Internal Controls

Addressing enterprise risk while enabling business performance

The risk landscape is expanding providing both challenges and opportunities for organisations.  While being ready to respond is essential, it’s not easy. Internal Audit has emerged as a critical lever for change giving boards the confidence to deal with the demands of a dynamic marketplace. Now, more than ever, Internal Audit needs to rise to the challenge and demonstrate its value. 
The risk landscape has changed and Internal Audit needs to be agile in the face of these market challenges. As a result, stakeholders expect more from the Internal Audit function. Focusing on the right areas to deliver insight, investing in technology and people are some of the areas PwC can assist you in becoming the "trusted advisor" to your organisation. Let us support you with your development of a broader perspective which will go above and beyond meeting your stakeholder expectations.

Internal Audit

At PwC, we are driving Internal Audit innovation merging the skills of our people with a robust, leading edge Internal Audit approach and state-of-the-art technology. The result is The PwC Internal Audit. Relevant, aligned and agile, it delivers insight and quality in equal measure and to the highest standard, helping you build the confidence to move faster and act decisively.

Data Driven Internal Audit
Using analytics provides a more comprehensive and real-time view of changing risk and efficient testing of controls. We can test entire populations of data, target certain attributes of a population based on risk, identify root causes of problems, and generate insights to strengthen your approach to managing risks.

Outsourcing and co-sourcing solutions
A co-sourcing solution offers cooperation on particular engagements and knowledge sharing with your internal staff. We are ready to provide you with the assistance of our specialists under short-term or long-term secondments as well.

Compliance review
The aim is to assess the compliance of the activities and processes implemented with the requirements of both external and internal regulations, standards and best practices. We assess the extent and complexity of your methodology, evaluate its adequacy and compare it with the best practices on the market.

Internal Audit Quality Assurance Reviews and benchmarking
The aim is to assess the compliance of internal audit activities with IIA Standards, evaluate the effectiveness and performance of an internal audit function, including its tools and techniques and the identification of its strengths and weaknesses.

Internal audit function set up
Our team of specialists will help you to set up and establish a functional internal audit model that will provide your company with added value and assist you in achieving your long-term goals. Our policies are based on a proven methodology and an individualised approach.

Trust and Transparency Solutions

Companies have increasingly looked to outsourcing over the past few decades as a means of reducing costs and improving processing efficiency. The growing rates of adoption of software as a service, platform as a service, and other cloud based infrastructure models as well as physical hosting to store customers sensitive information will continue to drive increases in outsourcing. Because of those increases, the need for an independent assurance on internal controls as a third-party entity (or “service organization”) has also increased. Also known as International Standard on Assurance Engagements 3402 (or “ISAE 3402”) or its US version SSAE 18, the Service Organization Control (SOC) Report 1 is designed to deal with internal controls over financial reporting (ICFR). To assess the effectiveness of an entity’s non-financial operational and compliance controls, two reporting vehicles to meet this need were created: SOC2 and SOC3. These reports use the Trust Services Principles and Criteria as a framework for reporting on a service organization’s operational and compliance controls relevant to user organization.

These principles are:

  • Security – the system is protected against unauthorized access, use or modification
  • Availability – the system is available for operation and use as committed or agreed
  • Processing integrity – system processing is complete, valid, accurate, timely, and authorized
  • Confidentiality – information designated as confidential is protected as committed or agreed
  • Privacy – generally accepted privacy principle

Clarity over service providers’ controls can go far to strengthen your brand and operations. PwC offers a full range of service organization control reports. By developing and delivering an independent and customized attestation, we pave the way so a service organization can approach both existing and prospective customers with confidence and vigorously convey the trust and transparency that those customers need and expect.

Contract Assurance

Most organisations face the ongoing challenge of obtaining value from contracts and transactions with third parties. Our experience shows that even where there are standard controls and purchase to pay processes in place, the value identified at he negotiation stage often erodes over time. This erosion leaves gaps between the perceived value and the value actually delivered. Engaging PwC for Commercial Assurance enables organisations to quickly identify savings opportunities resulting in greater value now , and also reap the benefits of process enhancements, knowledge transfer and ongoing assurance mechanisms needed to sustain value across the contract lifecycle.

The solution for you may be implementing a robust Third Party Risk Management (TPRM) program.

The TPRM function manages and monitors the sourcing activities and risks associated with using third parties to enable your operations and operational strategies. PwC professionals can provide a comprehensive suite of services.

  • Improving relations with suppliers through clear identification of problems and corresponding adjustment of existing contracts
  • Evaluation of existing contracts and commercial risk in the set-up of new contracts
  • Cost reduction initiatives - average cost reduction between 5 - 15% of annual contract value
  • Merges and Acquisitions - contract risk mitigation pre and post-deal and commercial evaluation of contract portfolios
  • Re-negotiation points - helping clients improve their negotiating position and strategy in the lead up to re-negotiation
  • Contract exit - assisting clients in their contract exit and transition programs, managing contractual risk and reducing exit costs

Business Controls Advisory

A complex and continually shifting business landscape, and increasing competitive pressure require effective management of risk across the organisation.

PwC can assist you in optimizing your business controls environment by:

  • Establishing, documenting or testing the internal control environment
  • Review, design, automation and optimisation of business system controls, automated controls and IT general controls
  • Assessment and recommendations around entity level controls
  • Assessment of internal control environment, also utilizing globally recognized integrated internal control framework COSO
  • Advice and assistance in business process and internal controls optimization
  • Assistance in preparation for the requirements of Sarbanes-Oxley, ISO27000, COBIT or similar regulations or testing of compliance with these requirements
  • Outsourcing contract risk and compliance review
  • Regulatory compliance rationalization


Tomáš Kuča

Tomáš Kuča

Lead Partner, Broader Assurance Services, PwC Czech Republic

Tel: +420 724 061 817

Pavel Štefek

Pavel Štefek

Partner, Risk Assurance, PwC Czech Republic

Tel: +420 251 152 400