Risk assurance service
www.pwc.com/vn
www.pwc.com/vn
©2018 PwC (Vietnam) Limited. All rights reserved. PwC refers to the Vietnam member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.
How PwC can help your organization navigate risksin Vietnam
Hanoi: Floor 16, Keangnam Hanoi Landmark 72, Pham Hung Road, Nam Tu Liem DistrictHanoiTel: +84 24 3946 2246
Ho Chi Minh City: Floor 8, Saigon Tower29 Le Duan Street, District 1Ho Chi Minh CityTel: +84 28 3823 0796
PwC Offices in Vietnam
Effective risk management solutions to help
meet your strategic objectives
PwC risk assurance practice
Boards of directors and executive management teams
recognize the important role effective risk
management plays in meeting their organizations’
strategic objectives. Complex issues like globalization,
business model evolution, upgraded IT systems, the
shifting regulatory landscape, and higher stakeholder
expectations all present significant risks that can
prevent a company from reaching its strategic goals.
PwC understands that significant risks are probably
not confined just to niche areas within your
organization but more likely exist throughout it. Such
risks can have a wide-ranging impact across your
organization. To help you identify and combat them,
PwC's Risk Assurance practice has developed a
comprehensive approach that helps you protect your
business, facilitate your strategic decision-making, and
improve your efficiency. Our Risk Assurance
professionals complement this broad-based approach
with their wealth of risk and controls technical
knowledge and sector-specific experience. The result is
a risk solution built to meet your unique needs.
Our Risk Assurance practice helps you:
• Leverage industry and technical expertise to help you manage your business risks effectively
• Assist in assessing project risks and controls
• Enhance your internal audit functions so that they align to your company’s strategy and risk
• Reduce your costs through strategic internal audit outsourcing and co-sourcing solutions
• Increase the value and reduce the costs of your compliance-related activities
• Identify untapped opportunities to effectively mitigate your risk and improve your business performance
• Apply Enterprise Risk Management concepts to help identify, assess, mitigate, and proactively counter emerging risks
1 2
Helping clients obtain effective, value oriented, future-facing internal audits.
• Outsourcing services• Co-sourcing services• Staff augmentation/secondments• Internal audit (IA) advisory • Methodology: risk assessment, planning and execution
• Resourcing models • Effectiveness and productivity reviews
• Corporate governance
PwC risk assurance service in Vietnam
3 4
Internal audit service
Helping clients as they build risk-resilient businesses through better identification, measurement, mitigation and the optimal leverage of risks for business benefit.
• Business continuity• Risk management• Regulatory compliance• Fraud risk and controls
Business resilience
Helping clients build internal and external confidence in their business performance, both financial and non-financial, through the provision of independent advice and assurance.
• Commercial assurance• Sustainability and climate change• Third party assurance using recognized standards e.g.
ISAE 3402
Performance assurance
Helping clients manage their risks and unlock value from the treasury function.
• Optimizing treasury and cash governance, risk and effectiveness frameworks
• Addressing the accounting and reporting implications of transactions
• Risk and controls advice on issues of working capital and cash management
Corporate treasury and commodity solutions
Helping clients design and implement IT risk and control solutions that reflect a complex and fast-changing technological landscape and leverage investment in IT for maximum business benefit.
• IT risk and governance• IT risk and security• IT internal audit/staff augmentation• ERP controls and assurance • Data and reporting assurance• Project assurance
IT risk assurance
Helping clients in their design, implementation, testing and optimization of their internal control environment, including the provision of advice, analysis and improvement plans, in the context of business change, regulation or the challenge of returning investment value.
• Control design and effectiveness assessment• Controls advisory (standardization, automation,
integration and optimization)• Design and review of standard operating procedures• Design and review of schedule of authority
Business controls advisory
The role of IA continues to evolve, driven by many factors including economic conditions, globalization, and new and emerging risks. These scenarios are creating a dynamic environment and new opportunities for internal audit to demonstrate its value. Internal audit has to drive value creation.
Our PwC internal audit professionals bring the right mix of internal audit experience, industry-specific knowledge and highly technical specialized skill sets into your internal audit function. We can help you to improve the performance of your internal audit function so that it provides sufficient comfort to the Audit Committee and ensure that the internal audit team are tackling the right risks, as well as improving and aligning your governance, risk and control frameworks. We can provide independent advice to your Board, the Audit Committee, management and regulators on your organizational risks and the state of your controls, and work with you to implement any improvements that are needed.
16
Internal audit servicesCo-sourcing / outsourcing services
Providing direct IA services leveraging PwC’s technical internal audit skills, subject matter and industry knowledge, and on- and off-shore sourcing.
• Full outsourcing including a dedicated, industry knowledgeable core service team
• Co-sourcing of selected technical, geographic or industry-specific capabilities
Our solutions range from complementing your in-house internal audit function with our industry specific capabilities or wide geographical coverage to full outsourcing of your internal audit function.
Impact:
• Improve the capability, capacity, flexibility and effectiveness of company internal audit functions
• Deliver improved risk coverage and flexibility to respond to emerging risk while reducing overall cost
• Raise the value able to be delivered by the IA function and the relevance of the function within the company
• Support ongoing innovation in internal audit execution and ongoing risk management
IA advisory
• Methodology: risk assessment, planning and execution
• Resourcing models• Effectiveness and productivity reviews
Improving productivity and effectiveness of internal audit.
Consulting as IA practitioners to add value and enhance existing internal audit processes.
Prevention, detection and investigation of fraud including development of a fraud risk assessment.
Working with internal audit functions to perform risk assessments and redesign their audit plans and approach so that these are aligned with the business strategy and the areas driving shareholder value.
Advising on internal audit strategy and transformation to reduce cost, improve performance, increase accountability and develop metrics.
Providing an independent quality review of existing internal audit functions and their strategies.
Impact:
• Reduce cost, improve performance, increase accountability, and develop metrics
• Benchmark IA performance• Enhance IA methodologies • Develop and enhance fraud risk assessments • Audit technology implementations• Quality assurance reviews to assess conformance with IA
standards
Staff augmentation / secondments
Providing our people to be managed by you.
Impact:
• Improve effectiveness and efficiency of IA by gaining access to the right resources at the right time to meet company needs
• Utilize industry and subject matter knowledge Corporate governanceAnalyse, advise and assist in implementing Corporate governance system at entity level and activity level.
Impact:
• Improve the transparency of report, internal control, ensure equality among stakeholders within enterprises
5 6
Today is the digital age. Investing in IT systems is a fundamental part of many organizations. However, in making technology investments, there are at least three key hurdles to overcome: making the right technology choices; acquiring adequate funding; and realizing the full value of the investment after implementation. Additionally, these challenges must be addressed in an environment of complex global supply chains, ever increasing regulation, and a challenging economic environment.
With our broad and varied experience in IT project management, ERP controls, data security, and other risk management activities, our IT risk and assurance service can help your organization address the challenge of managing IT risks in a way that is in line with your business strategy and maximize your business benefit. Our services include:
IT risk assurance
7 8
IT risk and governance
Designing, documenting, and profiling the IT governance, risk and related internal control environment including information strategy.
Our services include the following:
• IT due diligence services• IT governance, risk and control programs
assessment and development in accordance with COBIT 5
• IT compliance review• Assurance service to clients of service
organizations through the attestation reports (SOC 2, SOC 3, agreed upon procedures, etc.)
• Leverage enabling technologies to assist with integrating, validating, configuring, and tuning compliance and risk systems, such as AML/ fraud/ trade surveillance, continuous monitoring, alert management, and know-your-customer
Impact:• Accelerate the design and implementation of
the IT Governance, Risk and Compliance
IT risk and security
Analyzing enterprise IT threats and risks through governance, compliance, and identification.
Our services include the following:
• IT risk diagnostic review• A holistic view of security systems,
applications, privacy, and infrastructure • Development of the information security
strategy, data privacy, information security vendor selection, disaster recovery, vendor management, and regulatory compliance
• Environment evaluation and addressing the risk associated with cold computing activities
• Information security policy and procedure development
• Information security training courses
Impact:• Enhance overall IT security and the
organization’s ability to safeguard sensitive data through controls
IT internal audit / staff augmentation
Providing our people to be managed by you.
Our services include the following:
• IT internal audit, and on- and off-shore sourcing
• Assist the organizations to develop the IT internal audit function
• Conduct the IT internal audit training courses
• Assess the effectiveness and efficiency in your IT internal audit and/or quality assurance functions
Impact:
• Improve competency and effectiveness of IT internal audit function
ERP controls and assurance
Helping companies enhance value derived from your investments in the ERP systems such as SAP and Oracle solutions by helping to achieve control objectives and minimize risk.
Our services include the following:
• Process improvement • SAP and Oracle Governance, Risk &
Compliance (GRC) strategy and implementation
• Control enhancements leveraging inherent system capabilities within the SAP and Oracle systems and SAP GRC modules
• SAP and Oracle security assessments and redesign
• Continuous access / control / data monitoring
• Control design and implementation
Impact:• Increase efficiency through ERP automated
controls
Data and reporting assurance
Providing you the ability to improve the value of your data and transform the information into actionable intelligence, you can look for consistently better results in the conduct of day-to-day business.
Our services include the following:
• Quantifiable assessment through data analysis
• Data governance framework development, data quality metrics definition
• Big Data solution selection• Forensic data analytics, data discovery and
eDiscovery• BCM Framework development, risk
assessment and business impact assessment, recovery strategy selection
Impact:
• Discover useful information to support
decision-making
Project assurance
Alignment of project scope with agreed business cases and stakeholder expectations can help achieve quick wins that built trust, credibility and momentum for success.
Our services include the following:
• ERP vendor selection• Contract negotiation assistance• Project management office• Quality Assurance services• ERP post implementation review
Impact:• Help organizations to increase their return
on investment
Business controls advisory
In today’s business ecosystem, IT and financial reporting environments are becoming increasingly complex, as even greater reliance is being placed on the information produced by these systems and processes. Improved data and information, standardized processes, common platforms and improved supply chains are just a few of the key drivers of this reliance. In addition, new regulations have laid a greater emphasis on internal controls and often require independent assurance of the effectiveness of internal controls.
Attention to the design, documentation and operation of controls is critical to ensure the accuracy and promptness of information used for financial reporting and management decision-making. Good business controls in and around your systems and processes are critical to ensure that your organization gets value from your investments with sustainable, effective and reliable controls.
Our professionals have deep industry knowledge and regulatory, technology and business process skills. We work closely with organizations to provide integrated end-to-end solutions and services. Our aim is to help our clients enhance value by mitigating risks to an acceptable level, and also ensuring that the control framework that is deployed is cost effective and efficient in terms of operational results.
2
Control design and effectiveness assessment
The assessments are across key operational and financial processes and also include documentation of internal control. This can include benchmarking against leading industry control templates.
Impact:
• Provide integration planning and program management• Improve data quality and integrity• Improve analytical reporting and business intelligence• Improve back office performance• Improve effectiveness and efficiency of controls• Improve information and communication process• Improve preventive and detective errors and frauds
Controls advisory (standardization,automation, integration and optimization)
Helping organizations in their design, implementation, testing and optimization of their internal control environment, including the provision of advice, analysis and improvement plans, in the context of business change and regulation to build internal controls that are cost effective, robust and reliable.
Impact:
• Improve optimization of internal control to address the most critical business risks
• Develop an internal control framework• Develop a risk management framework• Train personnel on Committee of Sponsoring
Organizations of the Treadway Commission (COSO) methods of documenting controls
Design and review of standard operating procedures
Our experienced team can help organizations standardize their business processes by building standard operating procedure manuals and policies aligned to PwC’s Global Best Practices ™. We also assist our clients to establish a periodic review calendar with policy and procedure manual updates to reflect the current operating environment.
Impact:
• Serve as framework for organizational policy – provide direction and structure
• Written documentation of best practice • Have foundation for:
• job descriptions• employee training• corrective action and discipline• performance review
Design and review of schedule of authority
A clear definition of accountability and responsibility is a critical success factor for any organization. Our teams have experience in building a business-friendly schedule of authority (SoA), which is not intended to be a restraint but rather a tool for expediting the decision making processes. We understand that every organization is unique.
Impact:
• Analyze the management's appetite for risk, the organizational structure, current internal control maturity and the nature and volume of transactions before laying down authority limits and protocols
• Clarify roles and responsibilities
9 10
Third party assurance using recognized standards e.g. ISAE 3402
Helping companies validate the accuracy of data including, and beyond, the financial statements. PwC is positioned to report on your company's controls and processes; and provide assurance beyond the financial audit. By utilizing non-financial statement reports, agreed upon procedures and customized attestations, PwC can provide additional solutions under the third party assurance (TPA) umbrella that are of great value and provide comfort accordingly.
Impact:
• Utilize non-financial statement reports to provide additional solutions to add value and provide comfort.
• Reduce the need for client audits/site visits.• Enable a competitive advantage through
transparent controls reporting.• Provide comfort over the completeness and
accuracy of information reported to stakeholders
Sustainability and climate change
We provide assurance related services of non financial information, such as carbon footprinting and environmental and social information reported into Corporate Social Responsibility (CSR) reports.
Climate change has emerged as one of the most important political and business issues of our time. We can help you understand which issues will have the greatest impact in your business, form a coherent strategy to address them, and then support you through the often complex organizational changes needed to put your strategy in place.
Impact:
• Add credibility to the published information in your sustainability or corporate responsibility report
• Provide an assessment of the quality of your management systems and performance data and/or to support your internal audit program
Commercial assurance
Helping clients to understand the real cost drivers and performance obstacles through an evidence-based review.
Implementing an effective contract re-negotiation or termination strategy.
Implementing effective contract deployment.
Focusing on purchase-to-pay processes and controls on service performance, cost control and continuous improvement.
Reviewing contract structures to ensure reward and pricing mechanisms fit the service or product and are driving the right behavior.
Improve operational efficiency and tighter demand management through enhancing delivery at lower cost.
Simplifying by removing unreliable evidence, inadequate knowledge or unnecessary complexity that may hamper decision making.
Billing compliance and invoice error recovery.
Impact:
• Improve the efficiency of operations and cost saving
Performance assurance
Regulations changing, new trends emerging, the growing global
population, demographic shifts, climate change and increasing
pressure on diminishing natural resources… all create a number of
risks facing businesses from many areas of operation.
Businesses that don't manage their relationships with stakeholders
actively and creatively fail to maximize revenues and control costs,
create excessive dependency and open their organizations up to a
multitude of risks. Building and maintaining trust has never been
more important. Getting value for money from these contacts,
ensuring effective performance and managing risk is an ongoing
challenge for most businesses, particularly in today’s economic
environment. Services and contractual charging regimes are often
complicated, difficult to understand and lack transparency. Reporting
on social and environmental issues has also become more important
than ever.
PwC’s performance assurance services offer an independent opinion
on how a company is responding to these risks. From established
services like ISAE 3402 controls reporting, to more innovative
assurance offerings, our performance assurance services help you
build trust in your systems and processes. We can help you
understand which issues will have the greatest impact in your
business, form a coherent strategy to address them, and then support
you through the often complex organizational changes needed to put
your strategy in place.
11 12
8
Business resilienceRisk management
An effective enterprise risk management capability enables management to drive greater clarity throughout the business and make better-informed decisions with confidence, thus transforming risk into opportunity.
Our services include the following:
• Enterprise-wide risk assessments• Risk remediation• Developing risk and control framework
assessment
Impact:
• Thorough understanding of enterprise-wide risk profile
• Alignment of risk programs, metrics, and functions with corporate strategy
• Consistent approach to identifying, analyzing, and responding to risk
• Risk management embedded across the business• Reduced surprises, fines and penalties
Business continuity
Enhancing the process for identifying, preventing and preparing for events that may disrupt business activities.
Our services include the following:
• Governance and compliance: ensuring BCM meets best practice as well as regulatory standards
• Crisis management• Business continuity strategy• Business recovery procedures• Awareness, training and testing
Impact:
• Reduce impact of business interruptions• Improved recovery times• Rapid availability of management decision
making• Continuity of operations and contingency plans to
address hazard specific issues• Improved employee and customer safety• Reduced risk of customer losses or brand impact• Balance cost benefit resumption plan
Fraud risk and controls
Prevention, detection, investigation and remediation of fraud risks
Impact:
• Safeguard brand value and individual professional reputation
• Protect revenue and assets
Regulatory compliance
Identifying, monitoring, and managing an organization's regulatory compliance responsibilities.
Impact:
• Avoid or recover from compliance failures• Enhance regulatory compliance• Anticipate compliance and regulatory
requirements• Support performance objectives, sustain value,
and protect the organizational brand
13 14
Companies are looking hard at what is needed to
better identify and manage all kinds of risks –
strategic, operational, financial, compliance or
reporting. As a result, robust risk management
processes have become a critically important tool
to assist companies gain a competitive advantage
over their peers.
We offer an integrated approach to risk and help
clients build a resilient and successful business.
This involves identifying and maximizing
opportunities, protecting reputation, mitigating
downside threats, designing and implementing an
optimized control environment and ensuring
compliance to statutory and regulatory norms.
Addressing the accounting and reporting implications of transactions
Design and implementation of an accounting framework for financial instruments in compliance with local GAAP, US GAAP and IFRS, advising on hedging strategies and the application of hedge accounting.
Impact:
• An impact assessment• Profit and loss volatility assessment, using
our modeling and valuation skills• Hedging strategy optimization• Valuation review (basis risk, IOS
valuation, commodity specifics and others)• IFRS convergence project
Optimizing treasury and cash governance, risk and effectiveness frameworks
Design and implementation of a framework for corporate treasury including policies, strategies, infrastructure, processes and methodologies for the treasury function. This also includes the review, benchmarking and restructuring of the treasury function such as payment factory, in-house bank, commodity trading, etc.
Impact:
• Alignment of treasury technology to your requirements
• Fast and efficient integration of systems into your processes
• Extensive treasury management knowledge and proven methodologies for system selections, and the business aspects of implementation
• Independence in choosing the system provider
Risk and controls advice on issues of working capital and cash management
Conception and implementation of processes and methods to identify, measure, analyze, report and manage FX, credit and interest rate risks and overall process improvement. Design and implementation of cash and liquidity management systems, including planning, management and reporting processes, simplification and advising on bank account structures, cash pooling, netting and payment factories, and improving working capital.
Impact:
• Helping clients manage their risks and control cash on the treasury function
• Cash is managed effectively from both a financial and tax perspective
Corporate treasury and commodity solutions
The recent global financial crisis has emphasized the importance of core treasury activities such as funding, cash management and financial risk management. These activities are critical during this period of market volatility and uncertainty, as the security of companies is a going concern. Apart from these day-to-day challenges, corporate treasuries are increasingly expected to contribute to shareholder value with sophisticated financial risk management strategies. Treasurers need to consider how to leverage their existing resources to optimize their operation in steering toward company goals and expectations.
Corporate treasuries operate in one of the world’s most open economies with its associated challenges in the financial and capital markets. These challenges must be met in an increasingly demanding compliance environment. More rigorous accounting standards and reporting requirements increase the stress on treasury resources at all levels. Our company provides an array of services across all aspects of treasury management. These services range from assisting firms to formulate strategic decision making frameworks (across all financial markets) through to the enabling of more efficient day-to-day processes.
15 16
For further information, please contact:
Ho Chi Minh City Hanoi
17 18
Richard PetersRisk Assurance Leader | PartnerPwC Vietnam+84 28 3824 [email protected]
Nguyen My HanhIT Risk Assurance | DirectorPwC Vietnam+84 28 3823 0796, Ext. [email protected]
Xavier PotierRisk Assurance Services | DirectorPwC Vietnam+84 28 3823 0796, Ext. [email protected]
Nguyen Tien ThanhIT Risk Assurance | Senior ManagerPwC Vietnam+84 24 3946 2246, Ext. [email protected]
Nguyen Chi CuongRisk Assurance Services | Senior ManagerPwC Vietnam+84 24 3946 2246, Ext. [email protected]