Business Controls Optimization

Открыть страницу: на русском языке
Issues you are facing Our solutions

Governance and compliance

  • Boards needs and accountability
  • Ineffective internal communications
  • Lack of understanding of roles and responsibilities by personnel. Lack of formalized policies, reglaments and procedures.
  • Multiple compliance requirements
  • SoX, J-SoX, Euro-SoX implementation and etc.
  • Lack of understanding and documentation of business processes and controls
  • Lack of understanding and documentation of financial statement risks
  • Control self-assessment process implementation
  • Business processes and controls optimization for SSAE16 and ISAE 3402 reports (service organization report issue)

Organizational changes

  • Business combinations (merger or acquisition of companies with different management and internal control systems)
  • New system implementation requiring business processes description and optimization
  • Centralization or outsourcing of business processes and operations.
  • Company growth and establishment of new business units and offices.
  • IPO preparation

Costs and complexity

  • Duplication of actions and controls
  • Lack of policies and procedures at the company level, and ineffective company level controls. Poor control culture
  • Multiple systems, centers of responsibilities, multiple business processes schemes.

Reliability of information

  • Error, misstatement, fraud in management and financial statement.
  • Business processes and controls diagnostic
  • SoX, J-SoX, Euro-SoX and etc. implementation projects.
  • Description and assignment of roles and responsibilities. Preparation of reglaments, policies and procedures.
  • Segregation of duties analyses and optimization. Preparation of segregations of duties matrices (on organizational and IT levels).
  • Analysis, uniformity and optimization of company level controls.
  • Analysis, uniformity and optimization of business processes and controls. Preparation of “AS IS” and “TO BE” business process and controls models.
  • Optimization of management and accounting reporting process
  • Business process and controls diagnostic for IPO purposes
  • Trainings on risks, business process analysis and controls, SoX, J-SoX, control-self assessment and control testing.
  • Financial statement risks analyses and documentation. Risks and controls mapping.
  • Facilitation of control self-assessment work shops


Business processes and control diagnostics

For companies with preidentified business process and control issues, we are also able to evaluate the root cause(s). For companies currently planning an IPO, we can provide a diagnostic of the current corporate governance and business process control environment currently established. Such a diagnostic, would provide an overview of the company’s business processes and control environment, identifying gaps, and recommendations for improvement.

Our diagnostic procedures includes the evaluation of the following factors:

  • Organizational structure, assignment of roles and responsibilities,
  • Policies, procedures, instructions and etc.
  • Company level controls
  • Significant business processes and documents workflow.
  • Information technology and IT general controls.
  • Spreadsheets

Diagnostics results are summarized in a report that includes business process and control gaps, and recommendations for improvement.

In case of need diagnostic may include business processes and controls benchmarking:

  • Quality and quantity benchmarking,
  • Internal benchmarking,
  • Best practice benchmarking,
  • Competitive benchmarking.

Business processes and controls optimization

For companies that has already identified gaps and areas for improvement of business process and controls, we propose a full cycle of internal control optimization procedures as follows:

  • Controls current state. Understanding of current state of business processes and controls . Preparation of “As is” business process model.
  • Risk assessment. Business process and IT risk assessment. Preparation of risk maps.
  • Risks and controls mapping. Business process and controls analyses. Gap analyses. Identification of key controls. Risk and controls mapping.
  • Controls rationalization recommendations. Identification of areas of improvement and optimizations. Preparation of “To be” business process model.
  • Implement controls optimization.
  • Implement operational infrastructure.

SoX, J-SoX, Euro-SoX and etc. implementation

For companies implementing SoX, J-SoX and Euro-SoX, we propose the following procedures:

  • Presentation of SoX requirements to management. Learning and education.
  • Risk assessment. Determination of materiality.
  • Project scoping (business units, significant financial statement line items, significant business processes)
  • Preparation of risk matrices.
  • Company level controls understanding and evaluation.
  • Business process documentation. Preparation of flowcharts and narratives.
  • Understanding of key controls. Preparation of control matrices.
  • Preparation of control testing plans, performing control testing and documentation of results.
  • IT-risks and controls assessment. IT scoping (applications, data centers, IT-infrastructure)
  • Assess the impact of service organization

Consulting and training

For companies that are implementing internal control optimization using their own resources, we can perform targeted consulting procedures as follows:

  • SoX, J-SoX, Euro-SoX impelementation.
  • Risk assessment. Preparation of company’s risk profile.
  • Business process and controls understanding, evaluation and documentation. Documenting business processes: preparation of flowchart and narratives.
  • Controls evaluation. Identification of key controls. Preparation of control matrices.
  • Validation of the system of internal control. Walkthrough. Preparation of control testing plan, assessment of control design and operating effectiveness. Sampling. Testing results documentation. Control deficiencies remediation.
  • Segregation of duties analyses including access to programs and data.
  • Control self-assessment (objective-based, risk-based, control-based, business process-based).

In addition, PwC provides regular training in risks and controls.


Internal Controls Optimization is a continuous process of improvement, reflecting a company’s objectives and risks, and the risk appetite of management by establishing effective and efficient internal controls at the right cost for the organization.

PwC Risk Assurance Solutions can assist clients in building effective business processes and controls.