IT environments have continued to increase in complexity
with ever greater reliance on the information produced
by IT systems and processes. The recent emergence
of regulations aiming to restore the investor confidence
has placed a greater emphasis on internal controls
and often requires independent assessments of the
effectiveness of internal controls.
Attention to the design, documentation and operation
of controls —both application controls and IT
general controls— is critical to ensuring the
accuracy and timeliness of information used for financial
reporting and management decision-making. More and
more market players in their approach towards internal
control assessment, design and implementation need
embedding an underlying risk analysis approach with
a focus on reliable and effective key application
controls. While Risk Management in itself is moving
at the top of the Board agenda due to high profile
business failures, heavy regulatory pressure is increasing
compliance requirements which needs to be integrated
into the company internal control framework.
If this is your situation
- You need confidence in the quality of the information
produced by your IT systems.
- You need assistance in documenting or testing
your internal controls over financial reporting.
- You need an independent review of your control
structure, including identification of weaknesses
and possible design enhancements.
- You rely on financial information from a third
party and need independent assurance on that information.
- Your organisation provides services to a company
and you've been asked to provide a SAS 70 report.
- You are implementing—or have just implemented—a
new IT system and want a review of the controls.
- You are entering into a joint venture or other
transaction and need due diligence on systems and
controls.
- You are thinking to develop an ERM function with
a clear focus on Operational Risk Management.
- You need a better view on your risks enterprise-wide
and how well are they controlled?
- You need to consider the consequences of IT/business
disruption and the direct effect on market reputation,
revenues, market share, recovery costs, and shareholder
value.
How PricewaterhouseCoopers can help you
Our Systems and Process Assurance (SPA) practice
provides services related to controls around the financial
reporting process, including financial business process
and IT management controls with a clear insight on
Operational Risk Management . Serving both audit and
non-audit clients, SPA provides:
- Reviews of financial and operational business
process controls
- Reviews of IT general controls
- Third party assurance and opinion services
- Sarbanes-Oxley readiness, process improvement
and sustainability services
- Compliance with other regulatory requirements
or control frameworks (e.g., Coso, CobiT, Basle
II)
- Due diligence on systems and controls
- Pre- and post-implementation system reviews
- Working with Board and senior management to implement
recommendations to better manage risk.
- Risks analysis: identification and assessment
of operational risks, inventory of existing controls
and assessment of their efficiency, identification
of corrective actions.
- Assistance for self-assessment risk analysis exercises:
through structured trainings and workshops, provide
awareness on risk management importance and train
on risk evaluation techniques and methodology
- Business Continuity Plan implementation: Business
Impact Analysis, strategy selection, plan development,
crisis management, plan testing and maintenance.
