Systems and Process Assurance (SPA)

In today’s business world, IT and financial reporting environments are becoming increasingly complex while even greater reliance is being placed on the information produced by these systems and processes. In addition, new regulations in many countries have put a greater emphasis on internal controls and often require independent assurance of the design and the operating effectiveness of internal controls.

Attention to the design, documentation and operation of controls is critical to ensuring the accuracy and timeliness of information used for financial reporting and management decision-making.

Our services enable organizations to gain comfort that their systems, processes and risk management procedures are operating effectively within a well-controlled environment.

If this is your situation

  • You need assurance of the quality of the information produced by your IT systems.
  • You need assistance in documenting or validating your internal controls over financial reporting.
  • You need an independent review of your control structure, including identification of weaknesses and possible design enhancements.
  • You rely on financial information from a third party and need independent assurance on that financial information.
  • Your organisation provides services to a company and you've been asked to provide a SAS 70 report.
  • You are implementing — or have just implemented — a new IT system (e.g. in-house developed / ERP like SAP) and want a review of the system settings and application controls.
  • You need assistance in the implementation of IT systems including data migration.
  • With system changes and complex legacy systems, you want to prevent a controls breakdown.
  • You are entering into a joint venture or other transaction and need due diligence on IT systems.
  • You have just had a major accounting breakdown in terms of IT system and want to identify and rectify.
  • You want to ensure that your IT risk management framework is effective.

How PwC can help you

Our Systems and Process Assurance (SPA) practice provides services related to the controls around the financial reporting process as well as the operational systems. SPA provides:

  • IT general controls reviews;
  • Pre and post implementation systems reviews;
  • Compliance with regulatory requirements and local regulations (e.g. MCTI order no 389/2007, CSA order no 18/2009);
  • Data analysis services (using ACL and other CAATs);
  • Operating system, network and database security controls reviews;
  • IT due diligence;
  • Business process controls reviews (both related to finance and operation applications);
  • Assurance that adequate controls are in place to mitigate key risks facing the business;
  • A comprehensive, independent report on controls that can be used by third parties (SAS 70);
  • Sarbanes-Oxley readiness, process improvement and sustainability services;
  • Assistance in preparing policy and other documents (e.g. security policy, disaster recovery plan);
  • Project assurance services;
  • Assistance in ERP implementations including assistance in ensuring local statutory regulation compliance.