Governance, risk and compliance

In recent times there has been a paradigm shift in many economies in the way that corporate governance, business ethics, risk management and compliance are approached.

It is a shift that continues to be driven by demanding performance expectations, increasing stakeholder demands and growing public scrutiny after some spectacular failures around the globe.

Potentially, this is a highly positive development. An investment environment places a premium on solid performing businesses that are well-managed, conferring a competitive advantage on businesses that create and maintain a culture of “integrity-driven performance”.

If this is your situation

  • You need advice on Board and management performance and accountability.
  • You want to embed governance into the organisation.
  • You need to make informed risk taking, growth, innovation and development/options selection.
  • You are subject to market risk-exposure to FX, interest rates and commodity prices.
  • You need to conduct strategic risk-testing and analysis level of risk associated with selected strategies/options.
  • You need advice on Insurance, self-insurance and risk financing/treasury and hedging policy and practices.
  • You want to manage processes and mitigate inherent business risk.
  • You have an ever growing list of rules and regulations to comply with.
  • You want to create a culture where bad news rises and your people act to protect the "brand".
  • You want to free up valuable resource by de-layering add-on risk and compliance processes.
  • You want to reduce the incidents of failure.
  • You are experiencing a lack of clear and measurable KPI’s.
  • You need reliable and available data for internal and external reporting.
  • You need to achieve greater value for compliance spend.
  • You need to improve stakeholder and regulator relationships and communication.
  • You need to identify and address complaints and breaches of legislation and internal processes

PwC can help you

PricewaterhouseCoopers (PwC) can help you to identify, understand and manage risks, both upside and downside. We assist businesses in building forward looking governance and compliance programmes, controlling compliance infrastructures, measuring and monitoring ongoing governance and compliance practices and help build a culture of doing the right thing.

Services we provide include the following:


  • Design and implement governance frameworks and practices
  • Benchmarking and review of governance frameworks
  • Board structure and effectiveness assessment
  • Board and organisational training and coaching
  • Board reporting and oversight processes
  • Executive remuneration programmes and disclosure practices
  • Design of mechanisms to support a culture of compliance
  • Development of Corporate Social Responsibility frameworks, measurement and reporting

Managing Business Operations for Compliance Outcomes

  • Establishing a compliance mindset
  • Simplifying compliance’ by:
  • aligning compliance initiatives to business objectives
  • embedding compliance into business operations
  • leveraging technology
  • Compliance assessments
  • Design and implementation for risk management systems affecting business process and management
  • Change and programme effectiveness, as it relates to managing business operations for compliance outcomes

Compliance Monitoring and Reporting

  • Development of performance measures
  • Design or review of monitoring and testing programmes
  • Incident and enterprise compliance reporting
  • Review of compliance data

Compliance Cost Optimisation

  • Development of baseline data and business-aligned KPIs
  • Linking revenue and cost to reveal the net gain of compliance spend
  • Identifying compliance value drivers using Six Sigma (or similar) methodology
  • Cost identification and reduction

Incident Identification and Remediation

  • Identifying and addressing complaints and breaches of legislation and internal processes
  • Regulator liaison policies and procedures

Information Security Management

  • Infrastructure security reviews
  • Computer security reviews
  • Deploying a security framework
  • BS 7799:2 Certification

Systems and Process Assurance

  • Financial and operation applications/business process controls reviews
  • Database security controls reviews
  • IT general controls reviews
  • Third party assurance and opinion services
  • Sarbanes-Oxley readiness, process improvement and sustainability services
  • Compliance with other regulatory requirements (e.g., Turnbull, Basel II, King)
  • Pre- and post-implementation systems reviews
  • Project assurance services
  • SAS 70 controls review

Information Systems Penetration Testing

  • Internet connectivity penetration test (black box attack)
  • Firewall audit
  • LAN penetration test (internal attack)
  • Application controls audit