IT Risk Assurance

IT controls reviews and optimisation

In today’s business world, IT and operational environments are becoming increasingly complex.

In today’s business world, IT environments are becoming increasingly complex while even greater reliance is being placed on them as part of business process operations, controls, performance and management reporting.

Our IT systems & Projects Assurance practice helps clients realize the complete value of their strategic technology initiatives and increase comfort over implemented IT solutions, through the effective management of risk in the following areas:

  • IT systems implementation assurance, including:
    • independent quality assurance throughout entire project lifecycle
    • support of projects design and initiation
    • targeted project reviews and audits, based on risk assessment
  • Business system and information related risks, including:
    • security configuration, segregation of duties and restricted access to critical system functions
    • process automation and control optimization
    • business information delivery
    • data management, analysis and assurance

a) IT systems implementation assurance

According to many research a quarter of all major change programmes fail completely while around three quarters under deliver. Many companies have a history of IT implementation projects, which struggle to deliver the benefits that are expected of them, often having major knock on effects with other projects and sometimes even conflicting with others.

PwC's IT systems implementation assurance services help clients to boost the likelihood of a project's success and to reach its business goals. PwC's team of specialists have tried and tested methods in addition to years of experience of business and project management behind them, covering variety of IT systems: ERP and HR (SAP ERP, Oracle E-Business Suite, Microsoft Dynamics AX), GIS, CRM, BI, GRC and others.

Our experts work with their clients throughout the whole project lifecycle - from the planning, by way of the controlling and right through to the conclusion of a project.

We add value throughout the IT systems implementations arena by:

  • Carrying out independent assessments of the current project status, the project management processes and the main project results,
  • Assessment of contractual and legal aspects of project related third party contracts, identifying the associated risks,
  • Identification of project risks and implementation of a suitable project risk management process,
  • Assessment of programme and project management, to increase both efficiency and control over entire initiatives,
  • Improved supervision and control in relation to the achievement of the added value aspired to, on the basis of suitable processes, tools and reports,
  • Acting as a supervisory trustee to check that official requirements are complied with.

External project assurance ensures that the financial goals of a project can be achieved, quality standards adhered to and deadlines met. The key target is to succeed in controlling the project and creating expected added value for the company.

b) IT systems and data assurance

The pace of IT change, regulatory pressures and increasing dependency on IT represent a significant challenge for companies. IT systems must be fully available and reliable to enable business processes to run smoothly, in well controlled and transparent manner.

Information has become a critical factor for business strategic and operational management. Customers, partners, suppliers, employees and investors all require that data and information be confidential and inviolable, but also reliable and available for reporting and management purposes.

Many organisations report and make decisions based on information which is unreliable, inconsistent and misleading. There is an increasing burden of external reporting and compliance - be it from shareholders/investors, customers/suppliers, Regulators, Government bodies/departments and NGO's.

Also internal controls systems are more and more dependent on IT systems, with increasing ratio of automated and semi automated / IT reports based ones. Reliance of internal controls systems require reliance on IT systems as well, while increasing number of automated controls improve effectiveness of the controls environment and reduce its costs for the organization.

We add value throughout the IT systems and data related risk and solutions arena by:

  • Helping companies identify IT systems related risks and understand their impact,
  • Scrutinising ERP and business systems on various levels to provide assurance on governance, implementation, data migration, interfaces and overall alignment with business objectives,
  • Providing assurance that a robust control solutions are in place to manage IT systems risks, including process improvement, controls optimisation and providing internal comfort that performance information is reported correctly,
  • Evaluating potential risks of undetected errors, fraud, or material misstatement to the financial and operating data, including cases when business functions and users have incompatible, elevated or powerful access to the system,
  • Optimizing the implementation and configuration of third party compliance tools, such as SAP GRC,
  • Providing independent assurance, including third party assurance using defined reporting standards, over the process, controls, reports and data used to manage the business and deliver external performance information,
  • Providing independent assurance over data and information quality.

Businesses will see direct benefits as a result of implementing these solutions, for example increased reliability of the internal controls system and information, a reduction in risks associated with both: daily business and compliance combined with improvement in the cost-benefit ratio.

Contact us

Daniel Jordanovski

Senior Manager, Risk Assurance Solutions, PwC Macedonia

Tel: +389 70 248 127

Follow us