Tailored Compliance Driven Programmes 2018-02-06T15:39:04+00:00




New Leaf Advisory (NLA) was established to fulfill a clear market need: the provision of high quality risk, assurance and advisory services, delivered via budgeted and tailored programmes, monitored throughout and benefitting from Queen’s Counsel sign off upon successful completion.

We, and our specialist partners, offer a dedicated team of experienced and highly accredited professionals with the commercial acumen and integrity needed to provide the best possible advice and give you the confidence to transform and protect your business/organisation.

From the outset we “get under the bonnet”, by means of a scoped audit, to understand the details and challenges of every client’s business – what drives them and what the bigger picture looks like. In this way we ensure we deliver in line with our clients’ needs for today and well into the future.

Our wealth of experience, in combination with those of our strategic partners, allows us to serve as trusted advisors to organisations of all sizes in the Public and Private sectors. We understand that access to the right professional advice, and services, at the right time, can make the difference between success and failure…the down side being the risk of non-compliance, business disruption, loss of reputation, lost revenues and large fines.

NLA’s emphasis is on understanding our client’s unique requirements and then focussing on where we can add genuine value across a broad spectrum of key business drivers in addressing the areas of Cybersecurity, Regulation, Governance and Best Practice.



Our team has extensive experience in managing internal audit teams and the planning and execution of internal audits.

NLA, in conjunction with our partners, offers a pool of specialist technical resource from which a business can draw to meet their needs. As this support is only there when it is required, it is a cost-effective way of filling internal skills gaps or temporary absences.


  • Internal audit on an outsourced or co-sourced partnership basis.
  • Specialist audits covering all aspects of technology, risk, regulatory compliance, finance and business operations.
  • Project and change assurance audits.
  • Effectiveness reviews of internal audit methodology, policies and procedures.
  • Training and methodology development support and performance and productivity improvements of in-house internal audit teams.
  • Provision of Interim Director or Head of Internal Audit.

Challenges / Benefits

Our services focus on 5 critical challenges for internal audit functions:

  • Delivering the plan.
  • Enhancing quality.
  • Improving efficiency.
  • Measuring contribution.
  • Filling the resourcing gap.

NLA is committed to develop client capability and will aim to pass knowledge onto client’s own staff so the dependency on external help can be reduced.



Risk Management and Governance is core to every assignment performed by NLA. Our team is highly experienced in all aspects of risk management across multiple sectors.


We assist our clients with risk identification, risk measurement, risk mitigation and risk monitoring and reporting:

  • Technical support on specialist risk areas.
  • Conduct Risk Reviews and Risk Management Frameworks.
  • Outsourced or co-sourced Risk Management solutions.
  • Operational Risk Reviews.
  • Design and implementation of pragmatic Risk and Governance Frameworks.
  • Assessing the effectiveness of existing Risk Frameworks.
  • Risk Management, Project / Programme management and Assurance.
  • Training, education and updates on latest Risk Management trends.
  • Board Effectiveness Reviews.

Challenges / Benefits

  • Improve risk culture.
  • Develop appropriate risk appetite and strategy alignment.
  • Increase transparency and traceability of risk issues.
  • Help protect your business against the unforeseeable.
  • Maintain your organisation’s reputation.
  • Enhanced risk decision-making.



Our Data Protection services range from delivery of large-scale cross-border solutions, embedding data protection frameworks within companies, ensuring compliance with various data protection laws, to the delivery of specific components within an overall data protection framework.


  • GDPR – Queen’s Counsel led preparation for full compliance and other relevant legislation
  • Data Protection compliance reviews and Gap Analysis.
  • Data Security audits.
  • Information Commissioner’s Office (ICO) registration.
  • Global Data Protection legislation advice e.g. EU Data Protection Directive; Privacy Shield (US); Data Protection Act 1998 (UK).
  • Data Estate Mapping.
  • Data Privacy analytics and forensics.
  • Data Warehousing and Storage Architecture.
  • Virtual Data Protection Officer (vDPO)

Challenges / Benefits

  • Understanding and implementing industry specific regulations, requirements and best practices.
  • Providing a consistent approach for reporting and managing the data protection risk, which would typically be integrated into existing group risk policies and frameworks.
  • Achieving a leaner approach to data protection compliance.



Cyber Security involves the protection of IT systems and data from internal and external threats such as computer-assisted frauds, espionage, sabotage or vandalism. Our services and solutions help organisations proactively manage these challenges.


  • Information Security Governance.
  • Security Risk Management.
  • Vulnerability Analysis.
  • Web Application Security Reviews.
  • Penetration Testing.
  • Incident Response Management.
  • Identity Management.
  • Layered security solutions.
  • Phishing.
  • Cloud – Software as a Service (SaaS). Infrastructure as a Service (IaaS), Platform as a Service (PaaS).
  • Data Encryption.
  • Security Awareness Training.
  • Security Architecture Design.
  • Virtual Chief Information Security Officer (vCISO)

Challenges / Benefits

  • Protecting networks, computers and data from unauthorised access.
  • Improve information security and business continuity management.
  • Improving stakeholder confidence in information security arrangements.
  • Enhancing company credentials with the correct security controls in place.
  • Managed recovery times in the event of disruption.



The PCI DSS is an industry standard regulating any organisation that processes, stores or transmits “payment card data” – i.e. debit or credit card information. NLA employs fully accredited Qualified Security Assessors whose expertise is annually re-examined.


  • Gap analysis against the Data Security Standard.
  • Remediation and compensating controls to the qualified Standard.
  • Guidance on production of Self-Assessment Questionnaires.
  • Attestations on Compliance.
  • Full Report on Compliance (ROC) and sign off.

Challenges / Benefits

Some of the business benefits of becoming PCI compliant:

  • Ensuring client’s compliance with PCI DSS.
  • Protecting Merchant’s image and reputation.
  • Protecting Merchants from fines, breaches and other non-compliance.



Many organisations fail to properly quantify the risks they face from their suppliers, joint venture partners, agents and outsourcers.

NLA brings together procurement expertise, technical compliance knowledge, IT and risk management specialists, supply chain continuity and relationship management experts to provide an end-to-end third party management solution for our clients.


NLA helps a client decide whether the supplier is the right outsource partner for their organisation by using our trusted services:

  • Management of full RFP process, including:
    • Preparing statement of requirements.
    • Balanced scorecard evaluation of bids.
    • Recommendations to management.
    • Due diligence on providers.
    • Contract negotiations.
  • Assurance visit programme for third party service provider.
  • Design, testing and audit of controls reports e.g. SSAE16 / ISAE3402.
  • Design and monitoring of Service Level Agreements or Key Performance Indicators.

Challenges / Benefits

Some of the business benefits of an effective 3rd party management:

  • Ensuring compliance with Regulatory requirements.
  • Understand the whole end-to-end process (incl. the outsourced parts).
  • Increased clarity on tasks and responsibilities along the whole value chain.
  • Solid basis for measuring and improving SLAs and KPIs.



We can assist organisations in achieving, maintaining and improving compliance in a wide range of different legal and regulatory regimes.


  • FCA authorisations.
  • FCA compliance.
  • CASS Reviews.
  • Anti-Money Laundering.
  • Know Your Customer.
  • Adverse Media.
  • Transaction monitoring.
  • Bribery Act and Foreign Corrupt Practices Act.
  • Treating Customers Fairly.
  • Sarbanes-Oxley.
  • MiFID II
  • Solvency II.
  • Basel II and III.
  • Healthcare compliance.

Challenges / Benefits

  • There is an ever-increasing regulatory burden that clients need help to navigate.
  • Financial Services regulation is heavily focussed on system stability and protecting customers from poor outcomes.
  • All regulators operate a “show me” mentality, which stretches most organisations, so practical and pragmatic solutions are essential.



New Leaf Advisory acts as the extended arm that ensures management focus on strategy, execution and assurance utilising the best practices of Project Management and Risk Management and Assurance.


  • Design, manage and evaluate projects and programmes.
  • Draft or review of business cases.
  • Ensure appropriate project governance and methodology for each client.
  • Establish and manage Project Management Office (PMO).
  • Project assurance (pre / during / post-implementation).
  • Use agile and waterfall methodologies.

Challenges / Benefits

  • Project delivery on time, every time.
  • Managing timeframes, resources and budgets.
  • Ensure quality and results meet requirements and expectations.
  • Free up other staff members to get on with business as usual and increase efficiency both on the project and within the business.
  • Single point of contact running the overall project.



New Leaf Advisory can help you to fully understand how business continuity management and related disciplines apply to your organisation and complement a broader risk management framework. We can provide guidance and assistance with your continuity requirements and help you mitigate the risks impacting critical business functions, technology, resources and infrastructure.


  • Production of business impact analysis, threat and risk assessments.
  • Production of Business Continuity Management policy.
  • BCM strategy and continuity plans.
  • Production and audit of business continuity plans.
  • BCM exercises and testing programme.
  • Support testing of plans and remediation of issues identified.
  • Assess and/or take clients through to full accreditation to the ISO22301 standard.
  • Assess the business continuity capability of third party suppliers.
  • Evaluate or develop Exit Planning.
  • Production and delivery of Crisis Management scenarios.

Challenges / Benefits

  • Business continuity plans can significantly reduce the cost of disruptions and risk of business outages.
  • An effective plan properly executed preserves reputation, profitability and competitive advantages.



NLA’s unique experience-based model allows us to scale our offering to clients of all sizes and complexities.

We use our good relationships with partner experts to give you confidence that we can provide you with a solution to all your needs.

Contact us

For further details and a no-obligation consultation, please contact us.