Governance, Risk & Compliance

Ensuring you do not lose your sleep over the ever increasing demands of Governance, Risk Management and Compliance

Your Challenges

Governance, transparency and accountability reforms which followed the corporate failures in recent years have dramatically changed today’s business environment. Today, organisations across the globe face new governance requirements, higher compliance standards and ever increasing stakeholder expectations.

Organisations need to integrate their GRC activities to protect and create value. In the past, both management and the Board have viewed GRC as isolated and separate functions. This has resulted in diluted accountability, communication breakdowns, redundancies and confusion. As stakeholders’ demand for integrity has increased, these gaps can impact the value of a business.

New definitions, requirements and standards are emerging, both internally and externally, forcing the Board and management to rethink their roles, responsibilities and the discrete relations between GRC activities.

Meeting Your Needs

PwC has assisted our clients across the region in various GRC activities, including:

Educate the Board and senior management on best practices in corporate governance and assist them in assessing their “as-is” and “to-be” governance practices.

Internal Audit
Provide outsourced/co-sourced internal audit services to evaluate the internal controls of entities and make recommendations to improve the overall state of internal controls and process efficiencies.

Assist organisations in implementing Control Self Assessments and continuous monitoring of key controls for major business processes.

Assess the effectiveness of our clients’ own internal audit functions and their compliance with The Institute of Internal Auditors’ (IIA) standards as a best practice.

SOX Compliance
Our dedicated SOX team can assist organisations in various phases of their SOX compliance efforts, from executing tasks ranging from project management, to scoping, documentation, validation, remediation and training. We also assist Japan-related organisations with their compliance efforts with Japan’s equivalent of SOX.

Statement of Auditing Standard (SAS) 70 Review
As more businesses use outsourcing facilities, we provide a service to give such businesses controls and comfort within the outsourced operations.

Enterprise Risk Management
We assist organisations with the development of an effective risk management framework and assist the Audit Committee assess the effectiveness of the existing risk management framework. Increasingly, this includes quantification of both financial and non-financial risks. Often this work results in us also providing services to review, assess and remediate businesses’ Business Continuity Plans.

Fraud Risk Management
There is a growing demand to help identify pressure points and opportunities for fraud as well as assess existing culture, management style, effectiveness and adequacy of systems and controls to prevent fraud. We also help to develop strategies to bridge the gap between the required controls and current position.

Technology Challenges
We leverage technology to help clients protect corporate information through threat and vulnerability management solutions, conduct security assessments and secure business through identity management solutions.

Business Continuity Planning
Our Business Continuity Planning (BCP) specialists help clients develop Business Continuity Management (BCM) frameworks and policies, perform risk and threat assessments, conduct business impact analysis, identify recovery strategies, develop and document crisis management, business recovery and IT disaster recovery plans, conduct training and testing of plans, develop BCM awareness programmes, and perform BCM readiness reviews.

Our Experience

Private Equity Group
- Internal Audit Review

We assisted a PE group in carrying out internal audit visits for the hotels which the group has invested in. Use of data analysis techniques in our recent reviews provided us with the right focus and the comfort that our work considered the entire population of events. Through our review, we highlighted many control observations which were very useful to the PE group in ensuring their assets are safeguarded.

Local Listed Company
- Transformation of Control Environment

We assisted a local listed company with multinational operations to transform its control environment over a period of three years. The group was beleaguered by numerous issues. Working closely with the client-appointed senior executives, we identified control gaps and improved control effectiveness and efficiency through our internal audit procedures.