System & Process Assurance

In the present business environment, companies recognise that Information Technology (IT) and financial reporting processes are integral components of business. Performance management and efficiency and reliability of internal controls are important success factors.

As IT and reporting environments become more complex, greater reliance is placed on the information produced by these systems and processes. Furthermore, as new regulations appear, a greater emphasis is placed on internal controls and often independent assurance of their effectiveness is required.

To ensure that financial information used for management decision-making is accurate, sufficient, and reliable, attention to design, documentation and operation of controls is vitally important.

If this is your situation:

• You need an independent review of your internal controls framework
• You need assistance in documenting or testing internal controls over financial reporting
• You need independent assurance on financial information generated by a third party on which your company relies
• You need a SAS 70 report (if your company is a service organisation)
• You need a review of controls for a new IT system to be implemented or having just been implemented
• You need confidence in the quality of information produced by IT systems
• You need due diligence on systems and controls when entering into a joint venture or going through other Merger & Acquisition activity

How PwC can help:

Our Systems and Process Assurance (SPA) practice provides services related to financial, business process, operational and IT management controls, serving both audit and non-audit clients. Some of SPA’s key solution sets include proven methodologies in the following areas:

• Data assurance: reviewing the quality, completeness and accuracy of data during the implementation of new systems, and related migration of data to new platforms; data mining projects.
• IT audit: IT security guidelines and standards; IT systems; IT processes; contract management; project management for change management projects in connection with IT security; reviewing IT general controls operational effectiveness.
• Risks and controls trainings: trainings on IT risk management, IT governance, IT audit, and training programs on increasing the efficiency of internal audit departments and evaluation of IT environment and IT related controls.
• Internal controls optimization: aligning controls with business objectives and risks; reducing regulatory costs; integrating systems and processes with compliance and operational controls;
• ERP risk and controls assurance: reviewing configuration of SAP™ and Oracle™ automated controls; performing logical and physical analyses of security; designing and evaluating segregation of duties & access controls frameworks; aligning application controls & business processes, performing compliance tools optimization;
• Project and implementation assurance: helping to ensure the alignment of project deliverables with business objectives; implementation risk assessment & mitigation; project coordination & management;
• Third party assurance / SAS 70: providing assurance to business’ customers that information processed by service organizations is secure, accurate, confidential, sufficient and represents valid transactions;