Risk management

  • Significant others: How financial firms can manage third party risk

    5/18/15 | Financial Services Institute

    Are third parties worth the risk for financial institutions? It’s a multibillion-dollar question when every week, yet another business interruption, data breach, or compliance failure seems to surface in the news. We believe the answer is “yes”—provided a firm takes the right approach to risk management. Ultimately, a robust third party risk management program may even make using third parties less risky than keeping those functions in-house.

  • Webcast
    The broad impacts of PHI: Addressing the demands of customers and regulators webcast - May 28, 2015

    Risk Assurance

    This webcast explains how to address the demands of customers and regulators around PHI, and discusses the latest privacy, security, and third party reporting trends impacting organizations that operate in the healthcare spectrum.

  • 2015 State of the Internal Audit Profession - Finding true north in a period of rapid transformation

    5/1/15 | Internal audit services

    In this year’s study of more than 1300 chief audit executives (CAEs), internal audit managers, members of senior management and board members, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

  • The extra mile: Risk, regulatory, and compliance data drive business value

    4/28/15 | Financial Services Institute

    Want to enhance business value while responding to risk, compliance, & regulatory needs? Learn how to go the extra mile.

  • Cyber: Think risk, not IT

    4/14/15 | Financial services regulatory practice

    Upcoming exams will dig deeper and result in more MRAs.

  • Risk in review: Decoding uncertainty, delivering value

    4/14/15 | Risk Assurance

    In our 2015 Risk in review survey, over 1,200 global business leaders shared how they assess and manage risk in their markets. Results show that correctly managing business risks drives performance and revenue growth.

  • The alignment challenge: How strategic is your Enterprise Risk Management (ERM) program?

    4/8/15 | Risk Assurance

    Our second article in the series, The Alignment Challenge - How Strategic is Your ERM Program? provides actions to refocus ERM programs to better integrate risk management activities with strategic priorities.

  • Webcast
    Access request in high gear! How one-stop-shop business roles can help accelerate user provisioning in SAP webcast

    Risk Assurance

    Watch a recording of our SAP GRC webcast to learn about a practical and proven approach to business role design. We walk you through a business role design methodology including strategic, risk, and technology considerations when implementing business roles.

  • Video
    Compliance and the new COSO Framework: A principles-based compliance program

    3/17/15 | Forensic services

    PwC's Kristin Rivera and Glenn Ware discuss a principles based compliance program with Adrian Mebane, VP of Global Ethics & Compliance at The Hershey Company.

  • Video
    Compliance and the new COSO Framework: Fraud Risk vs. Fraud Threat

    3/17/15 | Forensic services

    PwC's Kristin Rivera and Glenn Ware discuss Fraud Risk Vs. Fraud Threat with Adrian Mebane, VP of Global Ethics & Compliance at The Hershey Company.

  • Video
    Compliance and the new COSO Framework: Defining today’s regulatory landscape

    3/17/15 | Forensic services

    PwC's Kristin Rivera and Glenn Ware; along with Adrian Mebane, VP of Global Ethics & Compliance at The Hershey Company, discuss fraud's material impact on financial reporting.

  • Video
    Compliance and the new COSO Framework: Aligning Fraud Risk Assessment with your ERM

    3/17/15 | Forensic services

    PwC's Kristin Rivera and Glenn Ware; along with Adrian Mebane, VP of Global Ethics & Compliance at The Hershey Company, talk through aligning Fraud Risk Assessment with ERM.

  • Video
    Compliance and the new COSO Framework: An appropriate response

    3/17/15 | Forensic services

    PwC's Kristin Rivera and Glenn Ware discuss appropriate risk response with Adrian Mebane, VP of Global Ethics & Compliance at The Hershey Company.

  • Video
    Compliance and the new COSO Framework: Expanding the definition of fraud

    3/13/15 | Forensic services

    PwC's Kristin Rivera and Glenn Ware discuss the expanded definition of Fraud in the COSO Framework with Adrian Mebane, VP of Global Ethics & Compliance at The Hershey Company.

  • Why risk assessments fail
    Steps to a successful enterprise risk management assessment

    3/13/15 | Risk Assurance

    An effective Enterprise Risk Management (ERM) assessment relies on a disciplined, continuous and business outcome focused approach. Challenges can come at any time during the risk assessment and preparation is key. With a proper understanding of the risks, a good communication strategy and process follow-through, the ERM assessment can be successful providing many benefits including contributing to the strategic and risk objectives of the organization.

  • The CRO Agenda: The Role of the Federal Chief Risk Officer

    3/2/15 | Public Sector Research Centre

    The role of a Chief Risk Officer (CRO) has gained renewed interest within the federal government. A CRO can empower the agency to identify events that could negatively or positively impact the agency’s ability to meet its mission and objectives and to effectively manage the negative events, risks, while reaping the full benefits of the positive events, opportunities. In order to do this, the role must be established and implemented properly. PwC can help.

  • The CRO Agenda: Articulating the Value of Enterprise Risk Management

    3/2/15 | Public Sector Research Centre

    With a rise in uncertainty and an increasingly complex government mission, effective risk management has become critical to the success of federal agencies.

  • Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

    2/24/15 | Risk Assurance

    The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. The result is increased pressure on service providers to provide greater transparency over their controls, so that their customers’ have assurance over their vendor’s operations. PwC’s Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

  • SOC 2 and 3: Building customer trust through controls reporting

    2/24/15 | Risk Assurance

    Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors’ operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

  • Transitioning to the new revenue recognition standard An integrated approach to leveraging your SAP investment

    2/23/15 | Advisory services

    Revenue recognition has routinely been viewed as one of the most difficult finance and accounting processes to get right. It represents one of the highest risks of material error on financial statements, and it is one of the leading causes of restatements. As companies move to the new standard, their compliance risk is likely to increase unless they have a well-planned, comprehensive approach to adoption.

  • Empower loss prevention with strategic data analytics

    2/9/15 | Risk Assurance

    Retailers are realizing that the strategic management of risk and the reduction of shrink can have substantial impact on both profitability and customer satisfaction. Savvy retailers are using data analytics to add value to their loss prevention and risk management programs. This paper outlines key ways retailers are building successful enterprise-wide loss prevention programs that apply data and analytics.

  • Webcast
    Significant Others - Risks and Rewards of Third Party Business Relationships

    Risk Assurance

    Join PwC and a panel of industry guests for a recorded webcast discussion on what organizations can be doing to enhance their Third Party Risk Management program governance, monitoring and compliance benefits.

  • Webcast
    Pave the way: Build a value driven SAP roadmap

    Risk Assurance

    We invite you to watch PwC's SAP GRC webcast to learn about leading practices in building a business case and a roadmap for your GRC program and technologies.

  • Are you prepared to protect your brand? Enhance your product recall process

    12/9/14 | Risk Assurance

    Recalls can have a devastating impact on the operations and brands of retail and consumer companies. But companies that manage the recall process effectively can transform a potential crisis into a business advantage.

  • If you hold a C-Suite title then PwC invites you to participate in our annual State of the Internal Audit Profession and Risk in Review Survey

    11/20/14 | Risk Assurance

    Over the years, thanks to the input of thousands of executives from a number of sectors and territories, we have gained significant insight into how organizations are addressing the evolving risk landscape. The findings are published in both PwC's State of the Internal Audit Profession Study and our Risk in Review Study.

  • Cure for the common culture: How to build a healthy risk culture

    11/19/14 | Financial Services Institute

    What does it take to build a sustainable risk-resistant culture? We surveyed global banking leaders to find out.

  • The CMO’s role in privacy: Are your marketing programs affecting your brand?

    11/10/14 | Risk Assurance

    Organizations often use customer information collected online to understand and effectively target consumers. This process requires not only the attention of the chief privacy officer, but also the chief marketing officer. Almost daily, news headlines underscore the importance of this with data breaches becoming commonplace. For consumers to provide complete and accurate information, they must know they can trust your organization.

  • Rethinking media auditing and benchmarking pools

    11/10/14 | Risk Assurance

    Knowing how your advertising spend compares to that of your competitors is an important benchmark that allows you to save money; and using media auditing and benchmarking pools is the definitive way to do this. Or is it? It’s time to question the value of these pools.

  • Present and functioning: Fine-tuning your ICFR using the COSO update

    11/7/14 | Risk Assurance

    With the COSO’s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time for companies to use the updated framework to evaluate the effectiveness of their systems of internal control over financial reporting. This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies’ systems of internal control over financial reporting.

  • Fortified for success - Building your company’s risk, controls and compliance ecosystem, for the IPO and beyond

    11/5/14 | Risk Assurance

    Going public is a transformational event that pushes a company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company’s critical risks and controls, both pre-and-post IPO.

  • The Global State of Information Security Survey 2015

    10/23/14 | Advisory services

    The Global State of Information Security® Survey 2015 is a worldwide study by PwC, CIO, and CSO. Security breaches are on the rise, and it is no surprise to find that as the number of information security incidents continues to mount, so do financial losses. Survey respondents in 2014 report that the number of detected incidents soared to a total of 42.8 million, a 48% leap over 2013. This increase comes at great cost: Total financial losses attributed to security compromises increased 34% over 2013.

  • How investors are shaping corporate boards today and into the future

    10/22/14 | PwC Investor Resource Institute

    Successful investors continually look around the corner to anticipate the next challenge and the next opportunity, both today and tomorrow. And investors expect the companies they invest in to be similarly forward thinking. So what’s important to investors, and what do they expect of corporate directors? Our second annual survey takes a look.

  • Metrics by design - A practical approach to measuring internal audit performance

    10/1/14 | Risk Assurance

    As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

  • Goods gone bad: Addressing money-laundering risk in the trade finance system

    10/1/14 | Risk Assurance

    The rise of trade-based money laundering presents direct financial, reputational, and compliance risk to the financial services companies, banks, and global trade organizations that provide and utilize trade finance. Financial firms can address these increased AML challenges by leveraging analytics and statistical transaction monitoring techniques to identify information, trends, connections, and anomalies indicative of trade-based money laundering schemes.

  • Insurance board of directors' risk responsibilities: Guidance from global regimes

    9/30/14 | Insurance

    At the present time, no two developments in the insurance sector seem more entwined than risk and regulation, and nowhere is this interaction more evident than in developing regulatory expectations for insurers’ boards of directors. While regulators still seem far apart in their search for a single global capital regime, they are much closer to a consensus on terms of governance.

  • The new digital ecosystem reality: Managing risk to enable strategy

    9/24/14 | Technology

    Being aware of risks is one thing; taking specific action to address them head on is another. Many companies have tended to look at risk management as something they should react to, rather than something that they should build into the company culture.

  • Is your organization conflicted?

    9/16/14 | Advisory services

    Organizational Conflicts of Interest pose reputational, legal, regulatory and financial risks - and they are very difficult to detect. Without resorting to overly intrusive procedures, how can organizations manage the risks posed by Conflicts? This white paper discusses some of those risk-mitigation techniques, and how they might apply in your organization.

  • Managing the Shadow Cloud - Integrating cloud governance into your existing compliance program

    9/10/14 | Risk Assurance

    The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.

  • EU Data Protection Reform The challenges and benefits of compliance for businesses

    7/31/14 | Risk Assurance

    The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

  • PwC Cash Investment Survey Report

    7/10/14 | Advisory services

    Survey results identified trends in corporate cash investment management practices and highlighted potential opportunities for improvement.

  • Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study

    6/2/14 | Risk Assurance

    GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

  • Beyond compliance: Creating a new norm in gas pipeline leak management

    5/28/14 | Power & utilities

    In the new norm, leak survey is no longer viewed simply as a compliance activity—it is integrated with risk assessment, work identification, and investment planning to transform integrity management and enhance pipeline safety.

  • Cure for the Common Culture: Building Effective Risk Cultures at Financial Institutions

    4/15/14 | Financial Services Institute

    What are the best ways for financial services firms to establish an effective risk culture? We share some tips to keep your culture clean and clear of regulatory risk.

  • 10Minutes
    10Minutes on data privacy

    2/26/14 | Advisory services

    Data protection and privacy is an urgent issue for both consumers and businesses. As customers increasingly worry whether their personal information is secure and used appropriately, companies are also concerned about protecting data and their brand. This 10Minutes highlights the importance of viewing consumer privacy from more than just a compliance lens and developing a strategy and action plan that will help businesses lead on data privacy by building customer trust and enhancing their brand.

  • 10Minutes
    10Minutes on service provider transparency

    12/10/13 | Risk Assurance

    Businesses depend on service providers to handle confidential data, run essential business processes, and manage critical technology. This can leave businesses vulnerable to service provider breakdowns. The result can be the providers’ clients violating regulations and even losing customer trust. Yet many businesses may know less than they realize about their service providers’ controls. This 10Minutes discusses how SOC 2 and SOC 3 reports can give businesses the picture they need to have solid confidence in their service providers.

  • 10Minutes
    10Minutes on whistleblower reform

    7/15/13 | Center for Board Governance

    Whistleblower reform is having significant impact. The SEC’s Office of the Whistleblower has one full year of operation under its belt, and with it 3,001 tips and two awards to date. Leading companies are looking closely at the Office’s first-year report and drawing lessons for building stronger ethics and compliance programs. They’re also considering what it takes to create a highly ethical culture. This 10Minutes highlights the importance of having an ethical culture at the workplace.

  • 10Minutes
    10Minutes on why the COSO Update deserves your attention

    5/14/13 | Risk Assurance

    COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

  • Dataline
    Dataline: COSO issues the updated Internal Control-Integrated Framework and related illustrative documents

    5/14/13 | Assurance services

    On May 14, 2013, COSO published an updated Internal Control-Integrated Framework and related illustrative documents. This Dataline highlights noteworthy updates to the Framework, summarizes the purpose of the illustrative documents, and highlights key considerations for clients.

  • 10Minutes
    10Minutes on conflict minerals

    5/9/13 | Assurance services

    10Minutes on conflict minerals provides insight into the strategic benefits and risks companies will want to focus on as they comply with the SEC's conflict minerals rule. The rule is effective for 2013 calendar year operations, so regardless of whether companies view conflict minerals as a supply chain opportunity, risk to their brand or another regulatory to-do, they should act now to prepare.

  • M&A snapshot
    Financial risk management considerations in an acquisition (M&A snapshot)

    12/13/12 | Assurance services

    The acquisition of a business can have a significant impact on both the risk exposures and risk management strategies of the combined entity. In many cases, an acquirer’s financial risk exposure will increase as a result of the acquisition. However, there may be situations in which the acquiree’s operations reduce the acquirer’s current risk exposure. In any event, identifying potential changes in enterprise risks, creating an action plan to address them, and managing changes to risk management strategies post-acquisition are critical to developing short- and long-term solutions for integrating financial risk management considerations in an acquisition.