ServicesGovern & AssureFinance & TransactionsTransform & DigitizeOperate & Scale
FrameworkAI Policy DevelopmentResponsible AIData Governance
RegulationsGCC regulationsRegulations & standardsResearch & benchmarks
Insights
About
Contact
Book a consultation
Services

What we deliver, across four pillars.

Governance & AI assurance, corporate finance & transactions, transformation, and managed operations — one accountable partner.

Pillar 01

Govern & Assure

Controls a board can publicly defend — not just claim.

01

AI Governance

Clear rules for how your organisation uses AI — and a named owner for every decision. We design governance that survives a regulator's questions, not just a steering-committee slide.

  • AI governance charter
  • ISO/IEC 42001 AIMS design
  • Board oversight framework
Explore AI Governance →
02

Corporate Governance

Controls a board can publicly defend — not just claim.

  • Board and committee structure
  • Governance charters
  • SCA Governance Code alignment
Explore Corporate Governance →
03

AI Risk & Compliance

AI risk assessment and compliance mapping built for the GCC: CBUAE, DIFC Regulation 10, ADGM, UAE PDPL and the EU AI Act, reconciled into one register your audit committee can read.

  • AI risk assessment (NIST AI RMF)
  • Compliance obligation matrix
  • EU AI Act risk tiering
Explore AI Risk & Compliance →
04

Internal Controls (ICoFR)

The SCA's circular on internal control ends the trial phase on 31 December 2026 — from 2027, the auditor's opinion on your controls is public.

  • Key control identification
  • Control design & operating effectiveness testing
  • Deficiency remediation
Explore Internal Controls (ICoFR) →
05

AI Audit & Assurance

We test AI systems the way auditors test controls — independently, against defined criteria, with evidence — and report what we find in language an audit committee can act on.

  • AI audit programme
  • Bias & fairness test results
  • Explainability assessment
Explore AI Audit & Assurance →
06

Enterprise Risk Management

A risk register is not risk management — appetite, ownership and response make it real.

  • Risk appetite statement
  • Risk identification workshops
  • Risk-to-control mapping
Explore Enterprise Risk Management →
07

AI Security & Resilience

AI-specific security controls mapped to ISO 27001, incident playbooks for model failures, and continuity planning that assumes the model will eventually be wrong, poisoned or unavailable.

  • AI security control set
  • Adversarial risk assessment
  • AI incident response playbook
Explore AI Security & Resilience →
08

Internal Audit & EQA

Internal audit programme design, co-sourced fieldwork delivery, and External Quality Assessment (EQA) — anchored in decades of Big Four and group-level audit leadership at the region's leading financial centre.

  • Internal audit charter
  • Risk-based audit plan
  • Co-sourced fieldwork delivery
Explore Internal Audit & EQA →
09

IT Audit & System Controls

Access, change and data controls decide whether any reported number can be trusted.

  • Access control review
  • Change management testing
  • Backup & recovery testing
Explore IT Audit & System Controls →
10

Continuity & Crisis

Continuity is tested on the worst day — the plan has to exist, work and be rehearsed before it.

  • Business impact analysis
  • Recovery plans
  • Crisis leadership and decision structure
Explore Continuity & Crisis →
11

AI Consultancy

Ready-check, high-payback use cases, and safe pilots aligned to ISO/IEC 42001.

  • AI readiness assessment
  • Use-case discovery and prioritisation
  • Safe pilot design and delivery
Explore AI Consultancy →
12

Virtual Chief AI Officer

A part-time senior AI owner on retainer, aligned to ISO/IEC 42001 and DIFC Regulation 10.

  • Ongoing AI strategy and oversight
  • Board and committee reporting on AI
  • Regulatory monitoring and escalation
Explore Virtual Chief AI Officer →
Pillar 03

Transform & Digitize

Change that ships — with the checks built in from day one.

01

Business Transformation

Programmes fail in design, not delivery — we build the controls in before go-live, not after the audit.

  • Target operating model
  • Controls-by-design
  • Stage-gate checkpoints
Explore Business Transformation →
02

Process Re-Engineering & PMO

Enterprise-wide process redesign, and a PMO that keeps delivery honest.

  • Process mapping
  • Process redesign
  • PMO setup
Explore Process Re-Engineering & PMO →
03

ERP & Finance Systems

IFRS 18 applies from January 2027 — reconfiguring during a live close is the expensive way to meet it.

  • IFRS 18 readiness assessment
  • Chart of accounts redesign
  • ERP reconfiguration
Explore ERP & Finance Systems →
04

Automation & E-Invoicing

Readiness is a project you schedule, not a scramble — automation first where volume and error rates are highest.

  • Automation opportunity assessment
  • Process automation
  • E-invoicing readiness
Explore Automation & E-Invoicing →
05

Data & Analytics

When every department reports different numbers, leadership is choosing between versions of the truth.

  • KPI definition
  • Board & leadership dashboards
  • Data cleansing
Explore Data & Analytics →
06

Cybersecurity

Defence measured against recognised standards, ranked by what an attacker would try first.

  • Security posture assessment
  • Standards benchmarking
  • Ranked remediation plan
Explore Cybersecurity →
07

Finance Process Improvement

Finance-function processes — invoicing, collections, approvals — mapped, tightened and reported.

  • Process mapping
  • Approval workflow redesign
  • Delegation of authority
Explore Finance Process Improvement →

The engagement model.

Fixed-scope first engagements or retainer arrangements — whichever fits your board and audit committee's risk appetite.

Book a consultation