Audit & Assurance

As companies begin the process of integrating their compliance with the reporting requirements of Sections 302 and 404 of the U.S. Sarbanes-Oxley Act, internal auditors are struggling to come to grips with their role and involvement in these initiatives. In addition, the impact of the Sarbanes-Oxley Act has also been felt by other organisations not directly included in its scope as the standards for good corporate governance have risen. Internal Audit’s role in this new environment raises questions that include both short-term tactical issues during the implementation phase, as well as longer-term strategic questions on the role and responsibilities of internal audit in the process. Although the Sarbanes-Oxley Act spells out the various roles of management, the audit committee and the external auditors, it does not specifically address the role of internal auditors. In a post Sarbanes-Oxley world, the internal audit function needs to walk a fine line between providing assurance and consulting to management without impairing its objectivity and independence.

If this is your situation

If any of the following situations are applicable to your circumstances, PwC can assist you in finding a solution:

• You’re a new company with no existing Internal Audit resources and are trying to determine the most appropriate operational model to adopt.
• You're concerned that your internal audit function can't keep up with the changing risks facing your business.
• You find it difficult to recruit and retain internal audit professionals in all of your key skill areas.
• You need to supplement your in-house internal audit function with specialist skills.
• Your internal audit function has insufficient resources to cover the geographic scope of your organisation.
• Your organisation considers internal audit to be a non-core activity so you want to find an external provider.
• You need to assess the effectiveness of your risk management, internal audit and corporate governance procedures.

How PwC can help you

Maximising the value and effectiveness of the internal audit function requires an understanding of an organisation’s objectives, risks, risk management priorities, regulatory environment and the diverse needs of critical stakeholders including executive management, the board, employees and shareholders. Ultimately, these needs determine the risk profile of the organisation and the strategic focus, organisation, resources and practices required of its internal audit department.

We can assist organisations that need help improving the quality and effectiveness of their internal audit processes in a number of ways. First, by advising and assisting in the development of internal audit and risk management methodologies, including assessing whether the internal audit function is delivering effectively to stakeholders.

Second, by providing internal audit resourcing solutions, including full outsourcing or complementing in-house functions with specialist skills or geographical coverage. Third, by supporting internal audit functions with software to enhance and support their work. In addition, we can develop training for internal auditors using our extensive market and industry knowledge to create highly-tailored solutions.

• Internal audit outsourcing
• Internal audit co-sourcing
• Internal audit advisory
• Sarbanes-Oxley advisory
• Technical advice

Around the world, companies are taking a fresh, hard look at risk-redefining the role of risk management in achieving performance objectives and ultimately driving shareholder value. The main goal is not to eliminate risk, but rather to proactively assess and manage it to their advantage.

In today's business world, IT and financial reporting environments are becoming increasingly complex while even greater reliance is being placed on the information produced by these systems and processes. In addition, new regulations in many countries have put a greater emphasis on internal controls and often require independent assessments of the effectiveness of internal controls.

Attention to the design, documentation and operation of controls is critical to ensuring the accuracy and timeliness of information used for financial reporting and management decision-making.

If this is your situation

• You need confidence in the quality of the information produced by your IT systems.
• You need assistance in documenting or testing your internal controls over financial reporting.
• You need an independent review of your control structure, including identification of weaknesses and possible design enhancements.
• You rely on financial information from a third party and need independent assurance on that information.
• Your organisation provides services to a company and you've been asked to provide a SAS 70 report.
• You are implementing—or have just implemented—a new IT system and want a review of the controls.
• You are entering into a joint venture or other transaction and need due diligence on systems and controls.

How PwC can help you

Our Systems and Process Assurance (SPA) practice provides services related to controls around the financial reporting process, including financial business process and IT management controls. Serving both audit and non-audit clients, SPA provides:

• Financial and operation applications/business process controls reviews
• Database security controls reviews
• IT general controls reviews
• Infrastructure security reviews
• Third party assurance and opinion services
• Sarbanes-Oxley readiness, process improvement and sustainability services
• Compliance with other regulatory requirements (e.g., Turnbull, Basel II, King)
• Due diligence on systems and controls
• Pre- and post-implementation systems reviews
• Project assurance services
• Data services (e.g., CAATs, data quality reviews)
• Computer security reviews