There has been countless examples of businesses brought to their knees by a lack of foresight or poor IT and crisis management. These events highlight the shortcomings of traditional risk management and lack of capabilities, tools and approach in organisations needed to survive and prosper in an age of uncertainty. Business resilience builds on the principles of business continuity but extends much further to help enhance your organisation’s immune system so you are able to tackle challenges, fend off illness and bounce back more quickly.
Companies are more and more relying on systems and technology which are outsourced to specialised third party providers such as data providers, distributed ledger technology platform, IT infrastructure and cloud computing resources. They are also struggling keeping a sustainable and monitored internal IT control environment. IT attestation report is the solution to restore the level of trust with internal and external parties and, to take your IT control environment to the next level.
In addition, with the recent introduction of new regulatory and compliance requirements, many organisations are struggling to understand, react, and respond to the implications of these standards.
PwC’s IT Attestation practice helps organisations satisfy third-party risk and compliance assurance requirements and demonstrate the integrity of their control environment. Our team can provide IT controls reports using ISAE3000 and SOC2 standards on the following domains:
IT outsourced activities
Blockchain (Crypto and Smart Contract)
Data management and Data Governance
Local and European regulatory requirements
"Business Resilience is the organisation's capacity to anticipate, prepare, react and adapt in periods of crisis."
The Covid-19 outbreak has been declared a public health emergency of international concern by the World Health Organisation, causing huge impact on people's lives, businesses and communities.
This situation has put in the spotlight, either positively or negatively, the organisations capacity to anticipate, prepare, react and adapt in periods of crisis. Business Resilience is all about that!
To assist you in this journey, our team has developed practical expertise and customised solutions to help organisations in Luxembourg, and around the world, build resilience solutions that work in practice, from capability reviews to crisis rehearsals.
BCMS & Crisis maturity assessments
Review and update of the Crisis Management, BCP and DRP plans
Test yourself through “Live” Crisis Simulations and Virtual Reality technics
Make your employees people aware and trained
Audit your IT systems and Critical Third Party Provider
Use new technology to facilitate your BCMS management
Use of Computer Security Incident Response Team
Use of Forensic support
Apply the right communication skills and have an adequate stakeholder mapping (incl. social networks)
Use of Data Breach detection & notification technics
Prepare your HR for psychologist assistance
Legal and regulatory (CNPD, CSSF, ECB)
New normal assistance (HBW) / Covid360° assessment
Update your plans with lessons learned (BCP / DRP)
Review your IT recovery strategy and “looking around the corner”
Review your insurance agreements
Market and brand review
What is the plan if someone infected or exposed to the virus comes to the office?
Should you activate your Business Recovery Center in a quarantine context?
Have you limited/stopped staff and clients events?
Are you carrying out training or information sessions to educate your team?
Have you implemented additional sanitary or health measures in your premises?
Do you have a crisis communication plan to notify stakeholders on the latest developments?
Have you hired a specialised disinfection company to clean up your building?
Have you placed hydroalcoholic gel in all key areas of your buildings (e.g. main entrances, stairs, toilettes)?
Do you have paper towels in restrooms?
Is there a procedure for employees to declare professional and private travels?
Have you set up an information mechanism for your team to keep up to date on the latest developments of the outbreak, for instance, the list of countries considered as risky?
Are you monitoring travels in affected countries?
Have you defined procedures of guidance before, during and after a trip?
Are IT systems ready to handle a large amount of remote connections (i.e. VPN, Citrix)?
Do your employees know how to remotely connect flawlessly and the IT Security rules when teleworking?
Are key software applications available remotely?
Are your Business Continuity Planning (BCP) / Disaster Recovery Planning (DRP) up to date?
How do you count a day at home?
Where will the individual working at home be subject to social security (25% rule)?
How to organise administrative obligations (e.g. A1)?
What's the consequence of moving social security systems (cost benefits administration)?
Are there social security planning opportunities?
Consider these questions when implementing the quarantine,
Our reliance on technology to enable day to day activities has skyrocketed; we check into flights on-line, access hotel rooms with our mobiles, do online banking. We don’t really think about it until something goes wrong. In the past, companies could be forgiven for occasional system interruptions. Not anymore. With so much of our lives dependent on technology, the ability to “keep the lights on” is becoming a business imperative.
But organisations are challenged by the complexity of the IT services, with layers of infrastructure and multiple service and process interdependencies. And they face the increasing frequency and sophistication of cyber attacks. You need a holistic view of the IT landscape, of all your IT risks and you need to design the right IT governance and IT risk management processes to better manage the risk.
At PwC Luxembourg, we have developed a number of solutions and expertise that help you overcome these challenges and we can assist you on the following domain:
Cyber security audit (ISO27001, NIST, Swift CSP)
IT Licensing management review
Project / migration assurance
Data Privacy IT audit
End User Computing (EUC) management review
IT system audit (e.g. SAP, Olympic, T24, Avaloq…)
IT risk and regulatory gap assessment
Cloud Computing audit
IT Outsourcing review
The economic environment is changing, triggered by ongoing disruption from emerging technologies and new operating models, the change driven by new market entrants or an increase in the customer expectation level.
In this context, the internal audit function has to deliver insight and value into key current and emerging risk areas of your business.
Through the below process, PwC Internal Audit specialists can assist you to deliver insight and value the audit of your IT universe.
We will support you to perform the preliminary IT assessment based on COBIT 2019 framework, in order to identify the most relevant IT domains for future IT Internal Audit missions.
In order to define the detailed scope of IT Internal Audit missions, we propose to use a set of 12 IT Internal Audit Domains, that is based on several best practice frameworks and regulatory requirements (e.g. COBIT, CIS, ISO 27k, NIST, EBA Guidelines), for which we have identified the key areas to be in scope of the review.
PwC can support you during the IT reviews, through different tailored solutions:
PwC can support your Internal Audit department to enhance his activity with new solutions:
Director, IT Risk & Resilience and Crisis Management Lead, PwC Luxembourg
Tel: +352 62133 41 81
Partner, Digital Audit, IT Risk and resilience, Assurance Data and AI Lead, PwC Luxembourg
Tel: +352 49 48 48 5287