The digital age has opened up new ways of communicating, sharing, banking, shopping, finding information and socialising. As we become more digitally connected, digital crime is on the rise - online espionage, phishing and fraud are thriving. This triggers questions such as ‘Can consumers trust technology?’ and ‘Can they trust companies to take responsible steps to protect their interests and personal data?’
In this environment, we found the opportunity to use our audit skills to give assurance that the technologies we use are safe and secure. We focused our efforts on three key areas - electronic payments, privacy and ethical and responsible use of data.
Electronic payments like e-wallets simplify and secure transactions making it safer for both customers and businesses. But businesses need to ensure that e-wallet platforms are safe from potential threats. We have worked with clients to help them with their existing practices and ensure that any loopholes or threats to their ecosystem are neutralised. This ensures that their users can trust their services and have peace of mind when using their online platforms.
Case study 1:E-banking and Internet Insurance assessment requirement by Bank Negara Malaysia (BNM) A bank was undergoing a series of digitalisation programmes with the objective of bringing better banking services and experience to consumers. As required by BNM, all enhancement and changes to digital and electronic banking services will now require a risk assessment by an External Service Provider (ESP) to ensure confidentiality, integrity and availability of the services. PwC was engaged to play the External Service Provider (ESP) role and we were able to improve risk management, control and transparency in key areas before the product roll-out. As an External Service Provider, we have decided to look beyond the minimum controls prescribed by BNM and employed a “threat led” approach to identify risk and exposure of products and services offered by the institution - we call it the “digital risk”. We started by understanding the digital ecosystem of the product, map out data most likely to be stolen, identify the “attack surface” i.e.vector where perpetrators could launch an attack. This is done before evaluating systems and processes implemented by financial institutions to determine if it is sufficient to deter an attack to their digital platforms.
Outcomes of the engagement included identification of key issues and recommendations, and above all, a Board that is more informed on security risks. Some examples of recommendations include:
|
Despite best efforts, data breaches can still occur. Examples include information loss through a lost or stolen laptop or pen drive, sending emails to the wrong recipients, hacking or phishing attacks. Some of our past work include helping our clients prepare for these tough situations through assessments and readiness exercises to ensure that they have the right expertise and capabilities to respond in the event of a data breach.
Ethical and responsible use of data includes collecting and analysing customer data and deciding on where to draw the line on data collection. Guidelines on the use of data are in their early days and are still evolving. Because of this, most businesses are unsure of what data they actually need to be collecting. There is a fine line between collecting sufficient data to give a personalised experience and infringing on their privacy. We have helped clients to assess and determine how to strike that delicate balance without affecting their data-driven processes and running the risk of damaging their brand should a case of misuse of personal data occur.
Case study 2:We assisted the largest insurer in the Asia Pacific region in implementing a Data Protection and Privacy Framework for the entire Group Operations and customer channels, spanning 18 markets across 15 countries. We started with a review of the entire “data lifecycle” to understand the organisation's current data-handling procedures - from cradle to grave - and identify lapses and gaps from the perspective of people, process and technology. Our deliverable was a detailed analysis of privacy and regulatory requirements for each country where the company has its operations and developed a Target Operating Model (TOM) covering people, process and technology. This includes working with management to strategise on how to operationalise the TOM to strengthen the company’s data-handling practices, from its frontliners e.g. customer service centres, to the back office operations e.g. finance, IT, and contact centres. |
Project Pivot is a new cloud based Data & Analytics (D&A) platform to harness the power of data. It was developed through a collaborative effort by our Asia Pacific network of firms since 2018. The outcome of the collaboration is that we can now digitalise our audit and assurance services to deliver insights with greater efficacy and efficiency.
In FY2019, Project Pivot successful launched the Financial Processes Analysis (FPA) application. It covers six core financial processes (listed below), perform data quality assessment, and has over 80 standard D&A test cases that are ready to use, without customisation.
General Ledger
Procure to Pay
Order to Cash
Working Capital
Employee Expenses
Payroll
We can now offer FPA to help our clients work through large sets of data; facilitate business insights; and make sense of what their business data is telling them to aid better decision-making at different levels of their organisation.
As FPA was built based on standard functionalities that can be applied across industries, it makes deployment easier and more efficient compared to customised D&A solutions.
We have already piloted FPA for a number of our clients and the results are very encouraging. The plan is for us to continue innovating to meet local market demands, and offer FPA through our client service channels.
We appreciate the coverage and depth that PwC’s D&A solution provides. It gives me comfort that anomalies and outliers are being flagged for investigation.
PwC has shown us some impressive analytics, we need to move forward as an organisation to adopt these capabilities to maximise our potential.
Increasingly, we have seen organisations tackle changes related to transactions such as debt or equity funding, divestitures, restructuring or even bankruptcy, and encountering complex accounting and financial reporting challenges. The Assurance leadership saw an opportunity to leverage our competency and provide assistance to clients that may face such situations.
A focus unit in the form of the Capital Markets and Accounting Advisory Group (CMAAS) will enable us to help clients manage change, safeguard compliance, and optimise the quality and efficiency of their accounting function, no matter where or how they do business.
Here are some of the services CMAAS can help our clients with:
Embed new standards and processes
Standardise IFRS conversion and integrating your reporting
Update accounting tools and function, including in-house training
Support with recurring accounting and reporting compliance
Click here for more information about CMAAS.
No longer confined to just software development, the concept of using agile practices as an enabler to encourage flexibility and responsiveness to fast-paced changing markets has been gaining popularity. However, effectively using the agile concept as a catalyst for large-scale transformation remains a challenge as agile mindset and practices, cadences and pace needs to be tailored to suit each individual or9ganisation.
PwC Malaysia’s Consulting practice responded to this client need through the Agile@PwC SEAC (South East Asian Consulting) Impact Centre. What makes our SEAC Agile Impact Centre unique is our approach to tackling Agile transformations of all scales cross-geographies and cultures in South East Asia. Solutions are tailored to the needs of the local market – taking into consideration the 3C’s: Country cultural context, Company cultural context and Community cultural context. Applying the 3C’s as a foundation, the SEAC Agile Impact Centre have designed a roadmap that allows organisations to navigate their way through the various stages in the Agile transformation lifecycle.
The guiding principles which underpin any Agile transformation the SEAC Agile Impact Centre delivers are concentrated on:
Follow this link to read more about the SEAC Agile Impact Centre’s perspective on all things Agile.
“The greatest impact of the PwC's SEAC Agile Team is their ability to take a live project and create in a co-design space with us. A number of ‘real time’ case studies were used as the basis of the Agile upskilling, then translated to ‘learning on the job’ delivered through an established coaching domain. And we were able to measure direct tangible and intangible outcomes.”