Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Private > Leftover bits > Flashcards

Leftover bits Flashcards

1
Q

Which of Deloitte’s values resonate with you most?

A

LICCI - Lead the way, foster inclusion, collaborate for measurable impact, care for each other, serve with integrity

Lead the way
* Setting up P&IT
* Leading Faith Network
* Leading P&IT, Data Engineering and Business Analyst Teams

Serve with integrity
* Ethical career choices: human rights paralegal (public protection), detective (public protection), national security consultant (public protection), regulatory strategist (public protection)

Collaborate for measurable impact
* Working in XFN teams in OS Programme
* Working on bilateral DRCF Partnerships
* Leading collaborative workshops (e.g., setting DRCF strategy)

Take care of each other
* 1:1 mentorship of junior colleagues, and less experienced colleagues; supervisory management,
* Volunteering at Mind wellbeing hub

Foster inclusion
* Leading Faith Network
* Reverse mentorship of senior Director

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why Deloitte over its competitors? What sets it out?

A

L&D Opportunities
* 1:1 mentorship with a Director
* Deloitte University - Leadership training
* Selecting tailored/bespoke training and certifications e.g., GRC

Full-service Regulatory Compliance offering
* Audit, Compliance, Legal and Consulting teams
* Delivering full compliance operating model transformation services
* Trustworthy AI
* Deloitte’s technology consulting expertise also helps to enhance compliance processes using solutions such as risk intelligence dashboards; automated assurance; performance evaluation metrics

Best thought leadership of any firm, leading culture change
* Regulated Radio
* Representation at Trust & Safety Summit
* Digital Regulatory Outlook paper 2025

Meaningful inclusion initiatives
* Sikh Network partnership with Taraki mental health charity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When have you had to manage client expectations?

A

OS Partnerships Lead role is centred on relationship management; same skills as required for client management

  • Several noteworthy aspects that demonstrate my skill in managing difficult relationships: 

    (i) info sharing frameworks — managing expectations about what is/isn’t possible, working collaboratively to develop a framework, communicating clear ‘red lines’ around legal permissibility, joint project management of delivery timelines for Guidance and Joint Statement (as you would with a client team)

    (ii) mutual consultation — managing timelines for consultation, negotiating hard deadlines, making appropriate concessions, being a clear communicator and managing expectations around what legal will/won’t permit to be shared

    (iii) comms - aligning wider stakeholder teams to prevent miscommunications, ensuring more coordinated ways of working
  • Underpinning all of these experiences are several key behaviours which I think are essential to effective stakeholder management: empathy, good listening, clear communication, trust, transparency, calm demeanour
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When have you dealt with a difficult client?

A

Operational Monitoring

  • Dealing with challenging stakeholders and reaching decision on priority shared services for OpsMon
  • Continuous engagement and workshops representing the viewpoints of different teams e.g., SecOps, Platform Evo, Service Management etc.
  • Reprioritising service list and communicating updated plans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When have you had to deliver bad news to a client?

A

LECP - Post-Incident Reporting on Splunk HF challenge

  • Splunk HF overloaded, security risk posed
    + Transparent post-incident reporting process - failed to meet SLAs for incident resolution and response
  • Protracted incident response requiring week long engagement with Splunk support team
  • Accepted failure to meet SLAs - took a receptive, non combative approach; noted concerns from stakeholder customers and escalated these for attention of the Lead Architects
  • Invited perspectives of stakeholders
  • Created a safe forum for challenge
  • Avoided taking a defensive posture - took ownership is escalating architecture concerns
  • Fed back to Platform Architects, who ultimately approved changes to the system architecture - improving the capacity of the component
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the implications of EU Green Deal regulations for clients?

A

EU has passed several legislative policies to promote ethical and sustainable outcomes from economic activity. The regulations are in an uncertain position following announcement of proposed changes (Omnibus legislative proposals).

In short summary:

CSDDD
* Businesses must conduct environmental and human rights due diligence throughout their value chains
* Businesses must proactively identify, assess and prevent environmental and human rights impacts throughout their value chains, and report on this

CSRD
* Businesses must disclose ESG data about their operations (on impacts, risks and opportunities) in line with reporting requirements

  • EU Taxonomy Regulation - Requires businesses to report on ESG matters using a consistent taxonomy to prevent greenwashing; ensures that reporting must meet certain criteria to classify activities as ‘green’ in a ‘taxonomy-aligned’ sense: where the activities substantially contribute to solving environmental issues; they do no significant harm to environmental objectives; and they follow minimum social safeguards.

What are the omnibus proposals doing?
* Introduced in February in response to perceptions that CSDD/CSRD are obstacles to Europe’s international competitiveness
* Reduces reporting burdens, relieves pressure on services
* CSRD - postponement of reporting requirements for some countries by 2 years; narrowing in scope (500 -> 1000 employees; €150m -> €450m annual turnover threshold); no power to compel reasonable assurance assessments (limited assurance only)
* CSDDD - due diligence limited to direct suppliers instead of indirect partners; postponement of compliance timelines; frequency of assessments extended from 1-year to 5-years

How do we implement HRDD at scale?
* Introduce DD business policies
* Assess HR impacts across the value chain
* Mitigate impacts and introduce preventative measures
* Track implementation using qualitative/quantitative metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the implications of ISAE3000 for clients?

A

Internet Standards on Assurance Engagements (ISAE 3000)

  • What is it? Provides a standard for assurance engagements ‘other than audits of historical financial information’ - assurance of non-financial controls
  • When is it used? Generally used to prepare for audits of internal controls for compliance with laws/regulations; often used by businesses to assure suppliers’ operations
  • How is it done? Risk controls are evaluated against control objectives; gap analysis is conducted to see how far the controls are effective; auditors provide recommendations on plugging the gaps
  • Types of ISAE 3000 reports? A ‘type 1’ report assesses if a business has effective controls to meet its objectives; a ‘type 2’ report assesses operating effectiveness, i.e., whether the type 1 controls are being implemented in the business’s operations
  • Types of ISAE 3000 assessments? A ‘limited assurance’ assessment is one that is asserted with a limiting qualification without proactively addressing limitations on the audit’s effectiveness, e.g., no information was identified to suggest X outcome; a ‘reasonable assurance’ assessment is one that proactively reduces the risk of material misstatements and enables a positive assertion, e.g., there is no risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What insight can you bring from your role in Online Safety?

A

As a regulator, I can bring clarity and reduce clients’ risks of noncompliance. I can interpret regulatory policy and use my experience/insight to build credibility.

  1. Trusted advisor with insight into the regulatory mindset – I have been at the heart of OS operations setting up the regime for success; my knowledge of OS policy, priorities and how decisions are made in practice will enable me to: (i) advise clients; (ii) establish trust and credibility
  2. Partnerships insight – I have led Ofcom’s engagement with (i) operational; and (ii) regulatory partners. I can provide insight on the interactions between Ofcom and DRCF regulators’ policies, and advise on the developing intelligence network between Ofcom and UKIC/LEAs – and what this means for businesses
  3. Horizon scanning – I can support horizon-scanning based on my understanding of OS strategic priorities, combined with my engagement with monitoring sources of information relevant to the OS regime.
  4. How to build trust with Ofcom – I have observed the behaviours and ineffective practices that attract regulatory scrutiny, and can advise clients to operate differently to avoid unwanted attention (examples: disengaging with Supervision teams, providing excuses regarding resourcing, adversarial legal representation, defensive posture, not being forthcoming with information, providing inadequate evidence for RA decisions, playing regulators off of each other)
  5. OS Network of Contacts – I can leverage advice and insights from network of Ofcom contacts to support ERC’s work
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do you conduct an OSA risk assessment?

A

There are many types (ICRA, CAA, CRA), but taking IHRAs as an example:

  1. Review Guidance - Ofcom RA Guidance and Risk Profiles
    Identify risk factors - Identify ‘risk factors’ arising as a result of the type of service you run, having regard to the risk profiles
  2. Assign risk-levels - For each of the 17 priority categories of illegal harm. Score H/M/L for impact and likelihood
    The assessment must take into account service characteristics e.g., user base, design, operations, business model, use of algorithms etc.
  3. Document evidence - Use evidence to justify the risk scoring, you must demonstrate a ‘suitable and sufficient’ risk assessment
    - ‘Core evidence’ - includes user data, risk factors from the risk profiles
    - ‘Enhanced inputs’- where core evidence is insufficient, might be needed as evidence (e.g., findings of technical testing, external audit/assurance)
  4. Note existing mitigations - Document existing mitigations in-place to tackle risks
  5. Recommended/alternative measures - Evaluate whether you will implement recommended or alternative measures to address outstanding risks
  6. Record-keeping - Keep a record of the assessment for disclosure to Ofcom
  7. Publishing for categorised services - there may be obligations to publish the RAs
  8. Duty to update regularly - recommended frequency is 12 months
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When have you had to make a difficult decision?

A

OpsMon - selecting shared services for inclusion in the tool

Backup: service info-sharing with reg partner on request, challenging PP advice to make exception to our general interpretation of the gateways; operative word ‘necessary’ wasn’t in legislation - in this instance, info sharing not necessary BUT crucial from a strategic partnership perspective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Private (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions