Our services

Nine specialist services.
One senior-led team.

Specialist assurance and advisory across nine practice areas, from core internal audit through to AI governance, data risk and third-party assurance. All work is senior-led. There are no tiers of staffing between the person you speak to and the person doing the work.

Internal Audit

Consulting, co-sourcing & methodology

Whether you need support for a specific assignment or a longer-term co-sourcing arrangement, we provide experienced internal audit practitioners who can operate across your business from day one.

Audit plan development aligned to your risk appetite and board expectations

Co-sourcing and outsourced IA delivery across operational, financial, and thematic reviews

IIA-aligned methodology development and audit framework design

Audit function transformation and operating model review

Quality assurance and improvement programmes (QAIP)

Technical subject matter expert support for high-risk audit areas

Enquire about this service →

Risk & Regulatory Advisory

Remediation, financial crime & compliance

For firms navigating live regulatory pressure or building longer-term risk management capability. We have direct experience of Consent Orders, s166 skilled person reviews, and major regulatory remediation programmes.

Regulatory remediation project management and oversight

Financial crime audit and advisory, AML, sanctions, fraud risk

Consumer Duty assurance and gap analysis

ESG and sustainability audit advisory

Skilled person (s166) support and preparation

Basel finalisation and prudential risk advisory

Enquire about this service →

Interim & Senior Resourcing

Senior cover & SME deployment

Loss of key audit or compliance staff is disruptive. We provide senior interim professionals who can step into critical roles and maintain the quality of your coverage without a protracted recruitment process.

Head of Internal Audit interim cover

Compliance monitoring and assurance roles

Subject matter expert deployment across specialist disciplines

Flexible contract terms, inside or outside IR35

Permanent search and placement support

European and international deployment capability

Enquire about this service →

Economic Crime & Compliance

ECCTA failure-to-prevent fraud advisory

The failure to prevent fraud duty under ECCTA Part 4 came into force on 1 September 2025. We help firms understand their obligations, assess their current procedures, and build the evidence their boards need.

ECCTA gap analysis against the six Home Office principles

Fraud risk assessment and control mapping

Procedures adequacy review and independent validation

Internal audit SME input for ECCTA audit coverage

Board and senior management briefings

Anti-bribery and broader corporate criminal liability advisory

Full ECCTA detail → Enquire →

Consumer Duty Internal Audit & Assurance

Gap analysis, outcome testing & board reporting

Moving from "we have a plan" to "we can evidence good outcomes." We provide independent Consumer Duty gap analysis, readiness assessment, outcome testing and ongoing audit assurance, structured in three phases to match where your firm is in the journey.

Consumer Duty diagnostic, RAG-rated gap assessment across all four outcomes

Readiness and implementation assurance, governance, accountability and embedding

Outcomes assurance and thematic audit, outcome testing, MI review, fair value

Vulnerable customer deep dive, specific FCA focus area with high expectations

Board readiness assessment, can the board credibly approve the annual report?

Third party and distribution chain oversight

Deliverables include:

Executive summary with overall opinion

RAG-rated findings mapped to FCA outcomes

Maturity score by theme

Prioritised remediation roadmap

Board report wording and committee slide pack

Evidence register and action tracker

Full Consumer Duty detail → Enquire →

AML and Financial Crime Assurance

Gap analysis, thematic audit and remediation validation

Independent assurance over anti-money laundering, CTF, KYC, sanctions, transaction monitoring and suspicious activity reporting. We test whether controls actually work, not just whether they exist.

Financial crime gap analysis against MLR 2017 and JMLSG guidance

AML readiness assessment for firms under regulatory scrutiny or in change

Control design and operating effectiveness review

Thematic reviews of PEPs, sanctions, SAR quality and high-risk onboarding

Remediation validation and Consent Order sign-off support

Third-party and outsourced AML operations oversight

Full detail → Enquire →

AI Governance and Technology Risk Audit

Model risk, algorithmic fairness and AI oversight

Regulators expect boards to demonstrate credible oversight of AI and automated decision-making. We provide independent audit and assurance over AI governance frameworks, model risk controls, and algorithmic fairness, aligned to FCA expectations and PRA SS1/23.

AI governance gap analysis against FCA and PRA expectations

Model risk audit: inventory, development, validation and approval

Algorithmic fairness and Consumer Duty outcome testing

Generative AI and third-party model risk governance

SMCR accountability mapping for AI and model risk

Full detail → Enquire →

Third-Party and Outsourcing Risk Assurance

Supplier oversight, DORA and operational resilience

Regulated firms are responsible for what their suppliers do on their behalf. We provide independent assurance over third-party risk frameworks, critical outsourcer oversight, concentration risk and exit planning, aligned to FCA SYSC 8, PRA supervisory statements and DORA.

Third-party risk framework review against FCA SYSC 8 and PRA requirements

Critical outsourcer and material third-party audit

Vendor onboarding and due diligence process review

Concentration risk and portfolio-level dependency assessment

Exit planning and operational resilience testing

Full detail → Enquire →

Data Governance and Model Risk Assurance

Data quality, BCBS 239 and model risk audit

Poor data governance sits underneath almost every other risk. We provide independent assurance over data quality controls, governance frameworks, model risk management and regulatory reporting data, aligned to BCBS 239, PRA SS1/23 and FCA expectations.

Data governance framework audit: ownership, quality controls and lineage

BCBS 239 compliance assurance and gap analysis

Model risk programme audit against PRA SS1/23

Regulatory reporting data quality review

Data governance readiness for AI deployment

Full detail → Enquire →

Not sure where to start?

A short conversation is usually enough

Most of our engagements begin with a brief call, usually 30 minutes, to understand what you are dealing with and whether we are the right fit. There is no commitment involved.

Speak to us →

From our insights

Relevant reading

All insights →

ECCTA

Under pressure from a regulator or facing an audit gap?

We can usually begin work within two to three weeks. If you have an immediate need, the quickest thing to do is get in touch directly.

Email us → LinkedIn

A short conversation is usually enough

Relevant reading

What the failure to prevent fraud duty means for your 2026 audit plan

How to manage an FCA supervisory review without losing audit independence

Building an IIA-aligned methodology from scratch: a practical framework

Under pressure from a regulator or facing an audit gap?