Governance, risk and compliance, and internal audit

Today’s rapidly changing business and regulatory environment requires rethinking about risk in new ways. Management is constantly struggling with increasingly demanding regulatory requirements exerted by the government while optimising governance structure, to build trust, drive efficiency and remain competitive.

Taking an innovative approach to managing and enhancing your GRC and IA activities can help you seize opportunities, stay a step ahead of uncertainty, and meet stakeholder expectations.

We bring the full range of the network’s specialty skills and industry experience to provide you with the confidence and insights you need as you execute.

How we can help

1. Corporate governance
2. Compliance management
3. Risk management
4. Fraud assurance
5. Internal controls advisory
6. Internal audit solutions

Corporate governance

Helping you design a contemporary and effective governance framework to cope with the corporate governance regulatory changes, and demonstrate the role of boards of directors as true representatives of the company’s ultimate owners.

Our services include:

• Board effectiveness / governance reviews
• Governance framework reviews
• Design and implementation of governance and compliance structures and frameworks

Compliance management

Shifting compliance activities from having high costs on customer experience, finances and culture to building trust, enhancing resilience and supporting competitive advantage, enabled by leveraging advanced GRC technology and data analytics tools, including third-party compliance and outbound compliance.

Our services include:

• Providing a complete compliance assessment based on PwC’s long-proven framework and risk assessment methodology;
• Providing a process improvement advisory in response to the compliance assessment results;
• Executing compliance audit and gap analysis to find out major gaps in organisation or those in their business parties;
• Sharing insight in recommendations for identified gaps and assisting to re-design and implement policies for key processes;
• Developing compliance management system to ensure your controls operate to support local governance and regulatory reporting needs; and
• Delivering compliance training to management and staff to effectively raise people’s awareness of compliance.

Risk management

Based on the latest COSO’s Enterprise Risk Management (ERM) Framework (2017) embedding management mechanisms that proactively identify, measure, prioritise and manage risk to provide leaders with valuable insight they need to make informed decisions.

Our services include:

• Helping establish strong risk governance in all business areas;
• Providing support in developing methodologies, policies and procedures to help run your own risk management processes;
• Supporting / coaching your risk committees (at management or board levels) including developing their terms of reference;
• Running risk workshops with the management team to facilitate brainstorming and develop organisation’s risk profile;
• Interviewing your staff in order to develop a company's risk register;
• Developing Key Risk Indicators (KRI's), and risk tolerance statements for Business Units;
• Developing your risk appetite statement;
• Advising you on ways to get more value from your existing ERM process;
• Injecting challenge into decision-making as part of making risk appetite real.

Fraud assurance

Establishing a robust anti-fraud framework to provide comfort for stakeholders and enhance management monitoring, including fraud review, post-remediation and process re-engineering to improve internal controls to prevent fraud incidents from recurring.

Our services include:

• Identifying possible fraud scenarios through the facilitation of fraud workshops that can help to determine where fraud is likely to occur;
• Performing a maturity assessment of your anti-fraud framework and reviewing your business against our list of potential fraud "red flags";
• Once a fraud has been identified and the investigations completed, our internal controls specialists can also help remediate and re-engineer the process to reduce the chances that the problem will recur.

Internal controls advisory

A timely review of your processes and controls to help ensure their designs continue to address your needs and risks, and ensure their efficiency and effectiveness.

Our services include:

• Developing strong board and management processes to enable effective governance;
• Guiding management to develop a clear "tone from the top";
• Measuring and monitoring your control culture;
• Ensuring your processes incorporate expected levels of key controls;
• Documenting your process flows and controls needed to support US SOX, C-SOX and any other relevant regulations;
• Leveraging cutting-edge technology to provide 24/7 review of key processes to identify issues (i.e. continuous monitoring);
• Developing monitoring systems to ensure your controls operate to support local governance and reporting needs;
• Delivering internal controls training to management and staff.

Internal audit solutions

Delivering confidence and insight in equal measure and to the highest standard. Driving internal audit innovation by merging the skills and experience of people with a robust, leading edge internal audit approach and state-of-the-art technologies, including IA outsourcing, co-sourcing and advisory services.

Outsourcing service

• Providing ongoing access to a PwC Partner/Director who will be respected at senior levels to translate the needs of the Board / Audit Committee into reality, as well as to provide independently robust challenge and insight;
• Implementing a world class Internal Audit methodology;
• Developing meaningful metrics to measure performance and reporting mechanisms tailored to your needs;
• Establishing an optimum resourcing model with access to staff resources with depth and breadth of Internal Audit / industry / geographical coverage as and when required — thus moving from a fixed overhead cost to a variable cost model.

Co-sourcing service

• Providing ongoing access to a team of leading PwC Internal Audit specialists who will advise you on how best to translate the needs of the Board/Audit Committee into reality, whilst providing you with valuable, independent challenge and insight;
• Advice as appropriate on how to implement best practice in relation to Internal Audit methodology, tools and techniques;
• Providing industry knowledge and expertise to deliver a market leading Internal Audit service benchmarked against the best in the world;
• Providing the best resources to meet your changing needs with unrivalled depth and breadth of Internal Audit, industry, and geographical coverage as and when required.

Internal audit advisory

Advisory is focused on providing insight needed to support you in times of change and when there is heightened risk. Our capabilities can be divided into three broad categories: Internal Audit function set up and development (including key foundational areas such as planning, methodology, training, quality assurance and the Internal Audit “brand”); Internal Audit transformation; and External Quality Assessments.