RCS - Systems and Process Assurance

Business Process reviews

A Business Process Controls Review focuses on the application system controls and/or manual controls surrounding key business transaction flows.  This review begins by gaining an understanding of, and documenting the key business processes for, a particular application or function (i.e., generating bills for customers, calculation of water usage).  This assessment ensures through a detailed analysis that computer systems within the company process information accurately, comprehensively and securely and that it is available for use in accordance with the objectives defined by the business.  As part of our review, we look at key application software to help establish that there is adherence to the objectives of the business, accuracy in processing of data, validation of data inputs, logical access controls and exception handling. 

 

Data Assurance

Analyse and provide assurance over the consistency and integrity of business data and improve financial audits with focussed IT-tools (including ACL).

 

Pre and Post Implementation review

System Implementation Assurance (SIA) is PwC’s proven methodology for delivering an independent assessment of a client’s project at any point in the client’s systems life cycle including pre or post implementation.  SIA looks at the alignment of management’s desired outcomes, risks and approach with the objective of providing management with comfort that a project will achieve its desired outcomes.

Developed by PwC project management practitioners from around the world, the Systems Implementation Risk Management methodology provides local practitioners with a library of key implementation risks to be considered at key points in the life-cycle.  The methodology enables local practitioners to leverage the firm's cumulative experience with project implementations. 

The SIA methodology provides a structured approach for quickly identifying and validating the following key risks that could jeopardize achievement-desired outcomes:

  • Controls Risks: Will the design and implementation of controls address financial reporting operational and regulatory requirements in an efficient and effective manner?
  • Project Risks: Will the solution be delivered on time, on budget, and to specifications?
  • Business Risks: Have expected business benefits been clearly defined and communicated?

Delivering comfort over systems implementation projects requires the right team.  PwC is in the unique position to deliver resources with the industry, technical and subject matter experience to enable the most effective and efficient implementation assurance review.  

 

Enterprise Resource Planning (ERP) Assurance

Giving assurance on ERP systems such as SAP, Oracle, Peoplesoft or JD Edwards and improving their reliability and functionality at implementation, migration, upgrades and operation, as well as performing assessments of user access and the associated segregation of duties using proprietary tools such as Oracle GATE, Automated Controls Evaluator (ACE) and Segregation of Duties Analyser (SODA).

 

Information Technology Governance and Security

Assessing and helping management build secure, effective and efficient IT governance systems and align them with corporate governance.

 

Information Technology General Controls

This review identifies the relevant controls over the current information systems and assesses its adequacy.  It entails an analysis of the information systems environment and structure.  The review looks at changes to programs and related infrastructure components within the IT environment; access to programs and data within the core application (including security administration, physical security, operating system security and network security); the processing of day-to-day IT operations, which will include batch scheduling/real time processing, backup, and problem management and disaster recovery. 

Information Technology (IT) General Controls review will mainly cover the following areas:

  • IT department organisation and management;
  • Logical and physical security (including user access);
  • Operating systems and network security (including Windows 2000/3; UNIX(various flavors) and OS400)
  • System maintenance activities (including change management);
  • Computer operations;
  • Backup/recovery procedures;
  • Software development and implementation.