Information Technology Risk Services

Accurate information is essential in any business.

Our team of professionals help organisations address the challenges and opportunities of managing IT risks in a way that is in line with your business strategy by:

Advising clients on the effectiveness of their system controls over financial information systems – and help relieve them of their concerns when it comes to financial reporting;
Evaluating clients’ compliance with the relevant security and control policies, procedures and international best practices;
Helping clients identify, implement, enhance the IT risk management capability, together with design, implement IT risk control solutions that protect their information assets and reduce their compliance cost.

How we can help

Regulation compliance check

We help you effectively manage compliance with organizational policies and regulatory requirements for each industry-specific, such as:

Banking and finance: Circulars prescribe information system security in banking operations
Securities: Circulars provide guidelines for e-transactions on securities market and standards for technical facilities of information technology systems providing online stock trading services.
Insurance: Circulars provide risk management framework, internal control and internal audit of insurance companies, reinsurance companies, branches of foreign non-life insurance companies and branches of foreign reinsurance companies

IT risk resilience

We give you the confidence to take IT risks and better respond to digital disruption or threats and IT governance changes:

Identify a complete set of IT risks portfolio cover all subjects in IT operation such as: human resources, process, technology
Perform overall assessment of the current state for the IT operation and IT risk management
Design an appropriate IT governance and risk management framework to better manage these risks
Organize training, transfer knowledge and improve capacity to identify and manage IT risks

Risk management tool

We support clients to pilot implementation some critical parts in IT risk management framework, such as:

Comprehensive regulations, standards, guidance needed
Develop risk appetite for all categories of risk and in quantifying the risk appetite thresholds. We then help organisations monitor the movement of risks identified through developing KRIs.
Templates to monitor IT risks

Recovery and Resolution planning

Provision of technical advice: We can provide you with advice on the detailed implementation requirements of the critical areas within your recovery plan. For example, conducting a strategic analysis assessment of the group or integration of recovery indicators with your current risk appetite
Draft recovery plan: We will work with key stakeholders, obtain required information and assist in conceptualising your recovery plan. We will then assist in drafting and putting together the full submission required for the recovery plan
Indepedent review of existing recovery plan on methodology, data and process.
Training on technical requirements of the required content in the recovery plan and detailed explanations on the template requirements.

External IT Audit and Outsource Internal IT Audit

Build trust and enhance confidence in the reliability of your IT controls and automated processes:
Perform risk assessment over operating process related to IT systems to identify high risk areas
Identify and validate key controls, imcluding automated controls and IT-dependent controls to meet the control's objectives, as well as any regulatory and compliance requirements
Benchmark the internal control operations against standards such as COBIT, ISO 27001
Provide technology as well as data-driven solutions to deliver more effective and comprehensive coverage thus higher assurance
Build and mature the capabilities of your internal lines of defence to effectively audit your IT controls and processes.

Staff secondment for Internal Audit

We can to help you build your IT Internal Audit capacity with experienced and skilled IT Internal Audit practitioners for an agreed period of time, leveraging on our industry experience and knowledge.

IT audit capability enhancement and training

We can help you to:

Set up an IT internal audit function or advise on internal audit transformation
Develop and enhance your IT internal audit maturity assessment
Develop a framework and relevant IT internal audit methodology to help you evaluate the impact of your internal audit function on the business and the value-added insights you can provide to your organisation
Assist in Internal IT Audit capability building by providing tailored trainings across levels i.e. beginner, intermediate and advanced levels, both including classroom and on-the-job training
Conduct training courses tailored to the needs of your internal audit function

Independent Third party/ vendor assessment

We support clients to identify possible security risks associated with the vendors and how these pitfalls can be mitigated, such as:

Data/privacy risk: Determine whether the vendor will handle or store critical information like customer, donor, or employee information.
Regulatory and compliance risk: Ensure that the vendor complies with regulatory requirements and your organization’s regulations
Operational risk: Review outsourcing arrangements and third parties using established frameworks, such as System and Organisation Controls 2 (SOC2) Trust Service Criteria to ensure compliance to service level agreements (SLA), contractual obligations and requirements.

In the media

04/12/23

Is Digital Transformation a Benefactor or Disruptor to the Audit?

Digital transformation of the audit involves the adoption of technology in the delivery of a significant portion of the audit process. Many auditors today often wonder if digitalisation will pose a threat to their career and relevance of their profession in the future. As organisations embrace technology, they demand...

14/08/23

Handling account fraud in banking

People lost billions after one phone call. Their money was transferred to the scammers' bank accounts, but it was not easy to reclaim/withdraw. How do banks deal with these types of fraudulent account?

01/11/22

Challenges in big data audit

Big data (DLL) audits are facing great challenges from technology, human resource, and security. To solve these hindrances, it requires businesses (enterprises) to invest in technology and infrastructure, and auditors need to improve their competency and focus on cybersecurity measures.

14/11/19

Banks need to step up third-party risk management

The Vietnam Banks Association together with PwC Vietnam organised a workshop themed “Managing third-party risks under Circular 18”.

09/12/18

IT risk management

IT Risk Assurance Director Nguyen My Hanh talked about the necessity of managing IT risks for SMEs and with whom the responsibility lies. Source: VTV.

10/11/18

Brick-and-mortar vs. e-commerce

Nguyen My Hanh - IT Risk Assurance Director weighed the pros and cons of running a brick-and-mortar vs. e-commerce business. Source: VTV.

23/04/18

Unlocking the power of data

"...data analytics has become one of the top priority issues for business leaders to unlock the corporate potential, as well as managing costs and decreasing risks," Nguyen Thanh Hai - IT Risk Assurance Senior Manager wrote.