Featured - 4 items
How we can work together to help you
In the face of rapidly changing customer expectations, new regulations and the urgency to increase productivity and reduce operating cost, organisations are undergoing significant transformation. Leadership and execution strategies are key factors in responding to this transformation imperative.
Through the combination of our advanced technology, and deep knowledge and experience, our people will help you increase capacity and keep your business moving.
We have flexible specialists across a range of disciplines who can backfill or augment key roles or functions in your organisation. Many of our teams have worked in industry prior to joining PwC. We can scale up or down to support changing demand, to fill resource gaps, or to deliver key tasks. All of our specialists can work remotely in an effective and productive manner. Our experts can draw on the best practice and wider experience of our global network to support their role. You can draw on these benefits with confidence; our data security processes and robust technology mean you can focus on critical business needs.
Issues and challenges
- Increased number and complexity of privacy and regulatory mandates
- Digital disruption
- Weak controls
- No data and analytics capability
- Data security
- Risk management
- Auditing in the modern IT environment
- Transparency of outsourced activities
- Difficulty finding and retaining highly skilled security and privacy resources
Increased number and complexity of privacy and regulatory mandates
Emerging technologies and the increased digitization efforts of organizations also increased the expectation for internal audit and compliance functions to provide value and insights to the business. With our compliance services, you can have the confidence that the technologies you choose are meeting regulatory and compliance requirements and mitigating any security risks.
Digital disruption
The digital age is here. IT Systems are fundamental part of your organization and clients, customers and regulators need to trust it. PwC Risk Assurance - Financial Services help clients design and implements IT risks and control solutions that reflect a complex and fast changing technological landscape and leverage investments in IT for maximum business benefit. We can help in managing and maximize digital exposure and opportunity.
Weak controls
Embedding IT controls is essential in safeguarding an organization's assets and in minimizing the number and impact of the risks that threat your business. Poor design and effectiveness of controls would result to errors being undetected and possible misstatements in company financials.
No data and analytics capability
Many businesses struggle with building their company's data and analytics capability. PwC sees that the lack of talent, poor expertise in the use of data and analytics tools and the absence of a clear and defined data-driven strategy are the reasons why companies have not yet adopted a data-driven culture.
Data security
PwC Risk Assurance - Data Protection & Privacy Services can help identify the internal and external threats to the security over personal data and and recommend appropriate controls to ensure compliance with relevant regulation and standards. In addition, we can help the client determine if they are well prepared to respond to a breach and test their data security capability.
Risk management
Accepting risk is a fundamental part of a financial institution’s business. Financial institutions cannot avoid risk entirely, and the most successful institutions are those that identify the appropriate levels of risk to assume and put the appropriate measures in place to manage that risk. Our practice offers end-to-end solutions that will help client identify and balance risks by providing a timely review of processes and controls to ensure that their design continues to address their needs while maintaining efficiency and effectiveness.
Auditing in the modern IT environment
In an increasingly complex and technical IT environment, internal audit functions can benefit from the addition of key skills and technical insights. We can provide audit services from highly experienced specialists in SAP, Oracle, Microsoft Dynamics and JDE, and will quickly get to grips with new and bespoke systems.
Transparency of outsourced activities
As more companies outsource transaction processing or share sensitive data, the demand for trust and greater transparency across organizations’ internal controls increases. So, too, does the need for auditor reporting on those internal controls at a third party entity (or “service organization”) either through the following assurance reports:
- ISAE 3402 (Internal controls over financial reporting) or SOC 1 equivalent
- ISAE 3000 with reference to trust service criteria or SOC 2 equivalent
- SOC 2+ Vendor Controls Attestation
Difficulty finding and retaining highly skilled security and privacy resources
As cyber attacks become more complex, fewer talents and resources are able to cope up with these newer threats. Organizations put in constant effort to strengthen their cybersecurity defenses, policies, and practices by relying on knowledgeable personnel who knows how cyber attacks work.
Specialist roles we can support you with
We understand the importance of having the right specialists in place during these unprecedented circumstances. The roles that we can support you with are diverse, these include:
Security Assessment
ISO 27000 Lead Auditor. Assignment of an ISO 27000 Lead Auditor exclusive to one organization who will report to a contact head and will assist the organization in policy reviews, operating manual development, perform assessments, and reporting for a set period of time.
Vulnerability Assessment & Penetration Testing
Cybersecurity professional. Assignment of a PwC cybersecurity professional exclusive to one organization who will report to a contact head and will perform a continuous process of Vulnerability Assessment and Penetration Testing (VAPT) activities, such as finding vulnerabilities, providing recommendations, and regular reporting for a set period of time.
Data Analytics Capability Building
Data Analytics Manager and Staff. Our Data Analytics Professionals can fill key roles as you tie analytics to organizational problems and decision-making, providing you with valuable and actionable insights for improved business performance.
Data Protection and Privacy Specialist
The Data Protection Officer (DPO) or Compliance Officer for Privacy (COP) should be a full-time or organic employee of the Company. However, companies may outsource or subcontract the functions of its DPO or COP provided that the DPO or COP oversees the performance of activities performed by the third party service provider, and the DPO remains the contact person of the Company with National Privacy Commission (NPC). We have privacy specialist with deep understanding of the Data Privacy Act of 2012 and had assisted different Organization in complying with NPC's Five Pillars of Data Privacy Accountability and Compliance. Our privacy specialist can support you on your privacy compliance journey and perform the following functions: - conduct of privacy impact assessment; - assess data breach and security incidents; - develop and review privacy related documents (e.g., Privacy Notice, Consent Forms, and Data Sharing Agreements); and, - other tasks related to data privacy and protection.
Compliance Management Solutions
Compliance Manager and Staff. Our experienced audit professionals can assist or provide Independent Compliance Testing, Anti-Money Laundering Compliance, BSP Circular 808, alignment to BSP Circulars released in response to COVID-19, ICAAP validation, independent model validation, COSO-based quantitative audit rating, COBIT 5, among others.
Corporate Governance Solutions
Corporate Governance Manager and Staff. Our experienced audit professionals can assist or provide online trainings and practice assessments on Corporate Governance and Sustainability.
Internal Audit - Financial Services
Internal Audit Manager and Staff. Our experienced audit professionals can assist or provide business controls advisory, development of manuals of operation (i.e. MLPP, Branch Operations, Remittance, IT policies, etc.), outsourcing internal audit activities, IT governance assessment and IT general controls review.
Development of IT Policies and Procedures Manual
Manager. Provides technical and industry knowledge expertise in the assessment/development of the client's policies and procedures manual to further optimise the internal control environment.
Staff. Assist clients in optimising control activities, and policies and procedures. He/she will work with existing processes/systems whilst making constructive suggestions for improvements.
Enterprise Resource Planning Assurance
Manager. Responsible for planning, directing and overseeing the work of the team and providing technical and industry knowledge expertise relating to the optimization of existing ERP solutions.
Staff. Provides assurance on ERP systems and improve reliability and functionality at implementation, migration, upgrades and operation. He/She will perform technical configuration review for different application platforms.
Internal Controls Optimization
Manager. Oversees the procedures to be performed by his/her team and is the overall responsible in the assessment of the client's internal controls with the aim of optimising internal control measures to ensure a suitable risk level.
Staff. Identifies opportunities to improve existing controls, perform assessments and analyse the current internal control environment, and provide a range of meaningful recommendations to optimise controls of the client.
IT Generals and Application Controls Review
Manager. Responsible for the overall assessment of the design and implementation of the IT general and application controls. He/She will review the test findings, facilitate the remediation of control gaps and escalate possible critical issues to senior management.
Staff. Performs review of the critical application systems that support the business processes of the client by conducting walkthroughs and documenting understanding of the client's IT general and application controls. Furthermore, he/she will devise audit procedures and execute them to determine if the related controls are designed and operating effectively.
IT Governance Review
Manager. Responsible in the overall assessment and identification of IT risks and design an appropriate IT governance and risk management framework to better manage the client's risks and to better respond to digital disruptions or threats and IT governance changes.
Staff. Review existing IT governance framework and align it to industry standards framework to ensure that their IT functions support business strategies and objectives.
System Implementation Assurance
Manager. Responsible for planning and overseeing the work of the team and providing technical and industry knowledge expertise regarding the performance of the reviews tailored to meet the unique risks of each project and achieve the system implementation objectives and desired outcomes.
Staff. Reviews the level of compliance of new systems with business requirements, ensure that all necessary internal controls were considered in the design of the system and that it will operate as intended. He/she will also provide comfort that value proposition and overall objectives of the project have been achieved and give insight on the effectiveness of project management practices.
ISAE 3402 / ISAE 3000 / SOC2+
Project Manager. To act as a liaison officer between the auditors and process owners for audit and compliance projects. This includes responsibility over managing document requests and validating issues raised during the audit.
Staff. To execute tasks as determined by your team. This may include creation of risk and controls matrix, risk issues tracker, management written statement and controls description report.
Portfolio Management
Portfolio Manager. To provide strategic oversight, management solutions, technical skills, subject matter and industry knowledge to companies with large third party assurance portfolios.
The range of skills and experience in our team is vast. If the above doesn’t address your specific needs - or if your requirements are more specialised or require cross-role or multi-functional capabilities - we’d be glad to talk with you about finding a scalable situation.
How it works
We have developed two cost-effective and agile models that will allow you the flexibility to meet operational demands whether you need one person or a team.
Option 1
Specialist resource secondments
Your PwC RA-IT Manager will discuss your specific needs and work with you to identify a suitable resource for the role you need to fill and the likely time frame. Once agreed, our resource will be deployed promptly, with agreed protocols for instruction and reporting.
Option 2
Shadow function support
Where you anticipate increased capacity or key role absence in a business critical team or function, we can stand up a shadow team comprising one or more specialists.
Your PwC RA-IT Manager will help identify the right specialists from PwC to operate in a shadow role. An initial briefing would be followed by weekly touch points with your own team; in this way, the shadow team will be ready to pick up tasks, step to role, and provide increased capacity at very short notice.
How we bring value
- Access to a diverse range of skills and industry professionals directly aligned to your business need.
- A flexible and scalable solution that can be turned up, or down depending on your requirements.
- An infrastructure that ensures our teams are able to work remotely, efficiently and effectively.
- A support model that allows our professionals to hit ground at short notice.
Other services
Related Content
Contact us
Mark Anthony P. Almodovar
Risk Assurance Executive Director, PwC Philippines
Tel: +63 (2) 8845 2728
Follow PwC Philippines
