KPN Advisory

Assessments & Diagnostics

Structured Diagnostics. Clear Action Plans.

Fixed-fee, expert-led assessments designed to give you a rapid, authoritative view of where you stand — and a clear roadmap for what to do next. Defined scope, written deliverables, no open-ended retainers.

Fixed fee · Defined scope · Written deliverables

Focused on process automation?

The Finance Controls & Automation Diagnostic is designed for founders, CEOs, and CFOs who need to identify exactly where manual processes are creating risk and inefficiency — fixed fee, defined scope, delivered in 1–2 weeks.

Request a Finance Controls Diagnostic
FCA Consumer DutyCurrent Priority

Consumer Duty Assessment

Designed for Chief Compliance Officers, Consumer Duty Boards, and senior managers at FCA-regulated financial services firms that need to assess and evidence compliance with FCA PRIN 2A consumer outcomes.

An assessment of Consumer Duty controls, management information, governance reporting, issue tracking, and evidence to help firms monitor outcomes and demonstrate compliance with FCA expectations.

What Is Included

  • Assessment of Consumer Duty governance arrangements and board accountability
  • Review of outcome monitoring frameworks and management information
  • Controls assessment across all four PRIN 2A consumer outcomes
  • Issue tracking, remediation process, and escalation review
  • Vulnerable customer management arrangements assessment
  • Gap analysis and prioritised remediation roadmap
  • Consumer Duty evidence pack review

You Receive

Consumer Duty assessment report + gap analysis + prioritised remediation roadmap

Request a Consumer Duty Assessment
FCA & DORA

FCA and DORA Operational Resilience Assessment

A structured assessment of operational resilience readiness against UK FCA expectations and DORA requirements. We assess important business services, dependency mapping, impact tolerances, scenario testing, governance, third-party resilience, vulnerability management, reporting, and remediation priorities.

What Is Included

  • Important business service identification and mapping assessment
  • Dependency and resource mapping review
  • Impact tolerance definition and testing assessment
  • Vulnerability identification and gap analysis
  • Third-party and outsourcing resilience review
  • Scenario testing governance and framework assessment
  • Prioritised remediation roadmap

You Receive

FCA and DORA Operational Resilience Assessment report + remediation roadmap

Request an Operational Resilience Assessment
Regulatory

ISO 27001 / ISO 27701 Readiness Assessment

A readiness assessment of information security and privacy management arrangements aligned to ISO 27001 and ISO 27701, covering governance, control design, documentation, implementation maturity, gaps, and audit readiness.

What Is Included

  • ISO 27001:2022 gap assessment across all Annex A controls
  • ISO 27701 PIMS gap assessment and privacy governance review
  • Readiness scorecard with gap ratings and maturity assessment
  • Estimated implementation timeline and effort
  • UK GDPR alignment review
  • Certification pathway recommendation
  • Priority remediation actions

You Receive

ISO 27001 / ISO 27701 Readiness Assessment report + certification roadmap

Get Your ISO 27001 / ISO 27701 Scorecard
Business Continuity

ISO 22301 Readiness Assessment

A business continuity readiness assessment aligned to ISO 22301, helping organisations understand the maturity of their Business Continuity Management System, identify gaps, and prioritise improvements to strengthen resilience and recovery capability.

What Is Included

  • ISO 22301 BCMS gap assessment
  • Business continuity governance and policy review
  • Business Impact Analysis (BIA) maturity assessment
  • Business continuity plan review and gap identification
  • Recovery strategy and testing arrangements assessment
  • Readiness scorecard with gap ratings
  • Prioritised improvement roadmap

You Receive

ISO 22301 Readiness Assessment report + improvement roadmap

Request an ISO 22301 Readiness Assessment
Payment Security

PCI DSS Readiness Assessment

A structured assessment of payment security controls, cardholder data protection, PCI DSS readiness, gaps, and remediation priorities ahead of validation or assurance activity.

What Is Included

  • PCI DSS scope definition and cardholder data environment mapping
  • Gap assessment against current PCI DSS requirements
  • Cardholder data protection controls review
  • Self-Assessment Questionnaire (SAQ) suitability assessment
  • Evidence and documentation review
  • Readiness scorecard with gap ratings
  • Prioritised remediation roadmap

You Receive

PCI DSS Readiness Assessment report + remediation roadmap

Request a PCI DSS Readiness Assessment
AI Governance

AI Governance Readiness Assessment

A practical assessment of responsible AI governance maturity, covering AI risk management, policies, accountability, transparency, human oversight, control monitoring, regulatory alignment, and assurance readiness.

What Is Included

  • AI governance framework and policy maturity assessment
  • AI risk management and risk register review
  • Regulatory alignment assessment (EU AI Act, FCA, ICO)
  • Accountability, transparency, and explainability review
  • Human-in-the-loop controls assessment
  • Model governance and documentation review
  • Prioritised improvement roadmap

You Receive

AI Governance Readiness Assessment report + improvement roadmap

Request an AI Governance Assessment
Assurance

SOC 1 and SOC 2 Readiness Assessment

A readiness assessment helping service organisations prepare for SOC 1 and SOC 2 assurance by reviewing control maturity, evidence, governance, security, availability, confidentiality, processing integrity, and privacy controls.

What Is Included

  • SOC 1 and SOC 2 scope and Trust Service Criteria mapping
  • Control maturity assessment
  • Evidence and documentation gap identification
  • Security, availability, confidentiality, processing integrity, and privacy controls review
  • Management assertion and description review
  • Readiness scorecard with gap ratings
  • Prioritised remediation roadmap

You Receive

SOC 1 and SOC 2 Readiness Assessment report + remediation roadmap

Request a SOC Readiness Assessment
FCA Third-Party Risk

UK FCA Third-Party Risk Assessment

A targeted assessment of third-party and outsourcing arrangements against UK FCA expectations, covering governance, due diligence, contractual controls, ongoing monitoring, operational resilience, concentration risk, and exit planning.

What Is Included

  • Third-party and outsourcing inventory and categorisation review
  • UK FCA third-party risk framework gap assessment
  • Due diligence process review
  • Contractual controls and oversight arrangements assessment
  • Ongoing monitoring framework review
  • Concentration risk identification
  • Exit planning assessment
  • Prioritised remediation roadmap

You Receive

UK FCA Third-Party Risk Assessment report + remediation roadmap

Request a Third-Party Risk Assessment
Process Automation

Finance Controls & Automation Diagnostic

Designed for founders, CEOs, and CFOs at growth-stage fintechs and SMEs who need a clear picture of where manual finance processes are creating risk, inefficiency, or control gaps.

A structured, expert-led diagnostic that maps your current finance workflows, identifies control weaknesses, and scores your highest-impact automation opportunities. Fixed scope. Written findings. A practical roadmap you can act on immediately.

Best for: CFOs, founders, and operations leaders dealing with manual reporting, reconciliation bottlenecks, fragmented handoffs, or weak control visibility.

What Is Included

  • Pre-engagement scoping call to identify your highest-priority workflows
  • Expert mapping of current-state finance processes (1–2 workflows)
  • Controls gap identification — where risk and failure points exist today
  • Automation opportunity scoring by effort and expected business impact
  • ROI framework and business case for automation investment
  • Written findings report and prioritised implementation roadmap

You Receive

Written diagnostic report + automation opportunity map + implementation roadmap

Typical outcome: a clearer view of priority process weaknesses, control gaps, and 3–5 practical improvement opportunities.

Request a Finance Controls Diagnostic
Governance-Focused

Fintech Governance & Readiness Review

A structured 90-minute diagnostic for fintech founders and decision-makers. Covers regulatory compliance posture, control environment, operational resilience, and information security — with a prioritised action plan delivered within 5 business days.

What Is Included

  • Regulatory posture review (FCA, ISO 27001, DORA)
  • Control environment rapid assessment
  • Key risk identification
  • Prioritised action plan with effort estimates
  • Written findings report (5–10 pages)

You Receive

Structured findings report + prioritised action plan

Book a Fintech Readiness Review

Ready to identify your automation opportunities?

The Finance Controls & Automation Diagnostic is the fastest path to a clear picture of where manual processes are costing you — and what to do about it. Fixed fee. Delivered in 1–2 weeks.

Request a Finance Controls Diagnostic Speak with an Adviser