IT Governance, Risk and Compliance (IT GRC)

  • Does business understand how IT operates or what it can and cannot do within a certain time frame?
  • Is the IT organisation faced with dramatic change following a merger/acquisition?
  • Is there adequate view or control over IT spending, or are IT costs perceived to be too high?
  • Is there good understanding of IT related risk? Are IT related risks properly managed?

IT GRC ensures that …

  • Activities and functions of IT organisation(s) support objectives investments are maximised.
  • IT delivers envisioned benefits against the strategy, costs are optimised, and relevant best practises incorporated.
  • The optimal investments is made in IT and critical IT resources are responsibly, effectively and efficiently managed and used.

...for embedding IT GRC in the organisation

Some important issues:

Profitability

  • Firms with above-average IT governance performance had more than 20% higher profitability than firms with poor governance
  • Effective IT governance is the single most important predictor of the value an organisation generates from IT

Regulatory and industry requirements

  • Organisations need to satisfy quality, fiduciary and security requirements for information as for all other assets
  • Committee of Sponsoring Organisations of the Treadway Commission (COSO) defines widely accepted control framework for enterprise governance and risk management also requires a framework for control over IT
  • Sarbanes-Oxley, Basel II
  • Industry specific regulations
  • General call for greater transparency

PwC’s IT GRC Capabilities

  • IT controls assessment and measurement
  • IT governance
  • IT risk assessment / IT control benchmarking
  • IT audit training
  • IT internal audit outsourcing / co-sourcing
  • IT policy & procedure manual
  • ERP control and assurance
  • Data assurance

Top