{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
As the business environment becomes more complex, resilience continues to climb the agenda of organisations.
There has been countless examples of businesses brought to their knees by a lack of foresight or poor IT and crisis management. These events highlight the shortcomings of traditional risk management and lack of capabilities, tools and approach in organisations needed to survive and prosper in an age of uncertainty. Business resilience builds on the principles of business continuity but extends much further to help enhance your organisation’s immune system so you are able to tackle challenges, fend off illness and bounce back more quickly.
IT Audit and IT Risks management
Our reliance on technology to enable day to day activities has skyrocketed; we check into flights on-line, access hotel rooms with our mobiles, do online banking. We don’t really think about it until something goes wrong. In the past, companies could be forgiven for occasional system interruptions. Not anymore. With so much of our lives dependent on technology, the ability to “keep the lights on” is becoming a business imperative.
But organisations are challenged by the complexity of the IT services, with layers of infrastructure and multiple service and process interdependencies. And they face the increasing frequency and sophistication of cyber attacks. You need a holistic view of the IT landscape, of all your IT risks and you need to design the right IT governance and IT risk management processes to better manage the risk.
At PwC Luxembourg, we have developed a number of solutions and expertise that help you overcome these challenges and we can assist you on the following domain:
- Information and cyber security audit
- IT Licensing management review
- Proactive & Migration Assurance
- Data Privacy IT audit
- End User Computing (EUC) management review
- RPA audit
- IT system audit (e.g. SAP, T24, Avaloq, AS400, Olympic, Oracle…)
- IT risk and regulatory gap assessment (e.g. NIS2, PSD2, PCI-DSS, Swift CSP)
- Cloud Computing audit
- IT Outsourcing / Third Party Risk Management audit
IT for Internal Audit
The economic environment is changing, triggered by ongoing disruption from emerging technologies and new operating models, the change driven by new market entrants or an increase in the customer expectation level.
In this context, the internal audit function has to deliver insight and value into key current and emerging risk areas of your business.
PwC IT Internal Audit specialists are industry agnostic and expert in EU and local regulatory requirements (e.g. DORA, PCI-DSS, PSD2, NIS2, CSSF IT circulars...) and in reviews such as ITGC's, BCP/DRP, information and security, licence management, end user computing EUC's. They can assist you in either outsourcing or co-sourcing mode with for instance:
- Preliminary assessment of your IT internal audit universe;
- Prioritisation of in scope areas for IT reviews;
- Developement of your IT audit roadmap within your 3 years audit plan ;
- Designing of targeted and impactful work programs;
- The Usage of new tools / new approaches;
- Keeping IT internal skills and competencies up to date;
- Having deeper and more insightful findings, based on your IT universe;
- The automation of audit observations followup.
IT Attestation Report and IT Assurance Report
Companies are more and more relying on systems and technology which are outsourced to specialised third party providers such as data providers, IT infrastructure, cloud computing resources and distributed ledger technology platform. They are also struggling keeping a sustainable and monitored internal IT control environment (ICF) and, IT assurance report is one the best solution to restore the level of trust with internal and external parties and, to take your IT control environment to the next level.
Our PwC’s IT Attestation practice helps organisations satisfy third-party risk management (TPRM) and compliance assurance requirements demonstrating the integrity of their control environment. Our team can provide IT controls reports capabilities using ISAE3000 and SOC2/3 (Type 1 and Type 2) standards to give the management of a service organization, user entities and others users of the report with assurance over controls at a service organization relevant to the security, availability, processing integrity confidentiality and privacy.
The following domains and requirements can be considered when issuing a IT Controls Report:
- DORA
- NIS2
- DLT and Smart Contract
- Swift CSP
- Cyber security controls
- Data management
Business Continuity, Crisis Management and Resilience
Business Resilience is the organisation's capacity to anticipate, prepare, react and adapt in periods of crisis. We see Business Continuity Management as an integral part of the operational risk management in an organisation.
Our team is led by experienced professionals with in-depth business experience, and our goal is to provide high quality, pragmatic solutions that are easy to use, and provide value for money.
In particular, we assist our client in the following crisis steps:
Prepare to be Resilient
- BCMS & Crisis maturity assessments
- Review and update of the Crisis Management, BCP and DRP plans
- Test yourself through “Live” Crisis Simulations and Virtual Reality technics
- Make your employees people aware and trained
- Audit your IT systems and Critical Third Party Provider
- Use new technology to facilitate your BCMS management
Respond to stay Resilient
- Use of Computer Security Incident Response Team
- Use of Forensic support
- Advice on the right communication and the definition of your Crisis stakeholder mapping
- Use of Data Breach detection & notification technics
- Legal and regulatory (e.g. CSSF, CNPD, ECB...)
Emerge Stronger, emerge Resilient
- Update your BCP/DRP plans using lessons learned
- Review your IT recovery strategy and “looking around the corner”
- Market and brand review
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Follow us
