly intervene if necessary. Internal audit can use Audit Management Solutions to change its rigid annual top-down audit planning process into a more agile and fully integrated controls based audit. CM provides the compliance function with more real-time insight and reporting as well as continuous assurance.

We guide you in your path to digital control via the maturity model detailed under continuous improvement. Our vision on digital control is available in pdf in the download center.

BR1GHT Continuous Monitoring Towards Trust Management (CM2TM).

agsdi-calendar

Getting the right foundation

Proven technology

We help to select, implement and optimise the usage of technology to improve your control environment and realise your objectives.

This includes:

  • Compliance software.
  • GRC-software.
  • Security software.
  • (Enterprise) Risk Management (ERM) software.
  • (Internal) Audit Management System (AMS) software
  • Data-analytics solutions (for all lines of defense).
  • Automated controls testing & continuous controls monitoring.
  • Controls & Authorizations.

Our consultants help you from the business case definition, content identification and how to set-up the right change governance. Our clients communities provide access to the best experiences and insights from your peers. We can facilitate that you work on solutions together with your peers or help you sell your solutions to get a good return on your investments. We have partnerships with the following software vendors:

agsdi-analysis

Managed changes

Result driven project

We promise result driven projects to realise your objectives. We can guarantee this because:

  • we have best practice methodologies.
  • we work with cloud solutions, easy to deploy (we also support on-premises solutions if that is preferred).
  • we have best practice content embedded in the solutions giving you a head start.
  • we manage the project, with clear project steps, responsibilities, milestones and deliverables. Our approach includes the mitigation of risk and quality assurance.
  • we managing your context, management, and other suppliers and we are transparent in everything we do.
  • we work with our core team with experts via our people communities.
  • we collaborate with you and all our clients via our clients communities, sharing best practices and preventing pitfalls.
  • we team-up with implementation partners who, like us, have done the exact job earlier with positive feedback by their clients.

realising the future

Continuous improvement

Once a client, always a partner. We will join forces and via of our maturity model we will realise your current needs and guide you to the next level. We identify streams to help you continuous improve on control:

  • We have content and frameworks about almost all laws & regulations in all our territories of operation, including GDPR, the ISO-standards, COSO, CobIT 2019, Basel III, Solvency II, and so on. All readily available and updates in our technology offerings.
  • After the implementation of our control technology, we help you to further enhance the usage and integration of your solution with other relevant software, such as other GRC-software, data-analytics, BI-tooling or RPA and IoT platforms. Together we can realise continuous monitoring innovating your way-of-working.
  • People change management, includes awareness, training & education and building new capabilities. We will make your control experts digital and enable them to make  innovation and improvement part of their core competencies allowing your control function to constantly add value. You, as control specialist, are welcome in our expert communities, where you can stay up-to-date and share experiences with other specialist, both on work related topics and socially.
The BR1GHT maturity model for continuous improvement towards trust.

Do you feel yourself alone as a specialist?

Join us, stay independent, but still be part of our family.

Our integrated Solutions

How we bring our services together to add value?

Our solutions integrate state-of-the-art technology, consulting services, content and people & change capabilities to solve your problems and add value. We are specialised in the following integrated solutions:

  Business & industry specific control.

  GRC – continuous monitoring to trust (CM2TRUST).

  Risk Management (Digital Risk).

  Real-time compliance (RTC).

  Internal Audit world class redefined.

  IT & security.

  SAP security & compliance.

  Finance control.

  Change control.

Business & industry specific control

We are constantly building new control solutions for the first line (core business) tailored to the specific industries or sectors, such as health, municipals, government and banking, and their unique risks and requirements.

The core of our propositions are multiple technology components which we integrate with each other via API’s, creating broader and more in depth solutions. We provide multi-tenant technology solutions, which enables us to:

a.  create one technology platform for multiple clients in the same industry or sector. Clients can work together, learn from each other and implement sector specific frameworks. This enables for example volutarily oversight.

b.  offer our clients a central environment for all their controls and audits to share with service providers (IT-outsourcing) and oversight bodies. This creates benefits of real-time insight in controls executed by third parties and  transpancy toward regulators. Service providers don’t have to provide expensive SOC-statements; trust is established and third party assurance has no added value anymore. This concept is called vertical integration and can also be applied to horizontal integration, were parties in the value chain work together.

c. allows small audit departments to use the best technology solutions, which would have been too expensive to buy alone. We use these solutions ourselves when we provide audit and control co-sourcing and full outsourcing services.

GRC - CM2TRUST

The digital transformation of today is all about B2B integration.

a) Horizontal integration in the value chain providing a better client experience, by focusing on your core capabilities and melting them together with those of your vendors and partners in the value chain. With real-time client participation, creating business intimacy. Non-core business is sourced out to service providers.

b) Vertical integration, is all about control and trust from the regulatory bodies, where law and requirements are continuously managed throught the whole vertical chain towards control execution at (IT) services providers and the cloud providers.

For both horizontal as vertical integration, organisations rely on each other and therefor it is crucial to be continuously in control of your business and fully transparent. Transparency creates trust. Continuous Monitoring to trust (CM2TRUST). It encompasses a technology driven control improvement, a continuous stakeholder dialogue (integrated dashboards with supervisory boards and partners) and volutarily oversight.

Digital Risk

Our solution aims to help Risk Management to lead  a digital risk transformation, now and in the future. Digital Risk is all about

  Data Management.

  Process and workflow automation.

  Advanced analytics and decision automation.

  Risk Technology.

  Smart visualisation and interfaces.

  External Eco-system (working with peers and in the value chain).

  Talent & culture.

Digital introduces new risks that need to be managed and exciting opportunities to further add value towards net risk monitoring.

Risk Management will still define top-down ‘key controls’ to manage specific risk areas, however continuous monitoring will automatically ‘flag’ controls as operating effectively. This will increase the total level of risk assurance, reduce manual test efforts and thus freeing-up time to use to dive into other emerging risk areas. Risk Management will have a continuous control dashboard and the capability of net risks monitoring.

Real-time Compliance (RTC)

Continuous monitoring (CM) enables organisations into compliance transformation initiatives to proactively identify and address issues before they escalate to possible regulatory action. Technology-enabled transformations provides opportunities to move beyond “check-the-box” testing toward more meaningful insights that translate into business value.

CM leads to realtime compliance & regulation management (RTC) using digital drivers such as big data, machine learning, text-mining, and predictive and behavioral analytics with enhanced visualization and data discovery capabilities. RTC utilizes technology to alert you to possible non-compliance “triggers”. One approach is based on defining metrics, such as defining Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) with corresponding thresholds to trigger as events-of-interest occur, allowing opportunities for timely root cause analysis and corrective action to take place before these events build to significant impact in scale or scope.

Internal Audit world class redefined

We help our Internal Audit clients with the implementation of world class technology, content, and skills. We do that via consulting services, co-sourcing and full insourcing. Together with our people communities, we have all relevant audit capabilities under one roof and we provide the technology as part of our services (no vendor discussions and extra license costs).

A world class IAD consist of continuous and agile audits, the right governance and context to add value in improving control(s), the right stakeholder reporting line and communication, and a close working relation with internal and external parties. These include risk management & compliance, and the external (financial and other) auditors to provide combined assurance. Under the SOx regime, Internal Audit coordinates the SOx integrated audit (statements and controls).

We always start with technology and with the continuous monitoring vision, we strive to realise efficient audits, providing assurance by a certified IIA Internal Audit department. We put great empasis on building the right foundation, IIA workflows in the technology, Internal Audit branding, capability management and digital skills development. We support you in defining your context, building your strategy and charter, including all facets of the autit planning and execution.

IT & security

We have translated ready made controls frameworks built into our GRC- and Audit Management Solution TeamMate, which we constantly keep up-to-date. They include CobIT 2019, ISO27000, ITIL, ASL, BISL, CMMi, Prince2 en PCI DSS. We can implement them separatly or as an integrated framework. We have linked all frameworks together, so when you assign a control to a user, it is automatically tested for all the frameworks and you can easily switch between control frameworks. When you link your frameworks to compliance areas you have real-time insight in your compliance status. We have the following solutions:

 Pre-financial audit review. We have translated the financial audit requirements (ITGC’s – see picture) into key CobIT and ISO27000 controls.

 Continuous Monitoring, by automatically testing the controls, you reduce your manual tests with at least 30 percent enabling you to focus on added value.

  SOC 1 and 2 over IT-service departments, integrating customers and service providers into one technology platform. This creates realtime insight in the operating effectiveness, resulting in the capability to immediatly mitigate and / or provide trust. A separate expensive SOC report in not necessary anymore. 

  We provide all types of IT and security audits and support our clients to mitigate IT controls deficiencies reported by their accountant or third party auditors. Our activities include ITGC’s, application controls, IT dependency controls and IT controls and corporate level (entitity controls).

SAP security & compliance (SSC)

Keeping the security and availability of your SAP solution high is a tremendous value to your business. Our solutions combine deep skilled SSC experience with best class content and tooling to:

 decrease the risk of a system intrusion.

 ensure the confidentiality of your business data,

 ensure the authenticity of your users,

 substantially reduce the risk of costly downtime due to wrong user interaction.

Our SSC solutions cover SAP HANA, SAP BRIM, SAP ISU, SAP GRC (Access Control, Process Control, Fraud Management, Risk Management and Audit Management – see image). Our SSC solutions deliver the flexibility to administer expert security and audit-ready compliance coverage, or simply provide expert support when you need it most. You’ll have our dedicated core team of highly-trained SSC consultants who will develop a deep understanding of your security architecture.

The result is a more strategic approach to the management of your environment, seamless interactions between your team and us, and faster issue resolution. Our core team works closely together with a large specialist SAP community, so you will always have the right expert to support you. 

Finance control

Our finance control solutions, include, financial management, financial control, business control and operational Finance and is executed by our experts, known for their hands-on attitude, well-developed soft skills and broad experience among different industries.

Our technology (WoltersKluwer Tagetik, ValueCare and SAP Billing & Revenue Innovation Management (BRIM)) supports the following processes:

  • Budgeting Planning & Forecasting
  • Profitability Analysis
  • Cash Flow Planning and Analysis
  • Financial Close & Consolidation
  • Financial Reporting
  • Complex services billing
  • Disclosure Management
  • Compliance Regulatory Reporting
  • Advanced Analytics & Dashboarding

Change control

Change is constant – change control needs to be continuous and based on a strong vision. Change is everywhere and all with their own dynamics – change control needs to be agile. Digital solution are highly connected – change control needs to be integrated. 

Our methodology is modern, proven and tailored to control all agile (SAFe) and more traditional (waterfall) changes. It encompasses 12 interlinked control areas, starting from a vision, identifying interdependencies and integrating multiple change programs. Our methodoly acknowledges strategic relations with partners. A strong emphasise lies on people and their change capabilities, as part of a project and as part of continuous improvement. Our methodology:

 Comes standard as part of all our implementations and change programs

 Is a separate solution for build quality control and assurance capabilities in your organisation.

 Is available as part of your change program.

 Uses communities with experts on your business topics. Traditional QA is too high level. In dept knowledge over your systems and context is needed to add value.

 Integrated. No monthly reporting, but direct communication with all stakeholders on a continuous bases, flagging issues when they occur and focused on solutions.

Recent client experiences

Recent client experiences

Let’s get digital in control together

Please contact us if we made you curious and you want to learn more about our proposition Digital Control and our solutions.

If you would like to receive news or insights, please go to our contact page.

Thank you so much for you interest in us!