Service lines

Contrast Advisory’s service portfolio consists of two service lines, Assurance and Performance. We offer Governance, Risk and Compliance services on the Nordic market performed by accredited advisors based out of Stockholm.


Our assurance services are aimed at providing independent statements regarding organisations’ performance against internal ambitions and external requirements such as contractual and regulatory compliance.

In addition to an independent statement, each assurance assignment is delivered with tailored recommendations and advice based on the latest know how and industry best practises.

Our assurance engagements are typically performed together with or on behalf of our clients’ board of directors, executive management, risk, compliance, internal audit department or on behalf of external stakeholders.


Our performance services are aimed at improving our clients’ operations to ensure that they are aligned with the overall goal and strategy.

Key deliverables include new or revised strategies and goals, processes, procedures and role descriptions as well as related education.

Our performance engagements are typically performed together with our client’s board of directors, executive directors and representatives from key business departments and the IT-department.

Solution areas

Information security

Ensuring proper information handling within organisations and its affiliates is a key factor for business success. Therefore it is vital to handle an organisation’s information correctly all throughout the information lifecycle.

Knowledge of what information that exist in the organisation, where it is located, its actual value and which threats exist towards loss, corruption or theft is critical in order to protect the information adequately.

A risk based approach towards information security is essential for setting a proper level of security and will result in security initiatives being aligned with the organisation’s overall risk appetite.

Contrast Advisory information security services focus on tailored solutions to each specific situation and delivers advice in line with overall organisational strategies. Our information security services span the areas shown on the right:

Secure information handling
  • Strategy and governance
  • Risk management
  • Roles and responsibilities
  • Processes and procedures
  • Continuous improvement
  • Monitoring and reporting
Cyber security resilience
  • Cyber threat management
  • Procedural readiness
  • Incident management
  • Measuring, follow-up and control
  • Vulnerability testing
  • Penetration testing
Information classification
  • Information identification
  • Information classification
  • Establishment of security requirements
  • Technical security measures
  • Administrative security measures

IT governance

There is more to IT governance than IT management and simply ensuring continued service delivery. IT has transitioned from a supporting process towards becoming a central part in business development.

As such we focus on ensuring IT-governance workflows that enable constant reinvention of IT, thereby pushing the limits for our clients business potential.

Therefore it is important not to view IT-governance frameworks, their procedures and controls as too rigid or as a purpose in themselves. Governance frameworks must be flexible enough to not only deliver continuous improvement on old metrics and ambitions but to support constant business evolution.

Achieving this will give better possibilities to take the lead rather than follow in yesterday’s footsteps. This is the philosophy at the heart of our IT-governance services which include the following areas:

Strategy and planning
  • Strategy and goals
  • Frameworks and support
  • Stakeholder commitment
  • Program and project governance
Monitor, evaluate and report
  • Risk management
  • Performance management
  • Value delivery & benefits realization
  • Knowledge management
  • Information lifecycle management
Establish and deliver
  • Communication planning and management
  • Organisational behaviour and culture
  • IT service management
  • Information security
  • Architecture and development
  • Resource optimization
  • Business continuity
  • Incident management
  • Crisis management
  • Vendor management

IT risk

Due to today’s constant digitalization, IT is rapidly becoming a more integrated part of modern business models. As a consequence IT risk management is a vital part for any organisation’s ability to reach set goals and to deliver long term customer value. This inadvertently puts IT-risk management on top of every organisation’s agenda.

Contrast Advisory offers a suite of IT-risk services that not only focuses on technical issues but also on cultural and organisational aspects. The services we provide span from assurance to performance within the areas presented to the right.

Establish risk universe
  • Risk appetite
  • Risk tolerance
  • Key risk identification
  • Key risk indicator
  • Roles and responsibilities
  • Risk forums
Risk assessment
  • Model for assessment
  • Risk identification
  • Risk mapping
  • Risk categorization
  • Risk evaluation
Risk response
  • Risk avoidance
  • Risk mitigation
  • Risk transfer
  • Risk accpetance
  • Controls establishment
Risk monitoring and reporting
  • Key risk thresholds
  • Control monitoring
  • Continuous monitoring
  • Risk reporting

IT compliance

Over the last years there has been a strong trend towards stricter regulation worldwide where legislators pinpoint both specific sectors as well as previously non regulated markets.

In order to efficiently comply with new regulations during times of constantly increasing external requirements, a key success factor is to harmonize internal initiatives and utilize common solutions.

By utilizing a holistic approach towards IT compliance, organisations can draw on synergies, and spend more time and effort on what is really important. As such our compliance services aims to aid organisations coordinate efforts where IT compliance will impact their business without losing track of the overall business objective.

Contrast  Advisory offers services that aids organisations in assessing and tuning their systems of internal control so that they adequately measure and manage compliance risks that they face. Our services cover the areas shown on the right:

Financial compliance
  • FFFS 2014:1-5
  • MiFiD 2
  • PSD2
  • SOX
Privacy compliance
  • PUL
  • GDPR
Governmental and public service compliance
  • MSBFS 2016:1-2
  • Critical infrastructure information
  • ISO 27001-5
  • NIS Directive
Internal compliance
  • Establishment of governance frameworks
  • Assurance of internal requirements
  • Third party contract establishment
  • Third party compliance

Education and awareness training

To ensure that organisations’ procedures and controls are effectively implemented, all involved employees needs to gain a thorough awareness of the reasoning behind existing and new controls and their associated risks.

Awareness is a key component within risk management and a necessity to prepare for scenarios that has not been encountered before. To ensure this, awareness training needs constant development in order to stay in tune with an ever evolving risk landscape.

The overall purpose of an effective awareness strategy is to enable deeper insight and encourage participation. Therefore Contrast Advisory offers educational content regarding IT GRC issues tailored to your organisation’s specific needs and with specific awareness packages for audiences exposed to certain risk. Typical audiences for such educational efforts include staff from internal control functions as well as process, system and information owners.

Our educational services and awareness trainings covers our above mentioned solution areas.

  • Regular seminars
  • Quarterly recurring training
  • Annual education
  • Knowledge testing
High risk exposure groups
  • Board of directors
  • Executive management
  • Internal control
  • Support and sales staff
Incident & crisis team
  • Incident management
  • Crisis management
  • Escalation procedures
  • Reporting structures
  • Root cause analysis
  • Follow up and reporting
System and control owners
  • Key control management
  • System monitoring
  • System audit and evidence management
  • Security event monitoring
  • Risk reporting

Model of delivery

Framework agreements

Contrast Advisory offers framwork agreements so that you can rely on having quality assistance at a moments notice without unnecessary delay. With an established agreement you also have known price model, attractive pricing and an established business relationship.

Subscription services

Our services can also be performed on periodically re-ocurring schedule in line with your needs. This is a suitable model for longrunning  programs or projects where onging assurance is important, or for regular organisational schedules such as internal or extranal reporting.

On demand

Contrast Advisory offers on demand services suitable for shorter occasional engagements. As such the terms of business are agreed upon per engagement.