Risk Assurance

Bringing detailed technical competence to help our clients understand and manage risk

The world has been taken by surprise by the velocity of change. We are witnessing the five global megatrends creating a broad spectrum of risk. Organisations are constantly being exposed to new strategic, technical, talent and reputation risks, particularly in the Middle East region where they face significant geopolitical and macroeconomic challenges. We understand your need for tailored services that provide you with expert advice and assurance to help you address these wide-ranging risks.

Through its breadth of competencies, Risk Assurance has the ability to help its regional clients, driven by the confidence we provide them, navigate through these risks to ultimately perform on a higher level.

With over 300 talented resources, spread across 16 offices and 11 countries in the Middle East, Risk Assurance has the hands-on expertise and experience to help you achieve your objectives.

Bringing detailed technical competence to help our clients understand and manage risk

Risk Assurance is a portfolio of three large groupings of interrelated but distinct services and competencies: Internal Audit, Business Controls & Enterprise Risk and Technology & Business Resilience. The practice has matured dramatically over recent years. Our breadth helps boards to start taking a holistic approach to risk, moving from being reactive and compliance driven to being proactive and seeing it as a strategic driver of performance.

Businesses are confronted by rapid and often disruptive change which, whilst creating numerous opportunities, also leaves organisations facing new and complex risks. PwC Internal Audit Services can be a valuable partner in building and strengthening your third line of defence, which is essential to provide your multiple stakeholders with assurance, and bringing you the insight and foresight across your organization to tackle the future head on.

Internal Audit Co-sourcing

  • Provide staff to fill gaps identified in internal audit functions.
  • Deliver individual internal audits in accordance with the client's internal audit methodology.
  • Provision of subject matter experts as and when required by an internal audit function.

Consultancy Services

  • Advisory services assisting with internal audit and component transformation and establishing an internal audit function.
  • Audit management system selection and implementation.
  • Application of PwC Internal Audit Planning Methodology to size an internal audit function.

Internal Audit Outsourcing

  • Provide a full outsourced internal audit service including the Head of Internal Audit.
  • Plan, execute and report internal audit work based on PwC’s Internal Audit Methodology.

External Quality Reviews

  • Assess an internal audit function’s compliance with IIA standards.
  • Evaluate an internal audit function against leading practices of high performing internal audit functions and co- source services.

Client training

  • Training courses tailored for internal audit functions.
  • Head of Internal Audit coaching.

Organisations are constantly being exposed to new and evolving strategic, technical, talent and reputation risks, particularly in the Middle East region where they face significant geopolitical and macroeconomic challenges. To survive and thrive in this uncertainty, we understand that strong enterprise risk processes are crucial as these drive business controls. Instead of tackling Enterprise Risk and Business Controls in silos, we approach them as a whole to derive the most value from alignment and consistency.

Enterprise Risk & Governance

Corporate Governance

  • Corporate governance assessments, framework design and implementation.
  • Board of directors effectiveness evaluation.
  • Governance training for the board, committees, executive management and shareholders.

Family Governance

  • Setting up family office models, structures and processes.
  • Development of family protocols and ownership constitutions.
  • Legalisation of family protocols in the shape of shareholder agreements and articles of association.

Enterprise Risk

  • Organisation-wide risk assessments, risk measurement and risk profiling.
  • Development of risk indicators, targets and limits to monitor performance.
  • Measurement and monitoring of risk performance.
  • Development of risk governance frameworks.

Business Policies & Procedures Improvement

  • Enhance business policy and process standards of organisations by improving the control environment and minimising associated risks.
  • Review and re-engineer operations and streamline existing business processes.
  • Apply extensive risk and control expertise and use proven business process management tools, methodologies and standards.

Regulatory Response

  • Assist the board to help use regulation to enhance the strategy and achieve business goals.
  • Embedding regulation into operating models and change management approach.
  • Improving processes, controls, technology and data essential for successful regulatory compliance.

IT Controls Assurance

  • Provide support to clients, both through external audit engagements and directly, in assessing the adequacy and effectiveness of its technology control environments.
  • Assessment of entity level controls, review of key business processes and supporting applications and associated automated controls and review of key IT general controls.

The digital age is here and technology is central to an organisation’s operations and ability to maximise opportunity. Organisations are pushed to innovate, develop faster, and be more agile and creative than ever before. Whether you want to protect your organization from cyber security threats, effectively adopt emerging technologies like cloud computing, revolutionise decision making through Big Data or strengthen your resilience to business continuity threats, PwC Technology and Business Resilience has proven expertise to empower you to do so.

Cyber Security & Privacy

Risk Assessment & Assurance

Understanding the risk and threats
  • Readiness assessment against international good practice
  • Benchmarking
  • Breach indicator assessment
  • Threat modelling and defence effectiveness
  • Penetration testing
  • Red team exercise
  • Social engineering

Strategy & Governance

Setting direction & vision
  • Developing and aligning security with business needs
  • Access control governance
  • Building the risk management & governance frameworks appropriate to the business
  • Data privacy & protection programmes
  • Training & awareness


Making the organisation secure by design
  • Security architecture design
  • Cyber programme design and management
  • Identity & access management
  • Building security into the fabric of the organisation from the board room to the network
  • Business case development
  • Tool selection and business integration

Cyber Resilience

Preparing for and responding to an cyber incident
  • Integrating cyber into business continuity
  • Cyber simulation exercises
  • Board awareness sessions and planning
  • Cyber forensics and investigation
  • Crisis management support
  • Remediation and recovery support

Data Assurance

Data Governance

  • Consulting and guidance on data governance strategy and approach.

Data Migration

  • Strategy guidance and assurance, cleansing support and review and process re-performance.

Process Mining and Utilisation

  • Identifying and visualising transaction flow and performing process KPIs and benchmarking to highlight risks and issues.

Data-Enabled Auditing

  • Using other capabilities to identify risks and continuously manage and monitor mitigation, response and control.

Data Visualisation

  • Identifying and visualising data to aid analysis and decision-making, as well as representing outputs in a unique and engaging way.

Business Systems Controls

Business Controls

  • Review, design, automation and optimisation of business system controls.

Programme Assurance

  • Quality assurance around system implementations and upgrade projects.
  • Focused ‘deep dive’ technical reviews at key implementation stages.

Governance, Risk and Compliance (GRC) Technology

  • Selection, design and implementation of GRC technology solutions.

Technology Risk Governance

Preparing for and responding to an cyber incident
  • Develop policy, procedures and processes to provide effective governance of technology risks.

Digital Trust

IT risk diagnostic

  • Benchmark of IT risk profile against industry peers.

IT reviews

  • Review/audit of IT risks and controls.

IT governance assessment

  • Assess/review of IT governance framework against industry standards (e.g. COBIT 5).

Business Resilience

Business Continuity

  • Business Impact Analysis (BIA) and Threat Risk Assessment (TRA).
  • Business continuity strategy and response planning.
  • Exercise and test planning and support.
  • Maintenance and maturity programs including self-assessment, management reporting and corrective action.
  • ISO22301:2012 and NCEMA 7000:2015 assessment and planning.

Technology Resilience

  • IT Service Continuity Policy and Framework.
  • Detailed solution design to meet the business stated requirements for Service Continuity in terms of compute, storage and network.
  • Test and exercise to validate solution design.
  • Current state assessment detailing the ability to deal with events which could impact the availability of the production systems.
  • Dependency mapping and IT resilience assessment.
  • Training and awareness. Detailed technical training for IT personnel relevant to the solution and general awareness training around IT service continuity.

Big Conversations for our Region

The following Big Conversations are our board-level response to carefully chosen issues and opportunities. Client-centric and strategic, they connect our multiple competencies to provide seamless solutions for complex needs, helping you to operate sustainably over the long term.


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Contact us

Matthew White

Matthew White

Partner, Digital Trust Leader, PwC Middle East

Tel: +971 (0) 56 113 4205

John Saead

John Saead

Partner, Internal Audit & GRC Leader, PwC Middle East

Tel: +966 56 007 9699

Gavin Steel

Gavin Steel

Partner, ME Accounting Advisory Leader, PwC Middle East

Tel: +971 4 304 3308

Follow us