A Business Process Controls Review focuses on the application system controls and/or manual controls surrounding key business transaction flows. This review begins by gaining an understanding of, and documenting the key business processes for, a particular application or function (i.e., generating bills for customers, calculation of water usage).
This assessment ensures through a detailed analysis that computer systems within the company process information accurately, comprehensively and securely and that it is available for use in accordance with the objectives defined by the business. As part of our review, we look at key application software to help establish that there is adherence to the objectives of the business, accuracy in processing of data, validation of data inputs, logical access controls and exception handling.
Analyse and provide assurance over the consistency and integrity of business data and improve financial audits with focussed IT-tools (including ACL).
System Implementation Assurance (SIA) is PwC’s proven methodology for delivering an independent assessment of a client’s project at any point in the client’s systems life cycle including pre or post implementation. SIA looks at the alignment of management’s desired outcomes, risks and approach with the objective of providing management with comfort that a project will achieve its desired outcomes.
Developed by PwC project management practitioners from around the world, the Systems Implementation Risk Management methodology provides local practitioners with a library of key implementation risks to be considered at key points in the life-cycle. The methodology enables local practitioners to leverage the firm's cumulative experience with project implementations.
The SIA methodology provides a structured approach for quickly identifying and validating the following key risks that could jeopardize achievement-desired outcomes:
Delivering comfort over systems implementation projects requires the right team. PwC is in the unique position to deliver resources with the industry, technical and subject matter experience to enable the most effective and efficient implementation assurance review.
Giving assurance on ERP systems such as SAP, Oracle, Peoplesoft or JD Edwards and improving their reliability and functionality at implementation, migration, upgrades and operation, as well as performing assessments of user access and the associated segregation of duties using proprietary tools such as Oracle GATE, Automated Controls Evaluator (ACE) and Segregation of Duties Analyser (SODA).
Assessing and helping management build secure, effective and efficient IT governance systems and align them with corporate governance.
This review identifies the relevant controls over the current information systems and assesses its adequacy. It entails an analysis of the information systems environment and structure. The review looks at changes to programs and related infrastructure components within the IT environment; access to programs and data within the core application (including security administration, physical security, operating system security and network security); the processing of day-to-day IT operations, which will include batch scheduling/real time processing, backup, and problem management and disaster recovery.
Information Technology (IT) General Controls review will mainly cover the following areas: