Building internal control in Support PFS

IT managers, CIOs/CISOs, IT security professionals, system administrators, IT auditors at Support PFS entities

This training session focuses on establishing and maintaining a robust IT internal control framework for Support PFS entities in Luxembourg. As organisations that provide critical support services to the financial sector, support PFS entities are heavily dependent on IT systems for their operations, making IT controls essential for operational resilience, data security, and regulatory compliance.

IT internal controls encompass the policies, procedures, and technical safeguards that ensure information systems operate reliably and securely. This session provides a practical, step-by-step approach to designing, implementing, and maintaining a comprehensive IT control framework tailored to the unique needs and resource constraints of Support PFS entities.

By the end of this training, participants will be able to:

• understand and apply IT control frameworks (COBIT, ISO 27001, NIST) to their organisations;
• design and implement IT general controls including access management, change management, and backup procedures;
• establish application controls and data protection measures;
• develop IT control monitoring, testing, and continuous improvement processes.

• Part 1 - Foundation:
  • IT control frameworks overview
  • IT governance structure and risk assessment
  • Control categories and design principles
• Part 2 - IT general controls
  • Access management and authentication
  • Change and release management
  • System development and acquisition controls
  • IT operations, backup, and disaster recovery
  • Patch and asset management
• Part 3 - Security controls
  • Network security and segmentation
  • Data protection and encryption
  • Application controls (input, processing, output)
  • Incident management
  • Cloud and third-party controls
• Part 4 - Monitoring and governance
  • Control monitoring and testing methodologies
  • IT audit preparation
  • Documentation and reporting
  • Implementation roadmap and best practices

This training is coordinated by Alexandru Victor Scarlat, Senior Manager at PwC Luxembourg.

• Alexandru Victor Scarlat is an experienced IT audit and risk management professional with nine years in the Risk Assurance Services department, specialising in providing assurance services to financial sector clients. His expertise includes internal and external IT audits, regulatory compliance reviews, IT application controls, and third-party risk assurance. Alexandru holds a Certified ISO 27001 Lead Implementer certification and is a member of the IT Infrastructure Library foundation (ITIL). He has led significant projects such as IT legal audits, ISAE/SOC report procedures, and CSSF IT regulatory compliance audits for major banks, focusing on regulatory adherence and operational security.