Are third parties worth the risk for financial institutions? It’s a multibillion-dollar question when every week, yet another business interruption, data breach, or compliance failure seems to surface in the news. We believe the answer is “yes”—provided a firm takes the right approach to risk management. Ultimately, a robust third party risk management program may even make using third parties less risky than keeping those functions in-house.
This webcast explains how to address the demands of customers and regulators around PHI, and discusses the latest privacy, security, and third party reporting trends impacting organizations that operate in the healthcare spectrum.
In this year’s study of more than 1300 chief audit executives (CAEs), internal audit managers, members of senior management and board members, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.
In our 2015 Risk in review survey, over 1,200 global business leaders shared how they assess and manage risk in their markets. Results show that correctly managing business risks drives performance and revenue growth.
Our second article in the series, The Alignment Challenge - How Strategic is Your ERM Program? provides actions to refocus ERM programs to better integrate risk management activities with strategic priorities.
Watch a recording of our SAP GRC webcast to learn about a practical and proven approach to business role design. We walk you through a business role design methodology including strategic, risk, and technology considerations when implementing business roles.
An effective Enterprise Risk Management (ERM) assessment relies on a disciplined, continuous and business outcome focused approach. Challenges can come at any time during the risk assessment and preparation is key. With a proper understanding of the risks, a good communication strategy and process follow-through, the ERM assessment can be successful providing many benefits including contributing to the strategic and risk objectives of the organization.
The role of a Chief Risk Officer (CRO) has gained renewed interest within the federal government. A CRO can empower the agency to identify events that could negatively or positively impact the agency’s ability to meet its mission and objectives and to effectively manage the negative events, risks, while reaping the full benefits of the positive events, opportunities. In order to do this, the role must be established and implemented properly. PwC can help.
The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. The result is increased pressure on service providers to provide greater transparency over their controls, so that their customers’ have assurance over their vendor’s operations. PwC’s Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.
Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors’ operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.
Revenue recognition has routinely been viewed as one of the most difficult finance and accounting processes to get right. It represents one of the highest risks of material error on financial statements, and it is one of the leading causes of restatements. As companies move to the new standard, their compliance risk is likely to increase unless they have a well-planned, comprehensive approach to adoption.
Retailers are realizing that the strategic management of risk and the reduction of shrink can have substantial impact on both profitability and customer satisfaction. Savvy retailers are using data analytics to add value to their loss prevention and risk management programs. This paper outlines key ways retailers are building successful enterprise-wide loss prevention programs that apply data and analytics.
Join PwC and a panel of industry guests for a recorded webcast discussion on what organizations can be doing to enhance their Third Party Risk Management program governance, monitoring and compliance benefits.
Recalls can have a devastating impact on the operations and brands of retail and consumer companies. But companies that manage the recall process effectively can transform a potential crisis into a business advantage.
Over the years, thanks to the input of thousands of executives from a number of sectors and territories, we have gained significant insight into how organizations are addressing the evolving risk landscape. The findings are published in both PwC's State of the Internal Audit Profession Study and our Risk in Review Study.
Organizations often use customer information collected online to understand and effectively target consumers. This process requires not only the attention of the chief privacy officer, but also the chief marketing officer. Almost daily, news headlines underscore the importance of this with data breaches becoming commonplace. For consumers to provide complete and accurate information, they must know they can trust your organization.
Knowing how your advertising spend compares to that of your competitors is an important benchmark that allows you to save money; and using media auditing and benchmarking pools is the definitive way to do this. Or is it? It’s time to question the value of these pools.
With the COSO’s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time for companies to use the updated framework to evaluate the effectiveness of their systems of internal control over financial reporting. This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies’ systems of internal control over financial reporting.
Going public is a transformational event that pushes a company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.
The Global State of Information Security® Survey 2015 is a worldwide study by PwC, CIO, and CSO. Security breaches are on the rise, and it is no surprise to find that as the number of information security incidents continues to mount, so do financial losses. Survey respondents in 2014 report that the number of detected incidents soared to a total of 42.8 million, a 48% leap over 2013. This increase comes at great cost: Total financial losses attributed to security compromises increased 34% over 2013.
Successful investors continually look around the corner to anticipate the next challenge and the next opportunity, both today and tomorrow. And investors expect the companies they invest in to be similarly forward thinking. So what’s important to investors, and what do they expect of corporate directors? Our second annual survey takes a look.
As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.
The rise of trade-based money laundering presents direct financial, reputational, and compliance risk to the financial services companies, banks, and global trade organizations that provide and utilize trade finance. Financial firms can address these increased AML challenges by leveraging analytics and statistical transaction monitoring techniques to identify information, trends, connections, and anomalies indicative of trade-based money laundering schemes.
At the present time, no two developments in the insurance sector seem more entwined than risk and regulation, and nowhere is this interaction more evident than in developing regulatory expectations for insurers’ boards of directors. While regulators still seem far apart in their search for a single global capital regime, they are much closer to a consensus on terms of governance.
Being aware of risks is one thing; taking specific action to address them head on is another. Many companies have tended to look at risk management as something they should react to, rather than something that they should build into the company culture.
Organizational Conflicts of Interest pose reputational, legal, regulatory and financial risks - and they are very difficult to detect. Without resorting to overly intrusive procedures, how can organizations manage the risks posed by Conflicts? This white paper discusses some of those risk-mitigation techniques, and how they might apply in your organization.
The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.
Retail and consumer goods companies are experiencing greater levels of economic crime. Nearly half of respondents say their company has experienced this type of event in the last two years. By far the most commonly reported type of economic crime for the sector is asset misappropriation, while other common types of fraud included bribery and corruption, accounting fraud and cybercrime.
The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.
GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.
In the new norm, leak survey is no longer viewed simply as a compliance activity—it is integrated with risk assessment, work identification, and investment planning to transform integrity management and enhance pipeline safety.
Data protection and privacy is an urgent issue for both consumers and businesses. As customers increasingly worry whether their personal information is secure and used appropriately, companies are also concerned about protecting data and their brand. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses lead on data privacy by building customer trust and enhancing their brand.
Businesses depend on service providers to handle confidential data, run essential business processes, and manage critical technology. This can leave businesses vulnerable to service provider breakdowns. The result can be the providers’ clients violating regulations and even losing customer trust. Yet many businesses may know less than they realize about their service providers’ controls. This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.
What are the technical and reporting issues impacting retail and consumer products companies? PwC's Retail & Consumer KnowledgeBrief provides insights and summaries on restructuring comment letter trends and disclosure reminders, data protection, conflict minerals, the Patient Protection and Affordable Care Act, and more.
Whistleblower reform is having significant impact. The SEC’s Office of the Whistleblower has one full year of operation under its belt, and with it 3,001 tips and two awards to date. Leading companies are looking closely at the Office’s first-year report and drawing lessons for building stronger ethics and compliance programs. They’re also considering what it takes to create a highly ethical culture. This 10Minutes highlights the importance of having an ethical culture at the workplace.
On May 14, 2013, COSO published an updated Internal Control-Integrated Framework and related illustrative documents. This Dataline highlights noteworthy updates to the Framework, summarizes the purpose of the illustrative documents, and highlights key considerations for clients.
10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.
The acquisition of a business can have a significant impact on both the risk exposures and risk management strategies of the combined entity. In many cases, an acquirer’s financial risk exposure will increase as a result of the acquisition. However, there may be situations in which the acquiree’s operations reduce the acquirer’s current risk exposure. In any event, identifying potential changes in enterprise risks, creating an action plan to address them, and managing changes to risk management strategies post-acquisition are critical to developing short- and long-term solutions for integrating financial risk management considerations in an acquisition.