Governance, transparency and accountability reforms have dramatically changed today’s business environment. Organizations across the globe are navigating a proliferation of new standards and stakeholder expectations, and are challenged to do so in a way that supports performance objectives, sustains value and protects the organization’s brand. Further, investors are laying new claim to companies attracting capital, and domestic listing requirements have been tightened.
PricewaterhouseCoopers advises clients on increasing shareholder value by developing an integrated governance, risk and compliance function. In that context, PricewaterhouseCoopers helps clients create best practice risk management and internal audit functions, and advises clients on how to comply with the stock exchange requirements for internal controls dictated by, for example, the Sarbanes-Oxley Act, Section 404; the Combined Code and Basel II.
PricewaterhouseCoopers works in alliance with the Independent Directors Association, a 300-member professional organization uniting Russian and international corporate directors and experts in corporate governance, in support of the IDA’s mission: “To assist Russian public companies in improving their performance by implementing the best corporate governance practices.”
Benefits of having an integrated approach to GRC
Research shows that an integrated approach to governance, risk and compliance achieves:
1) the ability to apply ethics and values to increase business performance;
2) improved protection of the company brand;
3) a reduction of the cost of compliance;
4) an increased focus on stakeholder issues.
If this is your situation
You want to:
- Plan an IPO
- Improve stakeholder and regulator relationships, trust and communication
- Collect reliable and available data for internal and external reporting
- Comply with an ever-growing list of rules and regulations
- Improve your internal control environment
- Trust the data in your financial and management reports
- Enhance your internal audit function (including IT audit)
- Mitigate inherent business risk
- Integrate Governance, Risk and Compliance activities
- Embed governance into the organisation
- Connect activities to enhance the Board’s and, in particular, the Non-Executive Director’s overview of the business.
How PwC can help you
Compliance & Internal Controls:
- Prepare your company’s internal controls processes, systems and organization for a stock exchange listing
- Bring your company up to sustainable Sarbanes-Oxley compliance — from project to process
(To learn more about the situation, PricewaterhouseCoopers’ perspective, and our action plan to comply with Sarbanes-Oxley requirements in a cost-efficient manner, download this 
white paper (210 Kb).)
- Provide internal controls assessment and design for specific processes, such as Capital Expenditure and Financial Statement Close
- Provide internal controls assessment and design for the information technology environment
- Prepare your company for compliance with the Basel II, Combined Code and other regulatory requirements
- Conduct compliance diagnostics (for external and internal requirements)
- Simplify and integrate compliance functions
- Select the right tools and software for efficient, integrated governance, risk and compliance processes.
Internal Audit:
- Independent analysis and assessment of an existing internal audit department’s operations and strategy
- Creating an effective internal audit function that complies with the international professional standards of the Institute of Internal Auditors and best practices
- Development of a methodological basis for internal audit activities
- Training for your staff on internal audit and risk management issues
- Outsourcing or co-sourcing of internal audit projects, including IT audits
- Testing autometed application controls of your ERP systems (SAP, Oracle, Microsoft Dynamics, Scala, 1C etc.).
Information Technology Risk Management
- Assess and improve your organisation’s IT Company Level Controls including:
- Centralized IT organization
- IT strategy
- IT audit function
- IT steering commitee
- Assess and improve your organisation’s IT General Controls including:
- Control environment
- Logical access
- Change menegement
- Program operations
- Program development
- Assess and improve your organisation’s application autometed controls in order to reach:
- Accuracy
- Completeness
- Validity
- Authorization
- Segregation of duties.
Enterprise Risk Management (ERM):
- Assess your organisation’s current approach to risk management against global and industry peer group benchmarks
- Identify key risks affecting the execution of the business plan and assess the effectiveness of overall risk management
- Assess the risk management culture and how it may be improved and sustained within the business
- Improve the quantification and measurement of risks, risk probability and impact
- Identify and analyse risks that may affect the successful execution of a project or investment decision
- Assess the most appropriate strategy for managing risk — including consideration of balance sheet capacity for risk, alternative risk transfer mechanisms, insurance versus self-insurance, enhanced controls or other risk mitigating strategies
- Review the insurance and self-insurance strategies through risk finance and insurance assessments
- Provide complex risk framing and modelling, decision analysis/options analysis, and diagnostic review of corporate/enterprise risk frameworks
PricewaterhouseCoopers has authored COSO’s
Enterprise Risk Management–Integrated Framework. The framework provides a benchmark for organizations to consider in evaluating and improving their enterprise risk management processes. A companion document also authored by PricewaterhouseCoopers, Applications Techniques, provides examples of leading practices in enterprise risk management.
Governance:
- Design and implement governance frameworks and practices
- Benchmarking and review of governance frameworks
- Board structure and effectiveness assessment
- Board and organisational training and coaching.
