Are you a CEO or CFO?

Открыть страницу: на русском языке

CEOs continue to be under strong pressure to demonstrate the value they are getting from their internal audit department. They need to ensure that the function is operating efficiently - keeping costs to a minimum while adding real value with the quality of its recommendations.

Given scarcity of skilled resources, what is the optimal way to organise the work of my department?

(Click to enlarge)

How PwC can help

How can internal audit cosourcing / coaching benefit your company

PwC Russia provides flexible cosourcing and coaching solutions for our Russian clients. Our solutions are based on:

1. Flexible access to our specialists

Based on your needs we provide you with subject matter experts and technical specialists to effectively assess and audit complex operational risks, including:

  • Supply chain management, procurement and supplier management, production and plant management, logistics and sales channels
  • Human resource, performance management, contractor management and compensation programs
  • Treasury and liquidity management
  • Capital investment and large scale construction projects
  • Risk management, IT security and governance
  • Mergers, acquisitions, divestments and valuations
  • Forensics , investigations and dispute management
  • Compliance with international and Russian industry specific regulations
  • Tax planning and optimisation
  • Accounting and financial reporting

2. Teaming and coaching

We team our Russian and international subject matter experts and technical specialists with your in-house audit resources to deliver value added engagements.

We have access to a network of more than 2,000 internal audit specialists world wide with practical experience in your specific industry.

Our international and Russian specialists coach and transfer technical knowledge to your auditors during the delivery of each engagement to build their skills, including the delivery of quality reports.

We can draw upon different pools of experts from PwC Russia. We have:

  • Over 200 advisory specialists with a range of industry skills and experience, including strategy, operations, regulatory, forensics and human resources
  • Over 400 tax and legal specialists
  • Over 120 risk assurance specialists with IT and business process skills
  • Over 100 specialists focusing on deals, mergers and acquisitions and valuations

What are the benefits of internal audit cosourcing in Russia for overseas companies?

PwC Russia provides effective cosourcing solutions in Russia for the corporate audit function’s of overseas companies. Our solutions are based on:


We team our Russian based specialists with your corporate audit resources to effectively deliver your audit activities in Russia. Our staff understand both the Russian business environment and your corporate culture.

Flexible access to our specialists

We bring you the resources and skills that you need to supplement your in-house capabilities to deliver a quality but cost effective audit in Russia, including:

  • Experience with overseas regulations, including Sarbanes-Oxley, FCPA and UK Bribery Act
  • Knowledge of the Russian business environment, including cultural, operational and regulatory risks
  • Multiple language capabilities, to ensure effective communication with your corporate audit team and your Russian speaking management. All of our staff are not only highly technically trained and experienced but also bilingual in Russian and English
  • Experience delivering audits in accordance with corporate audit best practice and International Internal Audit Standards

Tailored solutions

We tailor our cosourcing activities to fit your corporate audit plan, including:

  • Assistance to assess specific risks at your Russian business, during your annual planning process
  • Data analytics to assess detailed risks
  • Delivering planned audits, either on a stand alone basis or providing resources to supplement your corporate audit team, including IT audit specialists
  • Specialist investigations when required and forensic support including FCPA and UK Bribery Act assessments
  • Sarbanes-Oxley compliance program activities and testing, including optimisation advice
  • Specific risk and control reviews of the Russian business operation during or shortly after acquisition
  • Workshops and training for your corporate audit team on Russian regulations and risks
  • Consulting advice to assist Russian management to implement internal audit recommendations


The culture and practices of Russian CFOs and finance staff are often very different from what the management of international audit functions are used to. Our specialists help to ‘bridge this gap’, by effectively communicating to both parties in their respective business languages.

PwC Russia has a dedicated team of more than 120 risk assurance specialists, of which 30 are mapped to internal audit. In addition we have 35 forensic specialists. These staff regularly provide cosourcing services to more than 30 overseas companies located in the United States, Canada, Germany, France, United Kingdom, China, India, Netherlands, Spain, Italy, Sweden and Finland.

What risks should I focus on?

(Click to enlarge)

How PwC can help

What should I do in respect of fraud?

(Click to enlarge)

How PwC can help

How can you audit your IT function effectively?

IT audit has become an essential part of internal audit as IT becomes increasingly integral to the processes, risks and controls of business. International Internal Audit (‘IIA’) Standards also require that internal audit functions adequately consider IT risks as part of their work.

IT audit should be an integral part of the internal audit work plan. For example, an audit of relevant systems and automated controls should form a central part of most audits of business processes.

PwC helps its clients by training, coaching, and performing joint projects with IT internal audit teams and also by providing highly skilled IT audit resources as required on a temporary or recurring basis.

PwC has developed a comprehensive internal audit internal audit methodology based on COBIT to ensure that our clients can leverage the strategic value of IT internal audit. We help our clients to:

  • Identify and measure IT risk
    Helping to understand IT structure and processes, identify risk areas and recommendations to add value
  • Determine and validate stakeholders' needs and expectations
    Developing consensus between internal audit, compliance and operational management on key IT risk areas and key IT audit areas
  • Develop IT audit plan and methodology
    Helping to assess appropriate timing and extent of IT audit, prepare detailed testing plans and transparent methodology
  • Perform an external assessment of the IT audit function
    Helping to improve the IT audit function by reviewing the function for example in comparison with IIA standards and/or best practices with detailed recommendations for improvement and proposed action plan to implement
  • Develop IT audit skills
    A range of classroom training courses, on-the-job coaching and joint projects developing the understanding, effectiveness and efficiency of IT internal auditors and management
  • Providing niche IT audit resources
    Covering specific areas of expertise for example information security over card processing, SAP segregation of duties, SAP configuration controls
  • Providing outsourced/co-sourced IT audit resources
    Assisting internal audit functions with no IT audit function or with limited IT audit resources to meet a shortage of skills for a specific period or location
  • Ensure stakeholder needs are met
    Helping internal audit management and IT auditors to communicate the impact of IT risks and issues to the organization to maximize the benefits of IT audit work

How PwC can help

Are you focusing on the real risks of construction projects?

Target audience

Internal auditors, controllers, economic security officers and other professionals, who need to conduct audits and reviews of large construction projects effectively and efficiently.

Training objectives

Discuss major risks and controls in relation to construction project life cycle and develop robust approach to audit construction projects.


9 academic hours (1 day).

Outline of the training course:

  • Reasons to audit construction projects
    Main objectives of construction projects, as well as reasons and justification of auditing of construction projects
  • Main stages of construction projects
    Explanation of risks and controls related to each stage of the project:
    • Plan & Design
    • Tendering & Procurement
    • Construction
    • Close-out
  • Control weaknesses
    Determine key controls at each stage of the project and identify potential weaknesses
  • Key stakeholders of the project
    Identification of key stakeholders at each stage of the project (users, engineers, finance, accounting, procurement, EHS, legal and project managers, etc.) , defining their roles and responsibilities
  • Types of major construction contracts
    Compliance issues related to different types of contracts:
    • Lump Sum
    • Cost Plus
    • Time & Materials
    • Unit price
  • Fraud risks
    List of key areas that are more fraud prone than others. Describing potential fraud scenarios and implementation of standard controls to mitigate fraud risk
  • Accounting of construction projects
    Major principles of accounting of construction projects in accordance with IFRS requirements
  • EHS considerations and warranties
    List of main requirements subject to EHS legislation. Management of hazardous waste and materials

How PwC can help

Does my internal audit function deliver quality?

PwC offers a comprehensive approach to performing an external quality assessment review (‘EQAR’) of your internal audit function. This includes:

  • A formal quality assessment of your internal audit function and its conformity with International Internal Audit (‘IIA’) Standards, with a report on findings
  • Benchmarking the function’s activities against best practice, with recommendations to improve its quality, efficiency and effectiveness
  • Defining the function’s strategic goals and role within your company’s management and governance structure and identifying development options
  • A review of when and how the head of internal audit interacts with the Board, audit committee and management, with recommendations on enhancing communication focusing on continuous improvement
  • Assessing the effectiveness of your risk based audit approach, methodology and interaction with your company’s risk management function, with suggestions for improvement
  • Reviewing the effectiveness of the function’s staffing model and skill development program, with recommendations for improvement

We tailor the scope of services to meet your needs, but typically provide three types of EQAR:

1. Assessment for conformity with IIA Standards

A detailed review in accordance with international standards to assess the function’s conformity with the individual IIA Standards. This is required to be performed at least once every five years by IIA Standard 1312.

2. Assessment against the expectations of your Board, audit committee and management

In addition to assessing conformity with IIA Standards, we interview and survey the stakeholders of the internal audit function, to determine their expectations and recommendations for its future development.

3. Performance benchmarking

In addition to the above we compare your internal audit activities against those of high performing functions in Russia and global companies in similar industries. To do this we use our in-house tool Profiler™, which contains anonymised data on internal audit best practice from Russia and all over the world, covering strategy, structure, people, process and technology.

At your request we can deliver our EQAR in two stages consisting of:

  • Readiness assessment, with interim recommendations
  • Some 3 to 6 months later, a full EQAR, with final recommendations.

Companies obtaining their first EQAR typically prefer this approach, to give them time to remediate their initial weaknesses identified.

How PwC can help

… and how can I be sure my IA function delivers quality?

(Click to enlarge)

How PwC can help

How effective is your audit of the financial reporting process

Target audience

Internal auditors, who are willing to expand their roles related to financial auditing. Also other participants, who require an essential course on financial accounting concepts, needed to conduct financial auditing.

Training objectives

In addition to a basic accounting class, this training course will enable participants to approach financial auditing with sound understanding and new confidence.


18 academic hours (2 days)

Outline of the training course

  • Basic concepts of IFRS and US GAAP
    Introduction to accounting standards. Framework for the preparation and presentation of financial statements
  • Financial statements and analytical review
    An overview of financial statements (statement of financial position as at the end of the period, statement of comprehensive income for the period , monthly management accounts and others), how to identify basic trends in financial statements (horizontal and vertical analysis) and use them to conduct audits effectively
  • Planning of financial audit
    The concept of materiality. Risk based auditing. Financial Statement assertions
  • Auditing process
    It includes:
    • Controls testing (including Sarbanes-Oxley)
    • Substantive testing
    • IT controls
    • COSO principles of internal controls in relation to financial statements
    • Confirmation letters
    • Inventory counts
    • Reconciliation
    • Review of estimates
    • Journal entries
    • Accrual and provision process
    • Valuation and depreciation
    • Debt covenants
  • Closing statements
    Reviewing adjustments. Testing of management’s representation letter
  • Fraud related to financial statements
    The most popular scenarios of fraud in relation to financial statements preparation. “Creative accounting”, “Window dressing” and other fraud schemes
  • Improving collaboration with external auditors
    IAS and IIA standards requirements. Level of maturity of internal audit function and reliance of external auditors on internal auditors’ work.

How PwC can help

Does my claims process minimise cash leakage?

PwC offers a comprehensive approach to performing a closed file review (‘CFR’) of the claims management process to our insurance clients. This includes:

  • A diagnostic review and assessment of your claims process and the controls over the process, with a report on our findings
  • Use of data analysis tools to select files with increased likelihood of cash leakage or control issues, followed by detailed verification of the appropriateness of the claim settlement based on information available and company procedures in place
  • Reviewing the functionality of the IT systems around the claim process and the controls over these IT systems, with recommendations for improvement
  • Assessing how adequately claims management interacts and communicates with the Board and senior management, with recommendations on enhancing reporting
  • Evaluating the KPIs in place for the claims process within your company’s business and management structure and identifying development options
  • Evaluating your risk assessment of the claims process, including consideration of your risk methodology and your company’s risk management function, with suggestions for improvement
  • Reviewing the adequacy of claims process staffing and its skill development program, with recommendations for improvement

We tailor the scope of services to meet your needs, but typically provide three types of CFR:

1. Standalone review

A detailed review from initial diagnostic to detailed recommendations with only limited interaction with your Internal Audit department. This is particularly suited to companies with staff resource or skill shortages where a review is urgently required.

2. Joint review

In conjunction with your internal audit function, a joint project resulting in a detailed review as above. This creates opportunities for training your staff and increasing the quality of dialogue between the claims process owners, management and head of internal audit focused on continuous improvement.

3. Expert assistance

We provide specific skills such as data analytics and forensic services as a short term addition to the skills of your existing team. This is particularly valuable for companies that may not be able to justify employing such experts on a permanent basis.

At your request we can deliver our CFR in two stages consisting of:

  • Diagnostic review, to identify likely areas for further investigation, with interim recommendations
  • Detailed CFR, with sample testing of files, with final recommendations.

Companies performing their first detailed CFR typically prefer this approach, to ensure that detailed testing is focused on the lines of business where CFR is mostly likely to add value.

How PwC can help

Are you adding value through operational audits?

Target audience

Internal auditors, who need to conduct operational audits effectively and efficiently and be capable to demonstrate added value. Also other participants (risk managers, controllers, compliance managers), who require a basic course on how to evaluate if systems are designed properly, and if operational controls and risks are managed as expected.

Training objectives

This course will enable participants to assess if business units, divisions and department achieve their objectives in effective, efficient and economical manner.


18 academic hours (2 days)

Outline of the training course:

  • Management’s role
    Identifying key concerns of senior management. Defining and evaluating management’s objectives. Partnering with management to deliver value added services
  • Characteristics of operational audits
    Understanding the differences between different types of audits:
    • Financial
    • Compliance
    • Operational
    • Integrated
  • Operational risks and related controls
    Understanding different types of operational risks. Risk assessment techniques. Risk classification and grouping. Risk mitigation tools and operational controls
  • Structure of the audit
    Analytical review. Audit planning. Audit fieldwork. Audit closure and report writing. Interaction with auditees and audit clients. Kick-off, status and closing meetings
  • Risk based audit planning
    Identifying high risk areas. Linking risks to related controls/ risk-control matrix, leading to an audit program. Control frameworks (including COSO framework). Assessing efficiency and effectiveness of controls. Mitigating and compensating controls
  • Value-for-money audits
    ‘3e’ audit concept: efficiency, effectiveness and economy. Focusing on high risks to help companies manage resources effectively and efficiently. Applying value-for-money concept for different business processes

How PwC can help