Integrity Is the Key
It is no longer surprising to read about once powerful and mighty corporations going into bankruptcy triggered by massive fraud and deception. Shareholders are now demanding business honesty and prudence in the discharge of corporate responsibilities. Regulatory agencies are promulgating stricter regulations, as well as prosecuting dishonest business executives. Without a doubt, these business events are also prompting the need for a more focused identification and management of business risks and the implementation of adequate business processes and systems that will protect and improve shareholder value and restore confidence in the corporate world.
We provide a full range of services to help companies to better manage risk and improve business processes. Our knowledge of regulatory requirements and the principles and practices of good governance, and strategic and business process risks and controls can help you improve your risk coverage and process support. Let us help you as you navigate through this important new business order.
Enterprise Risk Management
- Enterprise Systems Risk Management.
We assist in performing an assessment to help clients in identifying, assessing and prioritizing their key business risks across the organization. Through collaboration between us and the client, the following activities will occur:
- • Co-develop a preliminary risk profile and map to business objectives, strategies and processes
- • Customize the risk assessment criteria for use in assessing and prioritizing the key business risks
- • Survey select business area management and other key stakeholders to identify key business areas risks
• Conduct select interviews with corporate and business unit executives, and other key stakeholders to identify key
business risks across the organization
- • Facilitate a risk validation and prioritization session with executive management
- • Assist management in assessing the company’s risk management framework to summarize areas for improvement including the establishment of risk management oversight structure, with the roles and responsibilities of the key players
- Our professionals have led various risk management projects covering all aspects of an enterprise risk management framework, from risk assessment to full implementation. Our Enterprise Risk Management team is experienced in introducing risk management to a wide range of clients.
- Internal Audit Services.
We deliver services using our risk-based audit methodology and related audit tools. We provide a broader, more effective risk coverage and align available resources with the company’s strategic objectives and risk through the following services:
- • Internal Audit Outsourcing and Teaming. Audit is our core competency. Draw on our strength. Using our risk-based, processfocused audit methodology, we can deliver the full internal audit plan through outsourcing, or execute selected portions with a strategic teaming arrangement. We also assist in co-developing a strategic vision for the future that includes an action plan and timeline.
- • IA Transformation. If your internal audit function is good but could be better, let our expertise enable its transformation to leading edge. Specialized teaming services, knowledge sharing, and training could be part of your value-added solution.
- • IIA Quality Assessment/Functional Performance Assessment. We assist management to evaluate the effectiveness of the internal audit function and identify improvement opportunities considering the requirements embedded in the International Standards for the Professional Practice of Internal Auditing. In addition, we perform high level reviews on the current state of the internal audit function and compare them with leading practices and management expectations.
- Contract Risk Services.
We help clients understand the key legal and business risk factors associated with each Third Party and contract type and help the client to identify the areas of focus for the Third Party Audit Plan. We also help clients improve their contract management processes and systems, achieve better contract terms, and enhance supplier relationships. We work with the client to deploy and implement improvements to infrastructure, processes and/or controls. Upon completion, we assist the client in evaluating the project against its design objectives.
We also perform agreed-upon procedures related to attributes of a client’s contracts, related contract systems, processes, and controls, contract agreement structure and counterparty’s adherence to contract terms; and provide advisory services in connection with a contract, a portfolio of contracts, or review of related processes, systems and controls and adherence to contract terms on behalf of the client. We co-develop procedures with the client and perform compliance verification procedures through data extraction and analysis, systems review, and trend and industry analysis.
Risk Remediation. We assist clients on the design of improvements to processes and controls to help achieve their desired future state. To help with the design effort, we leverage our knowledge, including analytical and benchmarking tools, leading practices, and industry specific knowledge such as process maps and risk and controls matrices. Improvements typically take the form of revised processes and control activities as well as the related organizational and information systems re-alignment. We help develop a portfolio of risk issues to be addressed through the design and deployment of improvements. The starting points to develop this improvement portfolio may include a risk assessment or a priority list of remediation issues needing improvement that have been identified through internal control activities or through other advisory work.
We also assist clients to deploy the improvements to their programs, infrastructure, processes, and/or controls. We may work with the client to provide project oversight to help deploy these improvements. Upon completion, we provide the client with an evaluation of the project compared to its design objectives.
SOX/J-SOX Compliance. We perform an assessment of a client’s financial reporting risks and controls regulated by the Sarbanes-Oxley Act of 2002 (SOX 404) and the Japanese Financial Instruments and Exchange Law (J-SOX), and evaluate financial reporting risks and controls across the enterprise in markets regulated by SOX 404 and the J-SOX Law. We also assist them to evaluate the operating effectiveness of internal controls over financial reporting, evaluate control deficiencies and formulate appropriate action plans across the enterprise in markets regulated by SOX 404 and the J-SOX Law.
Climate Change and Sustainability. We assist our clients to respond to issues such as climate change, transparency, ethics, human rights, human resources and the environment through the following services:
- • Corporate Responsibility and Sustainability Reporting — Assisting in the development, production and evaluation of clients’ external sustainability and corporate responsibility reports, benchmarking of sustainability reports to provide feedback to clients on areas for improvement in non-financial reporting and sustainability strategy and determining critical success factors and non-financial metrics to monitor implementation of action plans and overall sustainability performance.
- • Climate Change Services — Undertaking climate change risk assessments for clients that consider various future scenarios and the subsequent exposure of global assets, benchmarking approaches to carbon risk strategy and assisting companies in establishing appropriate risk responses, including the development of a carbon and energy strategy.
- • Sustainability Risk Advisory — Assistance in the identification, management and monitoring of a broad range of sustainability and health, safety and environmental (“HSE”) risks.
- • Sustainability Market Advisory — Assistance in the identification and leverage of market opportunities in order to improve organizational and operational performance.
Third Party Reporting. We help companies enhance their communication and relationships with their business partners and stakeholders by providing independent assurance as to the fairness of management statements and representations. Specifically, we help companies:
- • Establish trust in its processes and practices with current business partners and convert potentialbusiness partners to new partners
- • Re-establish trust when a relationship has been damaged by failure to meet business partner expectations regarding business processes and practices
- • Improve transparency of business processes, thereby reducing or eliminating the need for business partner audits and inspections by the auditors of the business partners
• Comply with regulations and assist business partners to comply with regulations
- • Service Organization Reporting. We provide independent assurance to the fairness of management statements and representations and assist companies to establish trust, improve transparency and comply with regulations. The objective of a Service Organization examination is to provide user auditors and user organizations with sufficient information about the controls at a service organization to provide an understanding of those controls and conclude on the operating effectiveness of controls.
- • Trust Services. We communicate assurance around certain attributes of a company’s systems and processes (e.g., security, availability, reliability, privacy, confidentiality). It includes engagements provided under:
- • The International Standard on Assurance Engagements (ISAE 3000)
- • International Standards on Related Services 4400 Engagements to Perform Agreed-Upon Procedures
- It also includes engagements to provide assurance services related to ISO standards and other similar frameworks.
Application Controls and Security (AC&S). AC&S is a suite of highly customizable service offerings capable of addressing broad business and IT issues or focusing on specific areas of ERP risk and controls, depending on the company’s needs.
AC&S services provide a means to assess, improve, and monitor the risk and control environment surrounding the company’s ERP environment by:
- • Mitigating and reducing risks associated with designing, building, implementing, maintaining and upgrading ERP systems
• Establishing and maintaining a highly controlled ERP environment, improving process effectiveness, securing ERP infrastructure and properly implementing and maintaining process controls
We assess the company’s business process, related IT application (Enterprise Resource Planning [ERP] or stand-alone application), and related IT general controls to identify potential risks related to controls. The scope of the assessment can range from the complete business process (e.g., purchase-to-pay) to a component of the process (e.g., vendor setup). The assessment may just relate to the IT applications or specific modules of an application supporting the process, which may be a stand-alone or a comprehensive ERP application (e.g., IT-dependent manual controls, application controls), IT system configurations or security design. The assessment may include or be limited to IT general controls for the infrastructure supporting a process or application (e.g., operating system, network, database, change management, information security).
The assessment provides a gap analysis that provides recommendations to help companies develop improvements that appropriately mitigate risk based on the company’s risk tolerance and other factors. Approach is designed to achieve appropriate mix of manual and automated controls within a packaged ERP environment or stand-alone application related to the system’s processes, configurations and security to determine whether effective manual, application or IT-dependent manual controls are in place to mitigate the identified risks.
Information Security. We perform an assessment of a component of a company’s Information Security program to identify potential risks related to controls. The scope of the assessment can range from the complete Information Security program to determine security management effectiveness using ISO 27002 as the baseline standard, or one or more components of the program. Scope of the assessment may include security system configurations, security policy and standards, web-based application reviews, and attack and penetration reviews.
Information Security assessments typically address one or more of the following:
- • Business Continuity — An assessment of the company’s Business Continuity Planning (BCP). We define BCP as an ongoing process providing integrated continuity and recovery capabilities for the successful and continuous delivery of critical services and products.
- • Incident Response Program — An assessment of the company’s incident response program with respect to program measurements for reporting and responding to security incidents that may adversely impact the organization’s reputation, financial position, intellectual capital, safety, assets, operations or confidential information.
- • Information Security — An assessment of the company’s information security management effectiveness using ISO 27002 as the baseline standard.
- • Network Security — An assessment of the company’s operating effectiveness of the controls that support the Network Infrastructure. This includes the company’s internet, intranet, dial-up and wireless networks.
- • Web Application Security — An assessment of the company’s Web Application Security. The scope of these assessments includes either a Black Box security review (unauthorized and legitimate user test) or a Grey Box review (adds a source code review to the Black Box steps).
- The assessment provides a gap analysis that provides recommendations to help companies develop improvements that appropriately mitigate risk based on the company’s risk tolerance and other factors.
IT Effectiveness Assessment. We perform an assessment of the aspects of company’s IT strategic alignment, governance, operations and performance to identify targeted risks and potential opportunities for improvement. Broad IT Effectiveness Assessments provide a sufficient breadth of analysis to permit findings and recommendations regarding IT strategic alignment to be developed as well as to lay the foundation for a balanced IT scorecard. Focused IT Effectiveness Assessments can help a company address a priority issue or need, but do not provide a sufficient breadth of analysis to permit findings or recommendations regarding IT strategic alignment to be developed.
Assessment-oriented engagements are generally high level reviews of the current state to confirm control design effectiveness or compare current state to leading practice (e.g., a gap analysis).
Information Management Analysis Services. We perform an assessment of the current state of the company’s information management and analysis capabilities and provide recommendations for improvement. Evaluate existing infrastructure, policies, procedures, standards, tools and enablers at either an organization, functional area, program or project level (depending on the scope of the engagement) for one or more of the following:
- • Data Quality — Analytic procedures designed to examine whether data is in compliance with business rules, policies, or standards.
- • Data Governance — Framework to maintain the accessibility, auditability, availability, compliance, consistency and integrity of data.
- • Data Warehouse — Systems and processes to support the long-term use and storage of data to support the business objectives and reporting.
- • Data Conversion — Strategy, procedures or tools to perform the conversion of data from source to target system or systems.
- • Master Data Management — Framework for the management of Master Data (e.g., vendor master, item master) and the business rules for updates and changes to these critical data resources.
- • Data Reconciliation — Data comparison from production systems to identify anomalies between the systems.
• Analytics Enablement
- • Framework to analyze data and trends to make effective business decisions, enhance performance, manage risk and improve control
- • Investment, deployment and usage in appropriate business intelligence tools and software
- Enterprise Systems Risk Management.
- Supply Chain & Operations.
Even world class supply chains must constantly evolve to keep pace with new market pressures. In the Supply Chain competency, we focus on assisting our clients with:
- • Rapid Assessments of supply chain processes and benchmarks and identifying improvements
- • Procurement Transformation to assess the current and desired level of procurement maturity, define the procurement strategy and implement the strategy
- • Tax Effective Supply Chain Management to integrate effective tax strategy and planning into supply chain changes to gain operating, tax and cash flow benefits
- • Process Transformation to streamline core end to end processes, leverage sources of competitive advantage, deliver sustainable benefits and transfer the capability to self improve
- Operational Performance Solutions. We can provide you with structured and integrated resources and tools on an industry basis, bring the right people armed with relevant knowledge and technology to review highly specialized processes, and deliver proven solutions in the areas of Supply Chain and Operations Management.
- Supply Chain Transformation. We offer a broad-based set of services designed to address change and performance improvement for the client’s supply chain. A full-scale transformation assignment would address key aspects of Supply Chain Transformation. Components include supply chain direction and support transformation, procurement transformation, operations transformation, fulfillment transformation, service transformation, and product lifecycle management transformation.
- Finance Transformation/Shared Services Centers. We assist the client’s development of a shared services strategy and conceptual model. Based on its direction, we assist the client to design, build and implement a shared services operating model leveraging our extensive experiences. For clients with existing shared services operations, we assist the client to improve and implement changes for one or more finance processes in their shared services operating model. We assist in designing and implementing continuous monitoring activities within client’s shared services operating model.
Employment Solutions. SGV/Ernst & Young’s Global Employment Solutions practice helps organizations improve the value of their investment in people by optimizing performance, reducing costs, and limiting risks. Our services include:
- • Organization Effectiveness. We assist companies in effectively managing employees by drawing up organization structures anchored on business strategies, designing jobs with clear duties and responsibilities and reporting relationships, and determining appropriate staffing patterns.
- • Performance Management. We provide professional services on specific human resource systems that enhance employee performance such as job evaluation, competency modeling, performance management, and compensation and benefits.
- Supply Chain & Operations.
Financial Services Risk Management
Quantitative Advisory Services
- Valuation Policy Review. We perform assessment of the impact of changes in the valuation policy and help implement any such change to front, middle and back office processes.
- Valuation and Pricing Advisory Services. In addition to plain vanilla instruments, we value complex derivative instruments ranging from bonds with embedded options, “swaptions”, barrier options, credit default swaps, total return swaps and CDO products. We also incorporate CVA and DVA in our valuation and we have subject matter experts on IFRS 13.
- Employee Share Option Pricing. We determine and review the fair value of employee share options according to the requirements of IFRS 2.
- Hedge Effectiveness Assessment. We advise clients on hedge effectiveness calculations to comply with international accounting standards; including the review, development and implementation of models to prove and measure retrospective and prospective hedge effectiveness.
- Market and Liquidity Risk Validation. We review the reasonableness of Value-at-Risk (VaR), Earnings-at-Risk (EaR), Economic Value of Equity (EVE) and Maximum Cumulative Outflow (MCO) models for risk management.
- Credit Risk Validation and Modelling. We perform both validation and development of credit risk rating models including Probability of Default (PD), Loss Given Default (LGD) and Exposure at Default (EAD) models following Basel, IFRS 9 and relevant Bangko Sentral ng Pilipinas (BSP) guidelines.
- Pricing Models Review and Validation. We work with clients to assess the reliability, accuracy and consistency of valuation, pricing and risk models to gain a clearer understanding of their strengths and weaknesses.
- Statutory and Regulatory Gap Analysis. We leverage our industry expertise and professional and technical knowledge to communicate recommendations on improving the statutory and regulatory reporting of insurance companies, and to assist in the transition from the current regulation to any changes or improvements.
- Embedded Valuation and Pension Review. We utilize our industry knowledge to recommend valuation strategies for clients. We perform review and valuation of in-force business and future business. We also perform review and test actuarial assumptions and output for pensions liabilities.
Risk and Capital
- Risk and Capital Risk & Capital Modelling. We work with clients to design models and methodologies that help managers better understand key risk drivers for risk capital and the methodologies that may be employed to estimate the required capital amount.
- Asset Liability Management – Fund Transfer Pricing. We aid managers in the development and use of transfer pricing methodologies that may be utilized in a broader economic capital and risk adjustment performance measurement framework.
- Basel Requirements. We assist in ensuring our clients’ compliance with regulatory guidance provided within the Basel Capital Accord regarding internal capital adequacy procedures, stress testing, and scenario analysis.
- Economic Capital Framework Development. We assist in the development of an economic capital framework, overall corporate governance structure and management reporting, using our professional knowledge in the relevant assumptions and methodologies.