PWC It Internal Audit
PWC It Internal Audit
Strengthen your IT
Internal Audit activities
The economic environment is changing, The main shortcomings, identified
triggered by ongoing disruption from emerging in 2019 during the “IT risk” on-site
technologies, new operating models, the inspections: IT governance, in particular
introduction of new regulations, the change the lack of IT strategy; IT security
driven by new market entrants or an increase in for management of cyber threats;
the customer expectation level. weak control environment on new IT
development practices; management of
In this context, the Internal Audit (IA) function IT risks with lack of risk coverage; lack of
has to deliver insight and value into key current coverage through IA missions.
and emerging risk areas of your business. CSSF Annual Report 2019
www.pwc.lu
Usage of new tools/ Keeping internal skills Having deeper and Automation of audit
new approaches and competencies up insightful findings for observations follow-
during each mission to date your IT up
We will support you to In order to define the We support you during We support your Internal
perform the preliminary detailed scope of IT the IT reviews, through Audit department to
IT assessment based on Internal Audit missions, different tailored solutions: enhance its activity with
COBIT 2019 framework, we propose to use a • Co-sourcing on your IT new solutions:
in order to identify the set of 12 IT Internal Internal Audit activity • Automation of data
most relevant IT domains Audit Domains, that is • GAP analysis against processing and
for future IT Internal Audit based on several best specific frameworks / dashboarding
missions. practice frameworks and standards • Automated audit of
regulatory requirements • Advisory / trainings / financial and non-
(e.g. COBIT, CIS, ISO 27k, workshops financial information
NIST, EBA Guidelines), for • End User Computing
which we have identified identification and control
the key areas to be in • In-depth analyses of
scope of the review. targeted processes
• Review of system
configurations and
behaviours
• Online follow-up platform
for existing observations
Contacts