Technology audit and controls advisory

Making trust the default in technology systems and processes

As your organisation pushes forward with its automation and digitisation agenda, technology and cybersecurity risks will increasingly become significant concerns. Therefore, the impact of these risks on financial reporting must be considered during the audit process. PwC’s digital audit professionals are here to help you optimise your technology investments, while proactively managing your business risks.

How our technology audit and controls advisory services can help you

Our deep understanding of Information Technology (IT) risks in business contexts allows us to strengthen their controls and security posture to optimise their technology investment. In identifying threats, we consider the client’s business landscape to provide holistic recommendations. We have worked with companies across industries, including the top 50 listed companies in Singapore as well as start-ups, allowing us to bring rich insights to the table.

Technology audit

Our integrated audit approach is tech-enabled, people-powered and scalable, allowing key risks to be thoroughly and accurately identified. At PwC, our digital audit professionals:

  • Develop a deep understanding of the key IT systems supporting your organisation’s financial operations and reporting needs, facilitating adaptation to your technology transformation journey.
  • Collaborate with you to discuss entity-level controls relating to IT and high-level cybersecurity governance.

Where applicable, we will perform procedures over the controls you have implemented in your organisation’s support systems, followed by a review of the IT General Controls (ITGCs) over these support systems, including a consideration of whether they are hosted on-premise or on cloud.

Technology and cybersecurity risks

Technology risks and governance

Whether your company already has an established Enterprise Risk Management (ERM) program or not, it is important that technology risks are assessed against your business environment. Striking the balance between digitisation and effective risk management can help you meet your business objectives and continue to grow.

Taking your systems inventory into account, we can assist your organisation in the following ways:

  • Establishing strong risk governance in key technology areas.
  • Developing policies and procedures to help run your organisation’s own technology risk management processes.
  • Running technology risk workshops with management to facilitate brainstorming and the development of your organisation’s technology risk profile and risk register.
Technology and cybersecurity risks

Internal controls compliance

As your organisation grows, the consideration of going public is likely to arise. Prior to listing on the Singapore Exchange, PwC’s digital audit professionals can help you conduct reviews of your organisation’s technology controls to fulfil both financial and non-financial reporting objectives.

If you are looking to list in the US, PwC’s digital audit professionals can help your organisation review its technology and business processes to develop a risk-based, top-down approach to compliance with Section 404 of the Sarbanes-Oxley Act.

To ensure regulatory compliance, we can help your organisation in the following ways:

  • Internal control reviews
  • Management testing of controls
  • Documentation of your business process flows and controls within Risk & Control Matrices relating to technology.

Information technology internal audit

Whether it is to support your existing internal audit team, or to serve as your internal audit function, PwC’s digital audit professionals are here to help your organisation drive a leading-edge internal audit practice in the following ways:

  • Implement our internal audit methodology in collaboration with your organisation on your key risks.
  • Access to an experienced PwC Partner/Director to support the critical needs of your board/ audit committee.
  • Perform IT audits in identified areas of risk with a keen focus on timelines, ensuring an adjustment of the audit plan as new risks emerge.
  • Support your organisation with an optimal resourcing model to ensure the right human capital is brought in for each audit, providing access without the fixed overhead costs.
  • Deliver internal controls training to management and audit committee relating to technology risks.
  • Invest in your existing internal audit team to upskill them to perform the technology audits independently in the future.

Digital transformation risk management

Governance over digital transformation

Governance over your digital transformation is key to ensuring your new systems operate as intended. Our digital audit professionals are experienced in supporting you to ensure the following areas of risks are covered, across all types of system implementations:

  • New systems/ enhancements are sufficiently tested.
  • Data migration is performed completely and accurately from your legacy system to the new system.
  • Problems identified during the development and/or implementation are appropriately resolved.
  • Users are appropriately trained in the functionality and maintenance of the system.

Leveraging your investment for higher performance and risk management

By reviewing your existing processes either during or after implementation, we can help your organisation better leverage your enterprise technologies to automate controls, driving a higher return on investment and improving risk management.

PwC’s digital audit professionals have done this, particularly with SAP systems (including upgrades from SAP ECC to SAP S/4 HANA).

SAP risks and controls

We can evaluate the following areas of your organisation’s SAP landscape:

  • Security – supporting the design and implementation of sustainable and scalable access of management roles to secure your SAP systems. From pre- to post-implementation, we can help you:
    • Conduct a review of your SAP role design for the key segregation of duties (SOD) and restriction of data access (including assistance to build SOD access matrix).
    • Maximise SAP Governance, Risk and Compliance (GRC) technology to allow for automated provisioning via workflows and governing access to support compliance.
    • Conduct a review of your SAP access management and role management to simplify maintenance.
    • Conduct reviews relating to end user access to the High-Performance Analytic Appliance (HANA) database and security over the Fiori interface.
  • Controls integration – combining security and controls, we make sure your SAP systems are protected and meet compliance requirements. We can help your organisation:
    • Understand the current state of security and controls to develop a sustainable future state of controls.
    • Support SAP implementation by identifying key control requirements with business stakeholders.
    • Verify key security and controls during implementation, and identify controls reconfiguration needs.
    • Review existing manual controls and processes to suggest automation strategies within your SAP landscape.
Follow us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

See Hong Pek

See Hong Pek

Digital Audit and Assurance Leader, PwC Singapore

Tel: +65 9638 7021

Anthony Dias

Anthony Dias

Partner, Digital Audit and Assurance, PwC Singapore

Tel: +65 9731 1450

Nur Ashikin Ahmad

Nur Ashikin Ahmad

Partner, Digital Audit and Assurance, PwC Singapore

Tel: +65 9637 5072

Hide