IT Governance, Risk and Compliance (IT GRC)

  • Does business understand how IT operates or what it can and cannot do within a certain time frame?
  • Is the IT organisation faced with dramatic change following a merger/acquisition?
  • Is there adequate view or control over IT spending, or are IT costs perceived to be too high?
  • Is there good understanding of IT related risk? Are IT related risks properly managed?

IT GRC ensures that …

  • Activities and functions of IT organisation(s) support objectives investments are maximised.
  • IT delivers envisioned benefits against the strategy, costs are optimised, and relevant best practises incorporated.
  • The optimal investments is made in IT and critical IT resources are responsibly, effectively and efficiently managed and used.

...for embedding IT GRC in the organisation

Some important issues:


  • Organisations need to satisfy quality, fiduciary and security requirements for information as for all other assets
  • Committee of Sponsoring Organisations of the Treadway Commission (COSO) defines widely accepted control framework for enterprise governance and risk management also requires a framework for control over IT
  • Sarbanes-Oxley, Basel II
  • Industry specific regulations
  • General call for greater transparency

PwC’s IT GRC Capabilities

  • Automation of risk monitoring
  • Policy distribution and response
  • IT Controls assessment and measurement
  • IT Asset repository
  • Automated General Computer Control (GCC) collection
  • Remediation and exception management
  • Advanced IT risk evaluation and compliance dashboards
  • IT Governance
  • Controls and policy library