IT Risk & Compliance

Optimising risk-driven opportunities

42% of respondents indicate that limitations of their organization's IT systems have a significant impact on their ability to manage risk exposure.

50% of organizations have invested more in IT systems upgrades in response to risk exposure

In today’s competitive business environment, IT systems are critical investments that are essential to running a successful organization. Whether pursuing complex technology transformation, improving operational efficiencies, leveraging data to make insightful decisions, or staying compliant with vast regulatory obligations, businesses are increasingly faced with navigating risks associated with their systems.

 

Key issues

Security of business data in applications

Your organisation's financial and business data is vulnerable if too many people have access to system functionality, if monitoring is poor or if preventive controls are not in place.

Errors can creep into financial and business data and without the right detection and control mechanisms, they may not be found and corrected in time. A security and controls review can help make sure your financial and business data remains accurate, giving you the confidence to make the right decisions.

IT General and Application Controls Review

Weak controls

Regulators are increasing the pressure on organisations to make sure that their business processes are robust, particularly within finance systems. But this isn’t just about compliance. The accuracy of data and robustness of processes (and the controls around them) are critical to the success of an organisation, whether a regulator actively demands it or not.

Whether you’re implementing a new system and want to be sure that the security and controls are appropriate, or want to be confident that your existing processes and controls are effective, a review of business systems security makes sense. Most internal audit plans cover elements of auditing technology solutions but increasingly, systems security and control assurance demands specific technical knowledge.

IT Governance Review

ERP Assurance

Development of IT Policies and Procedures

IT General and Application Controls Review

Internal Controls Optimization

Ensuring that IT enabled projects meets its objectives

When you invest in a new system you want to be sure that it starts its life in the best possible shape. That means feeding it clean data, setting out well-defined processes, and rectifying years of poor practice that have built up on legacy applications. But that shouldn't be a one-off exercise.

Our risk-based IT controls review will help protect the integrity of your investment for the longer term. 

IT Governance Review

ERP Assurance

IT General and Application Controls Review

Pre and Post System Implementation Review

Auditing in the modern IT environment

In an increasingly complex and technical IT environment, internal audit functions can benefit from the addition of key skills and technical insights.

We can provide audit services from highly experienced specialists in SAP, Oracle, Microsoft Dynamics and JDE, and will quickly get to grips with new and bespoke systems.

IT General and Application Controls Review

Use of technology to optimize processes and controls

Organizations often invest in costly technologies but are not making the most of their investments.

Our controls optimization services helps you identify and replace time-consuming manual controls. Process mining visually reconstructs your end-to-end processes, using your own data, to help you understand how the system works and where the problems are. And when you understand it, you can fix it.

Internal Controls Optimization

Use of IT for compliance

Emerging technologies and the increased digitization efforts of organizations also increased the expectation for internal audit and compliance functions to provide value and insights to the business.

With our compliance services, you can have the confidence that the technologies you choose are meeting regulatory and compliance requirements and mitigating any security risks. 

Development of IT Policies and Procedures

IT General and Application Controls Review

Cloud Management Audit

Having the right IT foundations for the business

Fragmented technology can hold back ideas and prevent your organisation meeting its objectives. If your IT enabled projects are implemented in a standardised way and prioritised well, you can have more confidence that you will achieve your wider business goals.

IT Governance Review

IT General and Application Controls Review

Understanding risk across integrated technology platform

The lack of a common risk language fragments the three lines of defense across the enterprise. This leads to preconceived conclusions and unsound management of risk.

With our IT risk and governance services, we can help your organization integrate risk management across your business units and gain untapped efficiencies with your current resources.

ERP Assurance

IT General and Application Controls Review

Increased attention for security and privacy at Boards and Audit Committee levels

As cybersecurity incidents become more common, this has become a real threat to organizations and gained the attention of board-level management and audit committees pushing them to strengthen their cybersecurity defenses to prevent irreversible damage such as data breaches and data leakage which would have an impact on the organization’s reputation.

NIST CSF Assessment

ISO/IEC 27000 Assessment

ISO/IEC 27005 Risk Assessment

Increased reliance on third parties to drive cost effectiveness

There is an increase in the number of organizations that now use cloud services to house their data and applications, the reason being the efficiencies this service provides and the cost-effectiveness of this setup. With these in mind, organizations have to ensure that data and transactions processed through the cloud service are within the organization’s cybersecurity standards to protect customer data and other critical information.

Cloud Management Audit

SWIFT Customer Security Program

How we can help

IT Governance Review
  • Aid in aligning IT with organizational goals and strategy
  • Help convert strategic goals into IT projects
  • Aid in project portfolio management, performance measurement and in demand management (demand for IT services by other departments)
  • Optimize IT operations and increase project visibility
Enterprise Resource Planning (ERP) Assurance

Give assurance on ERP systems and improve reliability and functionality at implementation, migration, upgrades and operation. ERP Assurance includes technical configuration review for different application platforms such as SAP, Oracle, JD Edwards, among others.

Development of IT Policies and Procedures Manual
  • Provide clear framework, rules and guidelines for decision-making
  • Provide consistent and clear response in performing control activities
  • Retain institutional knowledge when employee leaves the company


IT Generals and Application Controls Review
  • Improve basic internal controls over IT management practices
  • Benchmark IT practices against global IT framework/standards (e.g COBIT, ITIL)
  • Comfort over integrity and reliability of transactions processed through IT systems

 

Internal Controls Optimization (ICO)
  • Help management assess, remediate and enhance internal control over reporting systems and business processes
  • Review of internal control system and identification of areas for possible improvement

 

 

System Implementation Assurance
  • Project risk assessment to identify key risks and areas for management focus
  • Pre-implementation review of resources, project plans, timelines, central designs, and conversion techniques prior to implementation activities to provide comfort around the project prior to commencement
  • Data migration review for independent testing or data integrity from old to new system
  • Go-live assessment to determine if key implementation activities, including system security and compliance with laws and regulations have been completed prior to cutover of new system
  • Post-implementation review to verify planned outcomes in the earlier stages of the project are in place and operating as intended

 

 

 


Security Assessments

Have your organization been required to comply with international standards or assess currently placed controls for overall improvement of policies and implementation.

Learn more

 

Cloud Management Audit

We conduct gap assessments to ensure that information placed by an organization in the cloud is maintained with sufficient security controls, complies with contractual requirements, and implements appropriate vendor risk assessments that highlight controls.

 

 

Contact us

Maria Rosell S. Gomez

Maria Rosell S. Gomez

Risk Assurance Leader, PwC Philippines

Tel: +63 (2) 8845 2728

Lalaine Aviles

Lalaine Aviles

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Dyan Rose Esguerra

Dyan Rose Esguerra

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Desiree Ann Beltran

Desiree Ann Beltran

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Nicole Erezo

Nicole Erezo

Risk Assurance Assistant Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Archelle Marie Azuro

Archelle Marie Azuro

Risk Assurance Assistant Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide