Systems & process assurance (SPA)

In today’s business world, IT and financial reporting environments are becoming increasingly complex while even greater reliance is being placed on the information produced by these systems and processes. In addition, new regulations in many countries have put a greater emphasis on internal controls and often require independent assurance of the effectiveness of internal controls.

Attention to the design, documentation and operation of controls is critical to ensuring the accuracy and timeliness of information used for financial reporting and management decision-making.

SPA

If this is your situation

  • You need confidence in the quality of the information produced by your IT systems.
  • You need assistance in documenting or testing your internal controls over financial reporting.
  • You need an independent review of your control structure, including identification of weaknesses and possible design enhancements.
  • You rely on financial information from a third party and need independent assurance on that information.
  • Your organisation provides services to a company and you've been asked to provide a SAS 70 report.
  • You are implementing—or have just implemented—a new IT system and want a review of the controls.
  • You are entering into a joint venture or other transaction and need due diligence on systems and controls.
  • Your new Information system is not compliant with Czech legislation.

How PwC can help you

Our Systems and Process Assurance (SPA) practice provides services related to controls around the financial reporting process, including financial business process and IT management controls. Serving both audit and non-audit clients, SPA provides:

  • Financial and operation applications/business process controls reviews
  • Database security controls reviews
  • IT general controls reviews
  • Infrastructure security reviews
  • Third party assurance and opinion services
  • Sarbanes-Oxley readiness, process improvement and sustainability services
  • Compliance with other regulatory
  • Due diligence on systems and controls
  • Pre- and post-implementation systems reviews
  • Data services (e.g., Computer Assisted Audit Techniques (CAATs) , data quality reviews)
  • Computer security reviews