Risk assurance service

www.pwc.com/vn

www.pwc.com/vn

©2018 PwC (Vietnam) Limited. All rights reserved. PwC refers to the Vietnam member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

How PwC can help your organization navigate risksin Vietnam

Hanoi: Floor 16, Keangnam Hanoi Landmark 72, Pham Hung Road, Nam Tu Liem DistrictHanoiTel: +84 24 3946 2246

Ho Chi Minh City: Floor 8, Saigon Tower29 Le Duan Street, District 1Ho Chi Minh CityTel: +84 28 3823 0796

PwC Offices in Vietnam

Effective risk management solutions to help

meet your strategic objectives

PwC risk assurance practice

Boards of directors and executive management teams

recognize the important role effective risk

management plays in meeting their organizations’

strategic objectives. Complex issues like globalization,

business model evolution, upgraded IT systems, the

shifting regulatory landscape, and higher stakeholder

expectations all present significant risks that can

prevent a company from reaching its strategic goals.

PwC understands that significant risks are probably

not confined just to niche areas within your

organization but more likely exist throughout it. Such

risks can have a wide-ranging impact across your

organization. To help you identify and combat them,

PwC's Risk Assurance practice has developed a

comprehensive approach that helps you protect your

business, facilitate your strategic decision-making, and

improve your efficiency. Our Risk Assurance

professionals complement this broad-based approach

with their wealth of risk and controls technical

knowledge and sector-specific experience. The result is

a risk solution built to meet your unique needs.

Our Risk Assurance practice helps you:

• Leverage industry and technical expertise to help you manage your business risks effectively

• Assist in assessing project risks and controls

• Enhance your internal audit functions so that they align to your company’s strategy and risk

• Reduce your costs through strategic internal audit outsourcing and co-sourcing solutions

• Increase the value and reduce the costs of your compliance-related activities

• Identify untapped opportunities to effectively mitigate your risk and improve your business performance

• Apply Enterprise Risk Management concepts to help identify, assess, mitigate, and proactively counter emerging risks

1 2

Helping clients obtain effective, value oriented, future-facing internal audits.

• Outsourcing services• Co-sourcing services• Staff augmentation/secondments• Internal audit (IA) advisory • Methodology: risk assessment, planning and execution

• Resourcing models • Effectiveness and productivity reviews

• Corporate governance

PwC risk assurance service in Vietnam

3 4

Internal audit service

Helping clients as they build risk-resilient businesses through better identification, measurement, mitigation and the optimal leverage of risks for business benefit.

• Business continuity• Risk management• Regulatory compliance• Fraud risk and controls

Business resilience

Helping clients build internal and external confidence in their business performance, both financial and non-financial, through the provision of independent advice and assurance.

• Commercial assurance• Sustainability and climate change• Third party assurance using recognized standards e.g.

ISAE 3402

Performance assurance

Helping clients manage their risks and unlock value from the treasury function.

• Optimizing treasury and cash governance, risk and effectiveness frameworks

• Addressing the accounting and reporting implications of transactions

• Risk and controls advice on issues of working capital and cash management

Corporate treasury and commodity solutions

Helping clients design and implement IT risk and control solutions that reflect a complex and fast-changing technological landscape and leverage investment in IT for maximum business benefit.

• IT risk and governance• IT risk and security• IT internal audit/staff augmentation• ERP controls and assurance • Data and reporting assurance• Project assurance

IT risk assurance

Helping clients in their design, implementation, testing and optimization of their internal control environment, including the provision of advice, analysis and improvement plans, in the context of business change, regulation or the challenge of returning investment value.

• Control design and effectiveness assessment• Controls advisory (standardization, automation,

integration and optimization)• Design and review of standard operating procedures• Design and review of schedule of authority

Business controls advisory

The role of IA continues to evolve, driven by many factors including economic conditions, globalization, and new and emerging risks. These scenarios are creating a dynamic environment and new opportunities for internal audit to demonstrate its value. Internal audit has to drive value creation.

Our PwC internal audit professionals bring the right mix of internal audit experience, industry-specific knowledge and highly technical specialized skill sets into your internal audit function. We can help you to improve the performance of your internal audit function so that it provides sufficient comfort to the Audit Committee and ensure that the internal audit team are tackling the right risks, as well as improving and aligning your governance, risk and control frameworks. We can provide independent advice to your Board, the Audit Committee, management and regulators on your organizational risks and the state of your controls, and work with you to implement any improvements that are needed.

16

Internal audit servicesCo-sourcing / outsourcing services

Providing direct IA services leveraging PwC’s technical internal audit skills, subject matter and industry knowledge, and on- and off-shore sourcing.

• Full outsourcing including a dedicated, industry knowledgeable core service team

• Co-sourcing of selected technical, geographic or industry-specific capabilities

Our solutions range from complementing your in-house internal audit function with our industry specific capabilities or wide geographical coverage to full outsourcing of your internal audit function.

Impact:

• Improve the capability, capacity, flexibility and effectiveness of company internal audit functions

• Deliver improved risk coverage and flexibility to respond to emerging risk while reducing overall cost

• Raise the value able to be delivered by the IA function and the relevance of the function within the company

• Support ongoing innovation in internal audit execution and ongoing risk management

IA advisory

• Methodology: risk assessment, planning and execution

• Resourcing models• Effectiveness and productivity reviews

Improving productivity and effectiveness of internal audit.

Consulting as IA practitioners to add value and enhance existing internal audit processes.

Prevention, detection and investigation of fraud including development of a fraud risk assessment.

Working with internal audit functions to perform risk assessments and redesign their audit plans and approach so that these are aligned with the business strategy and the areas driving shareholder value.

Advising on internal audit strategy and transformation to reduce cost, improve performance, increase accountability and develop metrics.

Providing an independent quality review of existing internal audit functions and their strategies.

Impact:

• Reduce cost, improve performance, increase accountability, and develop metrics

• Benchmark IA performance• Enhance IA methodologies • Develop and enhance fraud risk assessments • Audit technology implementations• Quality assurance reviews to assess conformance with IA

standards

Staff augmentation / secondments

Providing our people to be managed by you.

Impact:

• Improve effectiveness and efficiency of IA by gaining access to the right resources at the right time to meet company needs

• Utilize industry and subject matter knowledge Corporate governanceAnalyse, advise and assist in implementing Corporate governance system at entity level and activity level.

Impact:

• Improve the transparency of report, internal control, ensure equality among stakeholders within enterprises

5 6

Today is the digital age. Investing in IT systems is a fundamental part of many organizations. However, in making technology investments, there are at least three key hurdles to overcome: making the right technology choices; acquiring adequate funding; and realizing the full value of the investment after implementation. Additionally, these challenges must be addressed in an environment of complex global supply chains, ever increasing regulation, and a challenging economic environment.

With our broad and varied experience in IT project management, ERP controls, data security, and other risk management activities, our IT risk and assurance service can help your organization address the challenge of managing IT risks in a way that is in line with your business strategy and maximize your business benefit. Our services include:

IT risk assurance

7 8

IT risk and governance

Designing, documenting, and profiling the IT governance, risk and related internal control environment including information strategy.

Our services include the following:

• IT due diligence services• IT governance, risk and control programs

assessment and development in accordance with COBIT 5

• IT compliance review• Assurance service to clients of service

organizations through the attestation reports (SOC 2, SOC 3, agreed upon procedures, etc.)

• Leverage enabling technologies to assist with integrating, validating, configuring, and tuning compliance and risk systems, such as AML/ fraud/ trade surveillance, continuous monitoring, alert management, and know-your-customer

Impact:• Accelerate the design and implementation of

the IT Governance, Risk and Compliance

IT risk and security

Analyzing enterprise IT threats and risks through governance, compliance, and identification.

Our services include the following:

• IT risk diagnostic review• A holistic view of security systems,

applications, privacy, and infrastructure • Development of the information security

strategy, data privacy, information security vendor selection, disaster recovery, vendor management, and regulatory compliance

• Environment evaluation and addressing the risk associated with cold computing activities

• Information security policy and procedure development

• Information security training courses

Impact:• Enhance overall IT security and the

organization’s ability to safeguard sensitive data through controls

IT internal audit / staff augmentation

Providing our people to be managed by you.

Our services include the following:

• IT internal audit, and on- and off-shore sourcing

• Assist the organizations to develop the IT internal audit function

• Conduct the IT internal audit training courses

• Assess the effectiveness and efficiency in your IT internal audit and/or quality assurance functions

Impact:

• Improve competency and effectiveness of IT internal audit function

ERP controls and assurance

Helping companies enhance value derived from your investments in the ERP systems such as SAP and Oracle solutions by helping to achieve control objectives and minimize risk.

Our services include the following:

• Process improvement • SAP and Oracle Governance, Risk &

Compliance (GRC) strategy and implementation

• Control enhancements leveraging inherent system capabilities within the SAP and Oracle systems and SAP GRC modules

• SAP and Oracle security assessments and redesign

• Continuous access / control / data monitoring

• Control design and implementation

Impact:• Increase efficiency through ERP automated

controls

Data and reporting assurance

Providing you the ability to improve the value of your data and transform the information into actionable intelligence, you can look for consistently better results in the conduct of day-to-day business.

Our services include the following:

• Quantifiable assessment through data analysis

• Data governance framework development, data quality metrics definition

• Big Data solution selection• Forensic data analytics, data discovery and

eDiscovery• BCM Framework development, risk

assessment and business impact assessment, recovery strategy selection

Impact:

• Discover useful information to support

decision-making

Project assurance

Alignment of project scope with agreed business cases and stakeholder expectations can help achieve quick wins that built trust, credibility and momentum for success.

Our services include the following:

• ERP vendor selection• Contract negotiation assistance• Project management office• Quality Assurance services• ERP post implementation review

Impact:• Help organizations to increase their return

on investment

Business controls advisory

In today’s business ecosystem, IT and financial reporting environments are becoming increasingly complex, as even greater reliance is being placed on the information produced by these systems and processes. Improved data and information, standardized processes, common platforms and improved supply chains are just a few of the key drivers of this reliance. In addition, new regulations have laid a greater emphasis on internal controls and often require independent assurance of the effectiveness of internal controls.

Attention to the design, documentation and operation of controls is critical to ensure the accuracy and promptness of information used for financial reporting and management decision-making. Good business controls in and around your systems and processes are critical to ensure that your organization gets value from your investments with sustainable, effective and reliable controls.

Our professionals have deep industry knowledge and regulatory, technology and business process skills. We work closely with organizations to provide integrated end-to-end solutions and services. Our aim is to help our clients enhance value by mitigating risks to an acceptable level, and also ensuring that the control framework that is deployed is cost effective and efficient in terms of operational results.

2

Control design and effectiveness assessment

The assessments are across key operational and financial processes and also include documentation of internal control. This can include benchmarking against leading industry control templates.

Impact:

• Provide integration planning and program management• Improve data quality and integrity• Improve analytical reporting and business intelligence• Improve back office performance• Improve effectiveness and efficiency of controls• Improve information and communication process• Improve preventive and detective errors and frauds

Controls advisory (standardization,automation, integration and optimization)

Helping organizations in their design, implementation, testing and optimization of their internal control environment, including the provision of advice, analysis and improvement plans, in the context of business change and regulation to build internal controls that are cost effective, robust and reliable.

Impact:

• Improve optimization of internal control to address the most critical business risks

• Develop an internal control framework• Develop a risk management framework• Train personnel on Committee of Sponsoring

Organizations of the Treadway Commission (COSO) methods of documenting controls

Design and review of standard operating procedures

Our experienced team can help organizations standardize their business processes by building standard operating procedure manuals and policies aligned to PwC’s Global Best Practices ™. We also assist our clients to establish a periodic review calendar with policy and procedure manual updates to reflect the current operating environment.

Impact:

• Serve as framework for organizational policy – provide direction and structure

• Written documentation of best practice • Have foundation for:

• job descriptions• employee training• corrective action and discipline• performance review

Design and review of schedule of authority

A clear definition of accountability and responsibility is a critical success factor for any organization. Our teams have experience in building a business-friendly schedule of authority (SoA), which is not intended to be a restraint but rather a tool for expediting the decision making processes. We understand that every organization is unique.

Impact:

• Analyze the management's appetite for risk, the organizational structure, current internal control maturity and the nature and volume of transactions before laying down authority limits and protocols

• Clarify roles and responsibilities

9 10

Third party assurance using recognized standards e.g. ISAE 3402

Helping companies validate the accuracy of data including, and beyond, the financial statements. PwC is positioned to report on your company's controls and processes; and provide assurance beyond the financial audit. By utilizing non-financial statement reports, agreed upon procedures and customized attestations, PwC can provide additional solutions under the third party assurance (TPA) umbrella that are of great value and provide comfort accordingly.

Impact:

• Utilize non-financial statement reports to provide additional solutions to add value and provide comfort.

• Reduce the need for client audits/site visits.• Enable a competitive advantage through

transparent controls reporting.• Provide comfort over the completeness and

accuracy of information reported to stakeholders

Sustainability and climate change

We provide assurance related services of non financial information, such as carbon footprinting and environmental and social information reported into Corporate Social Responsibility (CSR) reports.

Climate change has emerged as one of the most important political and business issues of our time. We can help you understand which issues will have the greatest impact in your business, form a coherent strategy to address them, and then support you through the often complex organizational changes needed to put your strategy in place.

Impact:

• Add credibility to the published information in your sustainability or corporate responsibility report

• Provide an assessment of the quality of your management systems and performance data and/or to support your internal audit program

Commercial assurance

Helping clients to understand the real cost drivers and performance obstacles through an evidence-based review.

Implementing an effective contract re-negotiation or termination strategy.

Implementing effective contract deployment.

Focusing on purchase-to-pay processes and controls on service performance, cost control and continuous improvement.

Reviewing contract structures to ensure reward and pricing mechanisms fit the service or product and are driving the right behavior.

Improve operational efficiency and tighter demand management through enhancing delivery at lower cost.

Simplifying by removing unreliable evidence, inadequate knowledge or unnecessary complexity that may hamper decision making.

Billing compliance and invoice error recovery.

Impact:

• Improve the efficiency of operations and cost saving

Performance assurance

Regulations changing, new trends emerging, the growing global

population, demographic shifts, climate change and increasing

pressure on diminishing natural resources… all create a number of

risks facing businesses from many areas of operation.

Businesses that don't manage their relationships with stakeholders

actively and creatively fail to maximize revenues and control costs,

create excessive dependency and open their organizations up to a

multitude of risks. Building and maintaining trust has never been

more important. Getting value for money from these contacts,

ensuring effective performance and managing risk is an ongoing

challenge for most businesses, particularly in today’s economic

environment. Services and contractual charging regimes are often

complicated, difficult to understand and lack transparency. Reporting

on social and environmental issues has also become more important

than ever.

PwC’s performance assurance services offer an independent opinion

on how a company is responding to these risks. From established

services like ISAE 3402 controls reporting, to more innovative

assurance offerings, our performance assurance services help you

build trust in your systems and processes. We can help you

understand which issues will have the greatest impact in your

business, form a coherent strategy to address them, and then support

you through the often complex organizational changes needed to put

your strategy in place.

11 12

8

Business resilienceRisk management

An effective enterprise risk management capability enables management to drive greater clarity throughout the business and make better-informed decisions with confidence, thus transforming risk into opportunity.

Our services include the following:

• Enterprise-wide risk assessments• Risk remediation• Developing risk and control framework

assessment

Impact:

• Thorough understanding of enterprise-wide risk profile

• Alignment of risk programs, metrics, and functions with corporate strategy

• Consistent approach to identifying, analyzing, and responding to risk

• Risk management embedded across the business• Reduced surprises, fines and penalties

Business continuity

Enhancing the process for identifying, preventing and preparing for events that may disrupt business activities.

Our services include the following:

• Governance and compliance: ensuring BCM meets best practice as well as regulatory standards

• Crisis management• Business continuity strategy• Business recovery procedures• Awareness, training and testing

Impact:

• Reduce impact of business interruptions• Improved recovery times• Rapid availability of management decision

making• Continuity of operations and contingency plans to

address hazard specific issues• Improved employee and customer safety• Reduced risk of customer losses or brand impact• Balance cost benefit resumption plan

Fraud risk and controls

Prevention, detection, investigation and remediation of fraud risks

Impact:

• Safeguard brand value and individual professional reputation

• Protect revenue and assets

Regulatory compliance

Identifying, monitoring, and managing an organization's regulatory compliance responsibilities.

Impact:

• Avoid or recover from compliance failures• Enhance regulatory compliance• Anticipate compliance and regulatory

requirements• Support performance objectives, sustain value,

and protect the organizational brand

13 14

Companies are looking hard at what is needed to

better identify and manage all kinds of risks –

strategic, operational, financial, compliance or

reporting. As a result, robust risk management

processes have become a critically important tool

to assist companies gain a competitive advantage

over their peers.

We offer an integrated approach to risk and help

clients build a resilient and successful business.

This involves identifying and maximizing

opportunities, protecting reputation, mitigating

downside threats, designing and implementing an

optimized control environment and ensuring

compliance to statutory and regulatory norms.

Addressing the accounting and reporting implications of transactions

Design and implementation of an accounting framework for financial instruments in compliance with local GAAP, US GAAP and IFRS, advising on hedging strategies and the application of hedge accounting.

Impact:

• An impact assessment• Profit and loss volatility assessment, using

our modeling and valuation skills• Hedging strategy optimization• Valuation review (basis risk, IOS

valuation, commodity specifics and others)• IFRS convergence project

Optimizing treasury and cash governance, risk and effectiveness frameworks

Design and implementation of a framework for corporate treasury including policies, strategies, infrastructure, processes and methodologies for the treasury function. This also includes the review, benchmarking and restructuring of the treasury function such as payment factory, in-house bank, commodity trading, etc.

Impact:

• Alignment of treasury technology to your requirements

• Fast and efficient integration of systems into your processes

• Extensive treasury management knowledge and proven methodologies for system selections, and the business aspects of implementation

• Independence in choosing the system provider

Risk and controls advice on issues of working capital and cash management

Conception and implementation of processes and methods to identify, measure, analyze, report and manage FX, credit and interest rate risks and overall process improvement. Design and implementation of cash and liquidity management systems, including planning, management and reporting processes, simplification and advising on bank account structures, cash pooling, netting and payment factories, and improving working capital.

Impact:

• Helping clients manage their risks and control cash on the treasury function

• Cash is managed effectively from both a financial and tax perspective

Corporate treasury and commodity solutions

The recent global financial crisis has emphasized the importance of core treasury activities such as funding, cash management and financial risk management. These activities are critical during this period of market volatility and uncertainty, as the security of companies is a going concern. Apart from these day-to-day challenges, corporate treasuries are increasingly expected to contribute to shareholder value with sophisticated financial risk management strategies. Treasurers need to consider how to leverage their existing resources to optimize their operation in steering toward company goals and expectations.

Corporate treasuries operate in one of the world’s most open economies with its associated challenges in the financial and capital markets. These challenges must be met in an increasingly demanding compliance environment. More rigorous accounting standards and reporting requirements increase the stress on treasury resources at all levels. Our company provides an array of services across all aspects of treasury management. These services range from assisting firms to formulate strategic decision making frameworks (across all financial markets) through to the enabling of more efficient day-to-day processes.

15 16

For further information, please contact:

Ho Chi Minh City Hanoi

17 18

Richard PetersRisk Assurance Leader | PartnerPwC Vietnam+84 28 3824 0123richard.peters@pwc.com

Nguyen My HanhIT Risk Assurance | DirectorPwC Vietnam+84 28 3823 0796, Ext. 1604nguyen.my.hanh@pwc.com

Xavier PotierRisk Assurance Services | DirectorPwC Vietnam+84 28 3823 0796, Ext. 1010xavier.potier@pwc.com

Nguyen Tien ThanhIT Risk Assurance | Senior ManagerPwC Vietnam+84 24 3946 2246, Ext. 2037nguyen.tien.thanh@pwc.com

Nguyen Chi CuongRisk Assurance Services | Senior ManagerPwC Vietnam+84 24 3946 2246, Ext. 1005nguyen.chi.cuong@pwc.com