Amstelveen Amstelveen

Our Services

We work together with our clients to help them make risk informed, strategic choices. Whether it is building a new risk strategy, performing technology risk reviews, providing assurance support, or helping an organisation drive risk transformation, we’re with you every step of the way.

Risk Transformation

We partner with clients on complex, enterprise‑wide transformation programs to strengthen risk maturity and embed practical, scalable risk management practices. We help organisations simplify, streamline and automate risk management by integrating risk strategy, frameworks, systems and delivery across people, processes and technology.

  • Risk strategy, culture and leadership uplift
  • Risk maturity and capability assessment and uplift
  • Program, project and PMO delivery support
  • Change management and business adoption
Learn more

GRC Systems and Solutions

We deliver industry-leading solutions that empower organisations to scale governance, risk, and compliance (GRC) capabilities. We partner with clients for end-to-end implementation, enhancement and managed services of GRC tooling to enhance risk intelligence and digital transformation.

  • GRC Platform Implementation
  • Risk Management Strategy and Framework Alignment
  • Integrated Compliance, Automation and Risk Monitoring
  • Executive Dashboard and Reporting Development
  • Platform Health-Check, Optimisation and Re-implementation
  • Managed Services and Resource Augmentation
Learn more

Business Risk and Resilience

We work with our clients to improve how they manage non-financial risks and embed risk governance frameworks, policies and processes.

  • Strategic Risk
  • Operational Risk
  • Business Continuity Management
  • Third Party Risk Management
  • Risk in Change
Learn more

Technology and Cyber Risk

We have specialists that focus on addressing technology risks, including those relating to emerging technologies. We assist clients to design, implement and review governance frameworks, risks, and controls for technology and cybersecurity.

  • Technology Risk and Controls
  • Cyber Risk
  • Technology Strategy
  • Data Governance and Privacy
View case studies

Audit and Assurance

We conduct internal audit and assurance services across major projects, business processes and controls. We provide independent, outsourced or co-sourced assurance services.

  • Internal Audit
  • Program and Project Assurance
  • Technology Assurance
  • Model Assurance
  • Audit Preparedness Reviews (e.g. ISO27001, SOC2)
Learn more

Compliance and Regulation

We enable our clients to comply with their legislative and regulatory obligations through uplifting compliance management processes, and providing specialist implementation support on specific obligations.

  • Compliance and Obligations Management
  • Implementation Support
  • Prudential and Regulatory Response
  • Data Privacy
  • Environmental, Social and Governance (ESG)
View case studies

Our real world results

Risk Transformation

Major Australian General and Liability Insurer

Program Leadership

Amstelveen was responsible for setting up, leading and staffing a $100M risk maturity uplift program for one of Australia’s largest insurers. This program was initiated to address the recommendations of the 2019 Financial Services Royal Commission, as well as 2018 APRA Prudential and CPS 220 Reviews. The program scope included uplift of all elements of the risk and compliance ecosystem such as governance, processes, analytics, reporting, systems, and training. This also included members of the team supporting the development of a centralised controls library, and improveing risk profiling and obligations management capabilities.

View case studies
Business Risk and Resilience

Major Australian Payments Provider

Business Impact and Crisis Management Uplift

Amstelveen was engaged to assist in the delivery of an information security controls assurance program. Prior to this, Amstelveen led the uplift of Business Impact Assessments and Crisis Management Planning to meet APRA CPS 232 requirements. This included facilitating workshops with management, designing plans and processes and conducting change management activities. We also advised on the plan and approach for developing critical process and system recovery plans and the testing of these plans, including a remote work exercise shortly before COVID 19. We also assisted with the development of an IT asset register that identifies and classifies all IT assets by sensitivity and criticality.

View case studies
Technology and Cyber Risk

Major Life Insurer

General IT Controls Reviews

Amstelveen supported the internal client team to perform assurance over the complex technology landscape. This included support to the Internal Audit Team’s delivery of the annual IT General Controls review and the review of security controls delivered as part of the Cyber Shield Program. This also extended to include a secondment to the Line 2 Risk team by one of Amstelveen’s team members to assist with IT General Controls assurance testing.

View case studies
Audit and Assurance

Major Australian Bank

Core Banking Implementation Project

Amstelveen was engaged by the Internal Audit team of a major Australian bank to undertake specialist project and technology assurance on an ongoing basis. The scope of these reviews included a core banking solution implementation which was delivered by the client’s in-house technology team over an extended period. Our team resourced a series of deep dive reviews during the project lifecycle, including the initial setup, procurement, development processes and testing, as well as regular project health checks. Ultimately, these enabled the client to reduce risks associated with project delivery and to improve project control mechanisms.

View case studies
Compliance and Regulation

Telecommunications Provider

Risk and Compliance Uplift Program

Our team was engaged to drive the execution of a major risk and compliance maturity uplift. We identified key obligations, risks and controls, designed risk and compliance management processes, refreshed key policies, and selected and implemented a GRC tool. This program of work received Board level visibility and led to an improvement in risk awareness and maturity across the organisation.

View case studies
View All

Let us tell you more

Risk management expectations are evolving rapidly.
How well is your organisation equipped to respond?

Get in touch