Our offer includes a wide range of high-end services for
companies across industries

Companies' lives are not limited to doing business. They have countless laws to comply with, mandatory regulators requirements to meet, stakeholders to please. They also face soft challenges, such as finding their own identity, creating a better working environment, leveraging data to enhance governance and management, etc. With new competitors springing up every day, flexibility is the key to success. Smart Companies free themselves from unnecessary hassle by relying on third parties to resolve the most challenging of their concerns.

Whether you're in the public sector, or in the agriculture business, a financial institution or a tech pioneer, an energy giant or a learning provider, when it comes to attracting and retaining more customers, design a flexible yet performant control environment, survive in adverse circumstances, adapt to an increasingly digitized world, you need to be able to create a variety of plans and test, iterate, and ship what works. You need to stay up to date with important regulations. You need to be able to capture and understand relevant performance data and get insights to improve revenue generation and your business operations. You need to reduce exposition to cybercrime. You need to successfully structure your financing. Your need to know and manage your risk appetite. You need to successfully run your business through times of sinister. You need excellence.

Our catalogue contains solutions for Banks and Financial Institutions, IT and Data as well as custom-tailored training solutions.

Banks and Financial services
IT and Data
Global Industries
Trainings
Risk Appetite Framework
ICAAP & ILAAP
Risk Mapping
Preventive Recovery Plan
Internal Audit and Control
Data analytics solutions
Information Systems Audit
IS Security Policy
Business Continuity Plan
IT Strategy and Master Plan

Building your Risk Appetite Framework

Banking regulators anticipate that financial institutions will establish a risk appetite framework that is annually approved, overseen, and evaluated by their governing body and executed by their management body.

The risk appetite framework defines the level and type of risk that a financial institution is willing and able to assume in its exposures and operations, given its strategic and operational objectives and obligations. The risk appetite framework is an integral and critical part of the decision-making process. It is used for budget discussions with the various business lines, risk units and subsidiaries.

We support you in the end-to-end development of your risk appetite framework by helping you to:

  • facilitate strategic dialogue between your Board and your executive body
  • identify the desired risk levels
  • identify the levels of unwanted risks
  • formulate your risk tolerance
  • determine risk limits in relation to your current and forecasted level of equity capital
  • formulate your risk appetite statement
  • communicate your risk appetite
  • and set up a system for monitoring and reporting on the framework
illustration of a woman validating acceptable business actions

Internal Capital Adequacy Assessment Process and Internal Liquidity Adequacy Assessment Process

Inadequate and low-quality capital frequently exacerbates the extent and severity of financial shocks in the banking sector. This was the case during the recent financial crisis, which forced banks to rebuild their capital bases at the most inopportune time.

ICAAP therefore plays a crucial role in the risk management of credit institutions.

According to the European Central Bank (ECB), "The Internal Capital Adequacy Assessment Process (ICAAP) and the Internal Liquidity Adequacy Assessment Process (ILAAP) are key risk management tools for credit institutions. If reliable, these processes can make a substantial contribution to the calculation of capital and liquidity requirements as part of the supervisors' review and assessment process."

As part of the ICAAP, credit institutions are expected to assess and quantify all risks that may have a significant impact on their capital or earnings, to reach a conclusion on their capital adequacy and to ensure capital adequacy from a global perspective over the long, medium and short term.

We will help you setup the essential elements of your ICAAP:

  • Governance structure
  • Scope in terms of risks and perimeter covered
  • Time horizon
  • Diversification assumptions
  • Confidence levels
  • Holding periods
illustration of a woman looking at her cash positions

Development and Update of your Risk Mapping

A risk map is a graphic representation of the risks related to an entity or a project, and their impact. It is an important management tool with multiple uses:

  • Identification of the major risks impacting the company's activities
  • Identification of risk sources and threat paths
  • Implementation of mitigation or elimination actions for identified risks

To implement your risk mapping, we perform the following steps:

  • Definition of the scope of the mapping: Determination of the scope of the study to be performed and the processes/data/tools or assets that will be included. Setting up the project teams on the client's side and ours. Determination of the security baseline, the feared events and the impact scales.
  • Determination of risk sources and threat paths. Definition of risk scenarios.
  • Definition of risk treatment strategies and security measures.

Our team will create a risk mapping based on the nature of your activities, your size and goals. We always take the time to listen to you in order to make a proposal tailored to your needs.

illustration of a man and a woman disucssing information mapped on a board

Development of your Preventive Recovery Plan

Within the WAMU zone, Circular n°001-2020/CB/C establishes the obligation to develop a Preventive Recovery Plan. This obligation applies to Finance Companies, Credit Institutions (including parent credit institutions), Electronic Money Institutions, microfinances supervised by the WAMU Banking Commission, or any other entity under the supervision of the WAMU Banking Commission.

A Preventive Recovery Plan must outline the steps taken by institutions to identify and respond to a severe worsening of their financial situation or that of the Group to which they belong, while maintaining the continuity of "essential" functions.

Our team of financial and risk management experts will assist you in developing your Preventive Recovery Plan in compliance with the Regulator's requirements.

illustration of a man making a planning

Internal Audit and Control Solutions

Designing your Quality Assessment and Improvement Program (QAIP)

The third line of defense for an efficient internal control system is internal audit. Internal auditors express independent opinion on the entire internal control system.

However, who oversees internal audit? Who evaluates its efficacy and quality? Who provides an objective and independent opinion on its performance? The answers to these questions are the purpose of the Internal Audit Quality Assurance and Improvement Program (QAIP).

According to the Institute of Internal Auditors' (IIA) International Professional Practice Framework (IPPF):

A quality assurance and improvement program is designed to enable an evaluation of the internal audit activity's conformance with the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The chief audit executive should encourage board oversight in the quality assurance and improvement program.

The quality of the internal audit process is driven:

  • by Increasingly strict regulatory requirements,
  • by professional responsibilities related to compliance with the International Professional Practice Framework (IPPF) Standards,
  • and by the obligation to meet the expectations of both internal and external clients.

In accordance with The IIA's Standards (Standard 1300 et seq), “The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity" and includes “both internal and external assessments.”

However, over and above those specific standards, the internal audit function should adopt a formal and structured approach to quality, including:

  • efficiency and professionalism,
  • Continuing professional development and,
  • adherence to a set of agreed upon standards.

Our team will be privileged to accompany you in the elaboration of an internationally compliant Quality Assurance and Improvement Program (QAIP).

illustration of gears representing the internal control system of a company

External Assessment of the Internal Audit Function

Internal auditing plays a very important role in providing assurance and control over governance, risk management and internal control processes. Consequently, international internal audit standards include requirements for quality assurance and improvement, which are essential for enhancing the credibility of internal audit reports.

As noted in Standard 1312 of the International Professional Practice Framework (IPPF),

External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization

We have a dedicated and specialized team that will assist you in conducting the required external assessment of your internal audit function.

Our approach, which emphasizes consulting over control, will enable you to modernize your internal audit procedures.

illustration of a man with a magnifier, representing the work of an auditor

Data Analytics Solutions

Revenue audit and analytics

Revenue audit is a Data analytics engagement.

Because audit engagements are time-limited, they often overlook revenue generation, given its complexity. The purpose of revenue analytics is to assist the management team, and more specifically the CEO and Board of Directors, in identifying the most essential revenue streams and focusing on areas that require development.

Why revenue analytics: our mission has three primary goals:

  • It prepares your teams for auditing assignments,
  • It simplifies the auditors' tasks by allowing them to limit their work on revenue recognition and spend roughly 50 percent less time on your file,
  • It enables you to create a clear and useful dashboard of your flagship products and to adjust their trajectories and landings at the end of the fiscal year.

Our approach:

Together with you, we determine the product lines to be analyzed.

Then, we analyze these products based on your sales conditions, product sheets, data tables, contracts, and supporting documents to identify all types of anomalies, such as incorrect contract parameters, agios collected on doubtful accounts, commissions uncollected due to human or system errors, unauthorized manual operations on revenue accounts, products with a declining trend, etc. After an introductory meeting, we'll send you a comprehensive proposal tailored to your needs.

Deliverable: We will provide a detailed analytics report on your revenue, including details of anomalies and areas for improvement that we may have discovered.

illustration of a standing man analysing sales data

Audit and Analytics of management expenses

Management expenses analysis solutions are useful for production plants, harbors, financial institutions, or commercial companies, which want to understand the dynamics of their expenses.

Detailed expenses analytics enable you to establish an excellent analytical accounting system and to clearly identify cost centers, create and monitor ratios and key performance indicators, and set up one or more dashboards in order to meet expectations of the Board of Directors and investors.

Our approach is always tailored to the requirements of our customers. To do a successful expense analysis, we begin with your specific objectives, then collect your financial statements and expense accounts, followed by the relevant data. Then, we evaluate this data and give a complete analysis report containing all the levers you and your teams may use to better manage the expenses and costs associated with your activities.

illustration of a woman analysing expenses data on a spreadsheet

Creation of dynamic and smart Dashboards (BI Solutions)

A dashboard is a management tool that includes several relevant indicators for the administration of your business. This tool eliminates the need for navigating by sight and makes it possible to recover from activity failures during the fiscal year. We can create simple dashboards for your business that are limited to a single department, or extensive and very detailed ones. Everything depends on your requirements.

The dashboard is a logical outcome of data analytics: analysis of your turnover, revenue and cost units, analysis of your expenses and performance. We can provide you with a dynamic tool that is accessible worldwide.

To create a dashboard, we follow these simple steps:

  • Analysis of your requirements
  • Definition, in conjunction with your teams, of the KPIs, their limits and trigger events
  • Collection, analysis and formatting of relevant data
  • Development and testing of the dashboard
  • On demand maintenance and update of the dashboard
illustration of a man reading data on a digital dashboard

Information Systems Audit

Why audit your information system?

The information system is often composed of several layers:

  • The physical layer (physical access to premises, vaults and computer rooms, workstations, documents and files, network infrastructures, etc.)
  • The logical layer (applications, operating systems, internet, networks)
  • The data layer (databases)

Errors or anomalies on each of these layers can lead to substantial damage and high financial costs. A regular audit of information systems makes it possible to detect anomalies and monitor their correction over time.

Content of our Offer

We will perform an audit of your information system according to your needs. Our audit can cover several aspects:

  • Audit of your IT General Controls
  • Audit of your applications
  • Security audit

Audit of your IT General Controls: Audit of ITGC is the basis of an information systems audit. It is usually carried out during statutory audits but can be performed at your request. It covers the following four (4) aspects: Access to programs and data - Change management - Project management - IT operations.

Audit of applications: Application audit involves reviewing the quality of data relating to your business applications (depending on the scope of the mission defined by mutual agreement), significant configurations, transaction logs, access protocols, compliance with supervisors' requirements, and the operational effectiveness of controls implemented within these applications.

Security audit: We will perform a general security audit based on the ISO 27x standard and best practices from NIST and COBIT5 framework. The scope of this mission will depend on your company's expectations.

Deliverables

  • For the audit of general IT controls and applications: a detailed report of risks/vulnerabilities and suggestions.
  • For the security audit: a detailed report of risks/vulnerabilities and suggestions.
illustration of a woman analysing data with a magnifier, representing the work of an IT auditor

Developing your Information Systems Security Policy (ISSP)

The Information Systems Security Policy (ISSP) defines the security policy of a specific entity which can be a technological system, an automated function or an application but also an entire organization such as a company, a ministerial department, etc. It is a body of coherent rules established to maintain security at a given level.

The ISSP provides a consistent framework:

  • For integration of security in designing information systems (mobile applications, business software developed internally or by a service provider, purchase of applications or equipment, etc.),
  • To the company's activities and stakeholders in relation to which any change in the information systems must be justified,
  • To help those responsible for developing and implementing coherent measures, instructions and procedures ensure the security of information systems.

Our approach

We shall take the subsequent actions:

  • Documentation evaluation and formation of your reference team
  • Formulation of strategic elements
  • Selection of the principles and formulation of the rules
  • Presentation of the final document

The mission will last at least four (4) months and will be proportionate to the specified deliverables and the study's scope.

Deliverables

  • An information systems security policy (ISSP) detailing ISO27001-compliant measures and their implementation as rules (default deliverable),
  • An optional document, the general information systems security policy (PGSSI), provided to facilitate the validation of the ISSP by your board of directors, which only includes the titles of the selected rules and does not detail them (default deliverable),
  • An information security management policy (PMSI) that formalizes the organization of information security management within the company (available upon request; additional fees apply),
  • A matrix that links the ISSP rules to the business domains they impact (available upon request; additional fees apply),
  • An action plan template for the implementation of an Information Security Management System (ISMS) (available upon request; additional fees apply).
illustration of a woman with a key and shields, representing security against attacks

Developing or Updating your Business Continuity Plan (BCP)

A business continuity plan (BCP) describes the strategy and all the measures that are planned to guarantee the recovery and continuity of an organization's activities following a disaster or an event that seriously disrupts its normal operations. It must enable the organization to meet its external (legislative or regulatory, contractual) or internal obligations (risk of market loss, survival of the company, image, etc.) and to achieve its objectives.

The development of a BCP involves the following steps:

  • Define the context and scope of the BCP,
  • Identify the organization's objectives and obligations within the scope,
  • Formulate continuity requirements to facilitate the achievement of objectives and the respect of obligations,
  • Identify the crisis scenarios that justify a continuity approach and define an order of priority among them,
  • Confront continuity requirements with the selected scenarios,
  • Design and formalize a continuity strategy (and recovery strategy) to respond to the selected scenarios,
  • Define, within the strategy, the priorities in terms of resources and procedures,
  • Define the roles of the various people responsible for implementing the resources and procedures within the prescribed timeframe,
  • Design and implement the plan's verification, control, and ongoing evolution.

The Business Continuity Plan can be global or broken down by major activity lines, by location or by risk. Additionally, it is crucial that the BCP be tested and that an awareness campaign be run concurrently with its creation. The Business Continuity Plan (BCP) is governed by the ISO 22301 international standard.

Deliverables

At the end of the designing process summarized above, you will receive two (2) main documents: A Business Continuity Plan (BCP) and an IT Continuity Plan (ICP).

illustration of a running woman climbing charts, representing dynamic companies thriving through difficulties

Developing or updating your IT Strategy and Master Plan

The IT master plan is the IT strategic plan of the company. It allows the company to clearly predict the evolution of its information system over a defined horizon. Its objectives can be multiple: urbanization, implementation or improvement of governance, implementation of a dashboard, etc.

Main stages

Steps

Project scope definition

  • Definition of the organization of the mission
  • Validation of workshops schedule
  • Kick-off meeting

Evaluation of the current system

  • Mapping of the current IT architecture
  • Assessment of the maturity level of IT processes (COBIT)
  • Gap analysis by functional area
  • Inventory and analysis of ongoing projects
  • Summary of the diagnosis

Definition of the target IT architecture

  • Definition of the founding principles
  • Definition of the Target IS architecture
  • Analysis of IS impacts and quotation of scenarios

IS trajectory and communication

  • Definition and formalization of the trajectory
  • Internal (ISD) and external (MD, Business Units) communication
illustration of a map, representing a masterplan or a roadmap

We work with businesses of all industries

The services we primarily provide to financial institutions, such as risk mapping, preventive recovery plan, risk appetite framework, audit and internal control services, and all data analytics and information system services, are also offered to businesses in all other industries.

We also provide quality financial and administrative solutions to businesses in many industries:

  • Valuation of your company in the context of a financing project
  • Change of accounting standards
  • Detailed financial analysis
  • Evaluation of your Board of Directors
  • Outsourcing of audit and internal control functions
  • Support in the creation of a microfinance institution within the WAMU zone
  • Assistance to project management
  • Development of your financial and internal control procedures
illustration of a man looking at a gem with a magnifier

Institutional trainings

We provide institutional training and have a successful track record in this area. In 2022 and 2023, we will be able to address the following topics:

  • Governance
  • Risk Management
  • Information Systems Audit
  • Professional Excel

We are also available to conduct trainings for your Board of Directors.

Your expertise starts here.
Hire excellence today!

Download our Solutions Catalog

excellence respects your privacy. For more information, see our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cover of the excellence's solutions catalog of 2023

Don't limit to the Catalog.
Watch our Skills.

We will take the time to understand your requirements and then recommend the best possible solutions.

1

Conception

Our experts and dedicated teams listen to you and conceptualize your needs.

2

Turnkey solutions

Then, we suggest a variety of options tailored to your challenges and work with you to design THE solution that best suits your needs.

3

Implementation

Together with your teams, we will fully implement the adopted solution and monitor it until it is successful.

4

Continuous education

We make research and continuous education our fundamental principles. Our experts are therefore at the forefront of technology and knowledge in their areas of expertise.

Hire excellence Today

Book a call to learn more about how we can help you solve your challenges.

Work with us