Technology is an important enabler of business transformation. To assist you in getting value from technology investments, we bring together the skills to deliver improvements in processes, as well as the knowledge in IT strategy, IT architecture and design and IT operations management.

In today's business world, companies must be able to trust the accuracy, integrity and timeliness of the corporate information they use for financial reporting and management decision-making.

This means that they must pay particularly close attention to the design, documentation and operation of their internal IT systems and controls. They need know that their systems, processes and risk management procedures are operating effectively within a well-controlled environment.

PwC Gibraltar has worked on the IT systems of leading banks, telecom, insurance and online gaming companies delivering IT general controls assurance services.

If you need:

  •  Assistance in documenting or testing your internal controls over financial reporting;
  • An independent review of your control structure, including identification of weaknesses and possible design enhancements;
  • To provide a SAS 70 report;
  •  A review on controls inbuilt into a newly implemented  IT system;
  • Due diligence on systems and controls;
  • To develop an ERM function with a clear focus on operational risk management;
  •  A better view on your enterprise-wide risks and how well are they controlled; and
  • To consider the consequences of IT/business disruption and the direct effect on market reputation, revenues, market share, recovery costs, and shareholder value.

Our Systems and Process Assurance (SPA) practice focuses on helping clients address these issues. Specific advisory services include:

  • Compliance with other regulatory requirements or control frameworks (e.g., Coso, CobiT, Basle II);
  • Computer and database security controls assessments and recommendations;
  • IT General Controls assessments and recommendations;
  • Infrastructure security assessments and recommendations;
  • Risk analysis on overall IT system and controls including recommendations - identification and assessment of operational risks, inventory of existing controls and assessment of their efficiency, identification of corrective actions;
  • Risk analysis training - increasing the awareness on risk management importance and informing participants on the different risk evaluation techniques and methodology; and
  • Business continuity plan implementation - business impact analysis, strategy selection, plan development, crisis management, plan testing and maintenance.

Contact us

Duane Ellul

Senior Manager, PwC Gibraltar

Tel: 20066842 ext 140

Follow us