Controls Advisory Services

Turn your internal controls into a competitive and strategic advantage.


Most companies, regardless of size or sector, are on a journey of continuous improvement with regard to their internal control environment.

Our experience shows that the process of regulatory compliance and the implementation of effective internal controls increase confidence in the business, corporate reporting and improve overall governance. We believe that a properly implemented control framework of the right size provides a number of benefits across the company, including:

  • Proven improvement in governance and risk management
  • Agile and confident decision-making
  • Greater efficiency and effectiveness of key business and IT processes
  • Greater insight into key business risks, driving more effective decision-making
  • Reduction in manual and time-consuming activities
  • Reduced risk of fraud
  • Greater transparency and accountability across the organisation

The planning and implementation of effective internal controls require a combination of know-how, processes and technology. Internal controls must be thoroughly tested to ensure that they are fit for purpose.


How we can assist you:

  • Internal Control:
    • Walkthroughs, design testing, and operational effectiveness testing of controls
    • Identification of deficiencies in existing controls and recommendation of remediation and improvement opportunities, based on best practices and market frameworks (ISO (International Organisation for Standardisation), COSO (Committee of Sponsoring Organisations of the Treadway Commission), ISACA's COBIT (Control Objectives for Information and Related Technologies), among others)
    • Comprehensive analysis of internal and external risks, including identification, analysis, assessment, mitigation, monitoring, and communication
    • Preparation, review, and updating of internal standards and policies
    • Preparation, review, and updating of risk matrices
    • Continuous monitoring of the effectiveness of internal controls
    • Review of the GRC (Governance, Risk and Compliance) model 
    • Support in improving the design of existing controls, creating new controls and remediating controls with opportunities for improvement
  • Independent assessments to be carried out by an entity external to the Institution, as provided for in Bank of Portugal Notices No. 3/2020 and No. 2/2025: (For other compliance services, see Compliance Advisory Services - BDO)
    • Article 32(8): independent assessments of the adequacy and effectiveness of the internal audit function, to be carried out periodically, at least every five years
    • Article 30(4): periodic independent assessments of the compliance of the information flows established within the Institution 
    • Article 29(7): periodic independent assessments of the adequacy of the processes for obtaining, producing and processing information implemented in the institution, as well as of the control mechanisms, which include the intervention of the internal control functions within the scope of their respective competences, with a view to ensuring that all information produced by the institution is reliable, complete, consistent, up-to-date, timely, accessible and granular.
    • Article 3(2): periodic and independent assessments of the institution's conduct and values, which also focus on the conduct and values of the management body itself and its committees.
    • Article 3(3): periodic and independent assessments of the conduct and values of the supervisory body, which may be carried out in conjunction with the assessments referred to in the above article.