www.pwc.

com

Information Technology
Audit Overview

George Mason University Fall 2014

Presenters
Jaime Phillips- Risk Assurance Director
jaime.d.phillips@us.pwc.com
Christina Conrad - Risk Assurance Senior
Associate
christina.t.contrad@us.pwc.com

PwC

Discussion Points

PwC

Information Technology Audit

IT Audit Professionals
PwC and Risk Assurance
Our Journey in the Profession
Q&A

Information Technology (IT)

Audit

PwC

IT Audit in the Context of Financial

Reporting
Understanding controls around the systems that house and generate

financial data
Completeness
Accuracy
Validity
Restricted Access
Results dictate extent of detailed testing required by financial audit

team (i.e. how much ticking & tying they must do)
Efficiencies and experience allow for more focus and the ability to

leverage knowledge on work completed outside of the financial audit

PwC

Slide 5

Areas of Focus: ITGCs

PwC

Information Technology General Controls (ITGCs)

Four ITGC Domains
- Computer Operations
- Program Development
- Program Changes
- Access to Programs and Data

Slide 6

Operational Information Technology Audit

An operational audit is an objective evaluation of
organizational activities
Governance and Management of Information Technology
Platform and Technology Specific Audits
Security and Cyber Security
Disaster Recovery and Business Continuity
Cloud
Data and Data Privacy
Regulatory Compliance (ie., NIST)

PwC

Slide 7

IT Audit Professionals
Come from a variety of backgrounds and majors
Progress through a number of career paths
Build careers in both industry and professional

services/consulting firms

PwC

Slide 8

Who is PwC?

PwC

About PwC
We provide assurance,
advisory and tax services
for over 84% of the largest US
public and private companies.

8,697 partners
across our
network

184,000 partners,
principals & staff
across our network

39,000 US firm
partners, principals
& staff

3 Lines of Service

Assurance

Tax

Advisory

pwc.com/campus

Global
Network of
Firms

157 Countries

The Clients We Serve

PwC holds the leading position as auditor to the Global Fortune 500, auditing
32% of Global Fortune 500 revenue* , including:

pwc.com/campus

PwC Wash Metro

PwC serves
approximately 75% of the
Fortune 1000 companies
headquartered in the
Washington Metro region.
Approximately 2600 staff
and 180 partners work
together in the Washington
Metro Market.

PwC

12

Washington Metro Market Clients

A few of our local clients

PwC

13

Risk Assurance

PwC

14

What is Risk Assurance?

Risk Assurance is functionally aligned to the PwC
Assurance Practice.

Risk Assurance professionals have the opportunity to

engage in a variety of projects and clients across
industries, both in the public and private sector.

RA professionals work across lines of service (Tax, Core

Assurance and Advisory) to deliver innovative solutions to

client issues and deliver support in the audit of financial
statements.

PwC

15

PwC Risk Assurance

THIRD PARTY ASSURANCE
Preferred provider of major internal audit

Audit and non-audit SSAE16 and agreed-upon

outsourcings (including co-sourcing

arrangements
INTERNAL
AUDIT SERVICES
Sarbanes-Oxley compliance services
Internal Audit advisory services (i.e., External
Quality Assessments, risk assessments, etc.)
Potential for supplemental service offerings in
such areas as loss prevention

procedure reporting
Readiness and reporting associated with
sector-specific requirements (i.e., SEC Custody
Rule, prime broker reporting,
HIPAA/HITRUST)
Preparedness and reporting associated with
future anticipated regulatory updates (i.e.,
Sustainability, XBRL)

PROCESS ASSURANCE:
Support in delivery of Core Attest external audit service offerings

IT & PROJECT ASSURANCE

Design and recommend risk and control-

GOVERNANCE, RISK & COMPLIANCE

related services associated with major ERP

applications (SAP, Oracle, other EPM),
including pre- and post-implementation
reviews
Assessment of program/project risks against
desired benefits, and controls outcomes
Security and privacy-related offerings including
security and vulnerability assessment and
diagnostic reviews and assisting companies in
addressing relevant regulatory requirements

ranging from high level assessments to comprehensive

program development
Business continuity planning and process-related
offerings
Assess, recommend and design of processes associated
with existing and emerging regulation, including
sector-specific requirements, broad regulation (i.e.,
Dodd-Frank) and comprehensive programs (i.e., ethics
and compliance)

Services associated with enterprise risk management

16

Q&A

PwC

17