Risk Assurance

Bringing detailed technical competence to help our clients understand and manage risk

The world has been taken by surprise by the velocity of change. We are witnessing the five global megatrends creating a broad spectrum of risk. Organisations are constantly being exposed to new strategic, technical, talent and reputation risks, particularly in the Middle East region where they face significant geopolitical and macroeconomic challenges. We understand your need for tailored services that provide you with expert advice and assurance to help you address these wide-ranging risks.

Through its breadth of competencies, Risk Assurance has the ability to help its regional clients, driven by the confidence we provide them, navigate through these risks to ultimately perform on a higher level.

With over 300 talented resources, spread across 16 offices and 11 countries in the Middle East, Risk Assurance has the hands-on expertise and experience to help you achieve your objectives.


Bringing detailed technical competence to help our clients understand and manage risk

Risk Assurance is a portfolio of three large groupings of interrelated but distinct services and competencies: Internal Audit, Business Controls & Enterprise Risk and Technology & Business Resilience. The practice has matured dramatically over recent years. Our breadth helps boards to start taking a holistic approach to risk, moving from being reactive and compliance driven to being proactive and seeing it as a strategic driver of performance.

Businesses are confronted by rapid and often disruptive change which, whilst creating numerous opportunities, also leaves organisations facing new and complex risks. PwC Internal Audit Services can be a valuable partner in building and strengthening your third line of defence, which is essential to provide your multiple stakeholders with assurance, and bringing you the insight and foresight across your organization to tackle the future head on.

Internal Audit Co-sourcing

  • Provide staff to fill gaps identified in internal audit functions.
  • Deliver individual internal audits in accordance with the client's internal audit methodology.
  • Provision of subject matter experts as and when required by an internal audit function.

Internal Audit Outsourcing

  • Provide a full outsourced internal audit service including the Head of Internal Audit.
  • Plan, execute and report internal audit work based on PwC’s Internal Audit Methodology.

External Quality Reviews

  • Assess an internal audit function’s compliance with IIA standards.
  • Evaluate an internal audit function against leading practices of high performing internal audit functions and co- source services.

Client training

  • Training courses tailored for internal audit functions.
  • Head of Internal Audit coaching.

Consultancy Services

  • Advisory services assisting with internal audit and component transformation and establishing an internal audit function.
  • Audit management system selection and implementation.
  • Application of PwC Internal Audit Planning Methodology to size an internal audit function.

Organisations are constantly being exposed to new and evolving strategic, technical, talent and reputation risks, particularly in the Middle East region where they face significant geopolitical and macroeconomic challenges. To survive and thrive in this uncertainty, we understand that strong enterprise risk processes are crucial as these drive business controls. Instead of tackling Enterprise Risk and Business Controls in silos, we approach them as a whole to derive the most value from alignment and consistency.

Enterprise Risk & Governance

Corporate Governance

  • Corporate governance assessments, framework design and implementation.
  • Board of directors effectiveness evaluation.
  • Governance training for the board, committees, executive management and shareholders.

Family Governance

  • Setting up family office models, structures and processes.
  • Development of family protocols and ownership constitutions.
  • Legalisation of family protocols in the shape of shareholder agreements and articles of association.

Enterprise Risk

  • Organisation-wide risk assessments, risk measurement and risk profiling.
  • Development of risk indicators, targets and limits to monitor performance.
  • Measurement and monitoring of risk performance.
  • Development of risk governance frameworks.

Business Policies & Procedures Improvement

  • Enhance business policy and process standards of organisations by improving the control environment and minimising associated risks.
  • Review and re-engineer operations and streamline existing business processes.
  • Apply extensive risk and control expertise and use proven business process management tools, methodologies and standards.

Regulatory Response

  • Assist the board to help use regulation to enhance the strategy and achieve business goals.
  • Embedding regulation into operating models and change management approach.
  • Improving processes, controls, technology and data essential for successful regulatory compliance.

IT Controls Assurance

  • Provide support to clients, both through external audit engagements and directly, in assessing the adequacy and effectiveness of its technology control environments.
  • Assessment of entity level controls, review of key business processes and supporting applications and associated automated controls and review of key IT general controls.

The digital age is here and technology is central to an organisation’s operations and ability to maximise opportunity. Organisations are pushed to innovate, develop faster, and be more agile and creative than ever before. Whether you want to protect your organization from cyber security threats, effectively adopt emerging technologies like cloud computing, revolutionise decision making through Big Data or strengthen your resilience to business continuity threats, PwC Technology and Business Resilience has proven expertise to empower you to do so.

Cyber Security & Privacy

Risk Assessment & Assurance

Understanding the risk and threats
  • Readiness assessment against international good practice
  • Benchmarking
  • Breach indicator assessment
  • Threat modelling and defence effectiveness
  • Penetration testing
  • Red team exercise
  • Social engineering

Strategy & Governance

Setting direction & vision
  • Developing and aligning security with business needs
  • Access control governance
  • Building the risk management & governance frameworks appropriate to the business
  • Data privacy & protection programmes
  • Training & awareness


Making the organisation secure by design
  • Security architecture design
  • Cyber programme design and management
  • Identity & access management
  • Building security into the fabric of the organisation from the board room to the network
  • Business case development
  • Tool selection and business integration

Cyber Resilience

Preparing for and responding to an cyber incident
  • Integrating cyber into business continuity
  • Cyber simulation exercises
  • Board awareness sessions and planning
  • Cyber forensics and investigation
  • Crisis management support
  • Remediation and recovery support

Data Assurance

Data Governance

  • Consulting and guidance on data governance strategy and approach.

Data Migration

  • Strategy guidance and assurance, cleansing support and review and process re-performance.

Process Mining and Utilisation

  • Identifying and visualising transaction flow and performing process KPIs and benchmarking to highlight risks and issues.

Data Visualisation

  • Identifying and visualising data to aid analysis and decision-making, as well as representing outputs in a unique and engaging way.

Data-Enabled Auditing

  • Using other capabilities to identify risks and continuously manage and monitor mitigation, response and control.

Data Visualisation

  • Identifying and visualising data to aid analysis and decision-making, as well as representing outputs in a unique and engaging way.

Business Systems Controls

Business Controls

  • Review, design, automation and optimisation of business system controls.

Programme Assurance

  • Quality assurance around system implementations and upgrade projects.
  • Focused ‘deep dive’ technical reviews at key implementation stages.

Governance, Risk and Compliance (GRC) Technology

  • Selection, design and implementation of GRC technology solutions.

Technology Risk Governance

Preparing for and responding to an cyber incident
  • Develop policy, procedures and processes to provide effective governance of technology risks.

Digital & Technology Risk

IT risk diagnostic

  • Benchmark of IT risk profile against industry peers.

IT reviews

  • Review/audit of IT risks and controls.

IT governance assessment

  • Assess/review of IT governance framework against industry standards (e.g. COBIT 5).

Business Resilience

Business Continuity

  • Business Impact Analysis (BIA) and Threat Risk Assessment (TRA).
  • Business continuity strategy and response planning.
  • Exercise and test planning and support.
  • Maintenance and maturity programs including self-assessment, management reporting and corrective action.
  • ISO22301:2012 and NCEMA 7000:2015 assessment and planning.

Technology Resilience

  • IT Service Continuity Policy and Framework.
  • Detailed solution design to meet the business stated requirements for Service Continuity in terms of compute, storage and network.
  • Test and exercise to validate solution design.
  • Current state assessment detailing the ability to deal with events which could impact the availability of the production systems.
  • Dependency mapping and IT resilience assessment.
  • Training and awareness. Detailed technical training for IT personnel relevant to the solution and general awareness training around IT service continuity.

Big Conversations for our Region

The following Big Conversations are our board-level response to carefully chosen issues and opportunities. Client-centric and strategic, they connect our multiple competencies to provide seamless solutions for complex needs, helping you to operate sustainably over the long term.

  • Powering our board level ambition

  • Internal Audit

    Internal Audit

    Businesses are confronted by rapid change. Changes in customers' behaviours, technology, competition and regulation. These are just a few of the disruptors that drive businesses to rethink their value proposition. Whilst there are clearly opportunities, it also leaves organisations facing new and often complex risks. Internal Audit has emerged as a critical lever for change. Now, more than ever, it needs to rise to the challenge and demonstrate its value so companies have the confidence to move faster and act decisively.

    Find out more

  • Regulatory Response

    Regulatory Response

    Regulation is increasingly part of business as usual. The way a business responds is key in determining the extent to which regulation is a burden or opportunity. In a challenging business environment, where trust and transparency are highly prized, a well-executed, efficient, appropriate and communicated response to all stakeholders on regulatory matters can bring about significant benefits and opportunities.

    Find out more

  • Enterprise Resilience

    Enterprise Resilience

    Resilience is defined as the organisation’s ability to protect against, or adapt to, short term of long term change. In today’s business environment an organistion lacking this ability will struggle to survive, let alone thrive. Reliable continuity of operations underpins business. The increasing complexity of operations has generated greater risk and driven the need for focused investment in protective disciplines to ensure money isn’t wasted and the organisation is as resilient as it needs to be.

    Find out more

  • Data Assurance & Insights

    Data Assurance & Insights

    The volume and variety of data has exploded in recent years, revolutionising decision-making. Intuition is no longer acceptable for executives to make big decisions. The real challenge comes in converting data into a more comprehensible and user-friendly format, creating actionable insights and applying these to transform their organisation.

    Find out more

  • Governance


    Whether you are a wholly-owned family business, listed corporation or a state-owned enterprise; good governance ensures that your company is better placed to execute strategy, manage growth and drive value whatever the prevailing macro-economic conditions.

    Find out more

  • Enterprise Risk Management

    Enterprise Risk Management

    Enterprise Risk Management (ERM) is an oversight tool for Management to enhance online and prior-to-fact capturing of strategic, operational, compliance, financial and external risks surrounding the business environment. In order to confidently provide the required risk information and assurances, an ERM system should be fit-for-purpose and provide a complete and accurate view of the risk profile - if it does not, there is a potential for of being exposed to by increased scrutiny from stakeholders.

    Find out more

  • Digital & Technology Risk

    Digital & Technology Risk

    The digital age is here and technology is central to an organisation’s operations and ability to maximise opportunity. Organisations are pushed to innovate and develop faster, be more agile and creative than ever before. But with this comes risks. We help an organisation achieve its business goals by providing assurance and helping to mitigate these risks.

    Find out more

  • Cyber Security & Privacy

    Cyber security & Privacy

    As incidents continue to proliferate across the globe, it’s becoming clear that cyber risks will never be completely eliminated. Businesses today are increasingly interconnected and dependent on digital business processes. This amplifies the impact of cyber attacks on every area of operations. Protecting the business and exploiting the opportunities that the digital way of working brings is fundamental to the future of companies. Cybersecurity is now a persistent business risk. It is no longer an issue that concerns only information technology; the financial, operational and reputational impacts have made this a C-suite and boardroom priority.

    Find out more

  • Trust and Transparency Solutions

    Trust and Transparency Solutions

    Our Trust and Transparency Solutions team offers independent, expert opinions on all areas of business performance and information, for external publication. In line with international standards, we help organisations respond to demands for increased transparency and industry comparability, and increase the credibility of that reporting.

    Find out more


Contact us

Steve Drake
Middle East Risk Assurance and Capital Markets Leader
Tel: +971 4 304 3421

Follow us