Systems & Process Assurance (SPA)

In today’s business world, IT and financial reporting environments are becoming increasingly complex, while even greater reliance is being placed on the information produced by these systems and processes. In addition, new regulations in many countries have placed a greater emphasis on internal controls and often require independent assurance of the effectiveness of internal controls.

Attention to the design, documentation and operation of controls is critical to ensuring the accuracy and timeliness of the information used for financial reporting and management decision-making.

If this is your situation

You need confidence in the quality of the information produced by your business processes and IT systems.
You need assistance in documenting or testing your internal controls over financial reporting, operations or compliance.
You lack confidence in some of your systems interfaces or the quality of data.
You need an independent review of your internal control structure, including the identification of weaknesses and possible design enhancements.
You rely on financial information or the processing from a third party and need independent assurance on that information or the third party's controls.
Your organisation provides services to a company and you've been asked to provide a SAS 70 report.
You are implementing - or have just implemented - a new process or IT system (e.g. ERP) and want assurance that the project runs well, that the process or system will achieve the desired business benefits and that it will have appropriate controls built into it.
You are entering into a joint venture or other transaction and need due diligence on systems and controls.

How PwC can help you

Our Systems and Process Assurance (SPA) practice provides services in relation to controls surrounding the financial reporting process, business processes and IT management controls. Serving both audit and non-audit clients, SPA provides:

Financial and operations application/business process control reviews, including services to design or optimise controls
IT general controls and information security reviews, covering IT management processes (e.g. based on standards such as ISO 27001&2, COBIT, ITIL or ISF) as well as technical security at the operating system, database and network levels
Third-party assurance and opinion services (SAS 70, SSAE 10, SysTrust, ISA 3402 or other)
Sarbanes-Oxley readiness, process improvement and sustainability services (also for e.g. the Japanese equivalent of SOX, the Swiss ICS)
Compliance with other regulatory requirements (e.g. Turnbull, Basel II, King)
Due diligence work on systems and controls
Pre- and post-implementation reviews for new ERP systems, processes etc.
Project management assessment and assurance services
Data services (e.g. CAATs, data quality reviews)

Audit & assurance

Contacts

Ingvar Van Droogenbroeck: Partner; Tel: + 32 (0)2 710 7204

How do stakeholders & boards manage their risks? Find out & view our webcast as a result of the PwC 2012 State of the Internal Audit Profession Study.