System and process assurance

IT environments have continued to increase in complexity with ever greater reliance on the information produced by IT systems and processes. The recent emergence of regulations aiming to restore the investor confidence has placed a greater emphasis on internal controls and often requires independent assessments of the effectiveness of internal controls.

Attention to the design, documentation and operation of controls —both application controls and IT general controls— is critical to ensuring the accuracy and timeliness of information used for financial reporting and management decision-making. More and more market players in their approach towards internal control assessment, design and implementation need embedding an underlying risk analysis approach with a focus on reliable and effective key application controls. While Risk Management in itself is moving to the top of the Board agenda due to high profile business failures, heavy regulatory pressure is increasing compliance requirements which needs to be integrated into the company internal control framework.

If this is your situation

  •  You need confidence in the quality of the information produced by your IT systems
  •  You need assistance in documenting or testing your internal controls over financial reporting
  • You need an independent review of your control structure, including identification of weaknesses and possible design enhancements
  •  You rely on financial information from a third party and need independent assurance on that information
  • Your organisation provides services to a company and you have been asked to provide a SAS 70 report
  • You are implementing—or have just implemented—a new IT system and want a review of the controls
  •  You are entering into a joint venture or other transaction and need due diligence on systems and controls
  •  You are thinking to develop an ERM function with a clear focus on operational risk management
  • You need a better view on your enterprise-wide risks and how well are they controlled
  • You need to consider the consequences of IT/business disruption and the direct effect on market reputation, revenues, market share, recovery costs, and shareholder value

How PwC can help you

Our systems and process assurance (SPA) practice provides services related to controls around the financial reporting process, including financial business process and IT management controls with a clear insight on operational risk management . Serving both audit and non-audit clients, SPA provides:

  •  Review of financial and operational business process controls
  •  Review of IT general controls
  • Third party assurance and opinion services
  • Compliance with other regulatory requirements or control frameworks (e.g., Coso, CobiT, Basle II)
  •  Due diligence on systems and controls
  •  Working with the board and senior management to implement recommendations to better manage risk
  • Risks analysis: identification and assessment of operational risks, inventory of existing controls and assessment of their efficiency, identification of corrective actions
  • Assistance for self-assessment risk analysis exercises: through structured trainings and workshops, provide awareness on risk management importance and train on risk evaluation techniques and methodology
  •  Business continuity plan implementation: Business impact analysis, strategy selection, plan development, crisis management, plan testing and maintenance

Contact us

Barry Pillans

Partner, PwC Gibraltar

Follow us