Risk Assurance insights: Survey findings, articles, newsletter series, webcasts: PwC

Risk assurance research and insights

Risk Assurance perspectives

Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.

Browse most viewed by...

Role:

  • By solution
  • By industry
  • By role
  • By video/infographic

Navigating new trust mechanisms

As companies and communities around the world have become more connected, trust is being challenged in new ways. Businesses often involve more stakeholders than ever, and breakdowns in trust can have a bigger impact.

The quest for internal audit talent as stakeholders expect more

For internal audit, many factors are converging to magnify both the importance and the challenge of building an effective talent model. Higher stakeholder expectations and increasingly complex risks demand different skill sets from internal audit such as advanced business acumen and expertise in specific technologies, functional areas, or industry regulations. This paper provides tangible guidance on how, as a profession, we can progress this important capability.

Equipped for success: The right equipment lease management solution can provide benefits beyond compliance

The new leasing standards pose a particularly difficult challenge when it comes to equipment, given the volume and decentralization common to equipment leases. However, a robust equipment lease management solution can provide benefits beyond compliance.

Monitoring vendor networks through supply chain risk analytics

The depth of risk that can lurk within today’s global, multistage supply chains is stunning. For every primary vendor with which a company has a relationship, it may have secondary relationships with dozens of entities that supply that vendor, plus tertiary relationships with each of those entities’ own subsuppliers, and so on. To manage risk comprehensively within that landscape, a company must be able to verify whether each of those individual vendor and subsupplier entities is abiding by the laws of all of the countries whose jurisdictions the company operates in.

Commercial Assurance + third party contract management.

Achieving sustained value from third party contracts is an on-going challenge for most organizations. Does your company know how to address the value leakage that may be occurring?

What public companies should know about Inline XBRL

Since 2009 the SEC has required public company filings to be done in the electronic eXtensible Business Reporting Language (XBRL) format. Today, through the evolution of technology, a new reporting format has been created – Inline XBRL (iXBRL). This paper explores the implications of iXBRL and related technologies, including potential benefits for public companies, as well as risk considerations.

Banking on change: How to respond to new expectations for audit committees

The audit committee’s role in the modern bank is expanding and evolving. New laws, rules, and regulatory expectations put greater scrutiny on firms, creating more effort for everyone involved. To respond, many banking and capital market (BCM) firms must manage a number of complex tasks simultaneously. In this paper, published in conjunction with the Institute of Internal Auditors (“IIA”), PwC discusses the unique challenges US BCM audit committees face and what leading firms are doing to address these concerns.

Data certification for regulatory reporting

Financial institutions have numerous regulatory reporting obligations that involve regularly producing and submitting reports to multiple regulators. But many executives are finding it challenging to certify that reported data is materially correct and that controls over reporting are effective. A robust data certification framework is a critical step toward enabling financial institutions to assess the accuracy and quality of the data they use to meet reporting requirements.

State of Compliance 2016

5 key questions on laying a strategic foundation for strong compliance risk management.

AML surveillance for the securities industry

Regulators have intensified their scrutiny of securities firms and are levying heavy penalties for noncompliance with AML/CTF regulations. These firms often struggle to mitigate risks related to high transaction volumes and velocities, opaque ownership structures, and the overall diversity of the schemes they must monitor. To meet the challenge, securities firms are developing more customer- and product-oriented monitoring programs supported by data analytics and emerging technologies.

Advanced Risk and Compliance Analytics Solutions BCBS 239 compliancey

It’s been more than three years since the Basel Committee on Banking Supervision (BCBS) published “Principles for effective risk data aggregation and risk reporting,” known as BCBS 239. The Principles were designed to give banks the ability to gather and understand key risk data that coincides with their risk tolerance and to improve risk reporting practices. The requirements were effective January 1, 2016, for global systemically important banks (G-SIBs), but many institutions are struggling to comply with BCBS 239 and realize the significant potential benefits that improved data integration, governance, analytics, and reporting can offer.

Monetizing data while respecting privacy

In the global digital economy, companies everywhere face a growing challenge: how to use vast amounts of data about individuals they now gather to create greater value for their business and their customers without crossing the line into unethical, unlawful or unwanted use. This paper explores how organizations can effectively address this challenge through a strong data-use governance framework.

Needle in the haystack: Monitoring vendor networks through supply chain risk analytics

As global supply chains grow in complexity, companies must safeguard themselves against vulnerabilities across their full vendor network. Advanced data analytics can provide continuous detection and remediation of vendor-related risk.

Advancing the use of analytics within internal audit

Many internal audit departments are investing in data analytics, but are struggling to fully realize the anticipated benefits. By avoiding common pitfalls and implementing data analytics holistically throughout the department, stalled analytics programs can be restarted, or new programs more successfully implemented.

Consolidation in the cloud: Is EPM in the cloud right for your company?

Enterprise Performance Management (EPM) applications provide integrated financial and operational information to executive decision-makers. Increasingly, many EPM applications are transitioning from being on-premise to cloud-based solutions, offering many benefits. However, there are a number of factors organizations should consider in determining whether EPM in the cloud is right for them at this time.

Third Party Assurance in Healthcare: How vendors can strengthen trust and transparency

Do your vendors hold protected health information? Here’s what vendors in the healthcare industry need to know about third party assurance and how to obtain it.

Trends in compliance organizational structures

In response to increasing regulatory pressures, well-publicized compliance breaches and a trend toward greater transparency, compliance and ethics programs have grown in popularity. This paper focuses on five structural trends that are enabling compliance and ethics to be part of the growth engine of the company.

CFTC's cybersecurity proposal

CFTC’s cybersecurity proposal outlines the five proposed testing requirements for electronic trading platforms, clearing organizations, and data repositories and the important part that internal audit could play in meeting them. This article is part of the Internal audit perspectives series providing guidance on the impact of emerging issues on internal audit and internal technology functions.

Directors and IT: Effective IT oversight and role of internal audit

Directors and IT: Effective IT oversight and role of internal audit, identifies how Internal audit, as the third line of defense, can help close the IT confidence gap for boards with independent assurance of the effectiveness of the company's IT risk management program. This article is part of the Internal audit perspectives series providing guidance on the impact of emerging issues on

Risk in review: Going the distance

PwC's 2016 Risk in review survey asked CROs, CCOs, CEOs, Internal Audit Directors, and Board members about their risk agility/resiliency capabilities and processes. High Performers and Faster Movers are more likely than all other respondents to expect significant growth.

Playing offense and defense for sustainable growth

For many years, risk management has been focused on protecting the brand and keeping the company out of trouble. But if you’re doing it right, risk management is actually about playing defense as well as offense—it’s about value protection as well as value creation.

Beyond risk identification Evolving provider ERM programs

PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many are operating at comparable levels to their peers. However, given the increasingly complex and risk saturated environment providers operate in, there’s an urgency for providers to continuously enhance and improve their ERM programs beyond their current capabilities.

Enterprise risk management and business continuity management – Together at last

Organizations that integrate enterprise risk management (ERM) into their strategic planning efforts have found that business continuity management (BCM) enhances both their value creation objectives and their protection objectives. The confidence that comes from identifying and appropriately addressing interruption risks enables them to more boldly execute those strategic plans. But to gain that confidence requires the melding of ERM and BCM programs.

Partnerships make you stronger and swifter

Every company has core competencies. But in the digital age, where data and technological disruption not only create new opportunities but actually demand change to remain competitive, companies are increasingly re-defining and expanding their core. Having strategic relationships and a level of trust with third-party partners can help companies build processes that not only make them stronger, but help them move faster as well.

Changes to the FICCA Framework: How will they affect your organization?

The Investment Company Institute recently released changes to the FICCA Framework, the mutual fund industry’s primary standardized assessment framework for monitoring intermediaries selling fund shares. How will they affect your organization?

Rethinking loss prevention and shrink management

The pace of change in the retail industry has accelerated dramatically. The retail industry is struggling to manage the emerging risks it faces. Companies must act to control their loss prevention and shrink management objectives.

The new SOC 2 privacy principle guidelines: What you need to know

Do you have customers that plan to audit you? Are customers asking about privacy? The SOC 2 privacy criteria are changing—and here’s what you need to know.

2016 State of the Internal Audit Profession

Our 2016 Study shows a clear linkage between very effective internal audit leadership and the value internal audit functions deliver. Ramping up internal audit leadership strength can be a key lever to drive improved stakeholder alignment and increased value contribution. This paper shows you how.

Expanding your GRC technology footprint

Companies invest in GRC solutions to help them establish efficient internal controls over business processes, and overall to help them reduce risk. GRC solutions have evolved over time, and some companies have not taken advantage of the move towards a more integrated and holistic approach to governance, compliance and risk management. Because of this, there are potential opportunities for many organizations to better leverage their GRC investments by using key functionality that already exists within the GRC solutions they own.

2016 State of the Internal Audit Profession

Our 2016 Study shows a clear linkage between very effective internal audit leadership and the value internal audit functions deliver. Ramping up internal audit leadership strength can be a key lever to drive improved stakeholder alignment and increased value contribution. This paper shows you how.

Risk in review: Going the distance

PwC's 2016 Risk in review survey asked CROs, CCOs, CEOs, Internal Audit Directors, and Board members about their risk agility/resiliency capabilities and processes. High Performers and Faster Movers are more likely than all other respondents to expect significant growth.

Long-term success demands an active mindset for risk alignment

For many, it’s largely about making sure the various business function leaders understand and support the company’s overall business strategy, know the company’s risk limits, and are moving toward the key objectives in a responsible way.

2016 State of the Internal Audit Profession

Our 2016 Study shows a clear linkage between very effective internal audit leadership and the value internal audit functions deliver. Ramping up internal audit leadership strength can be a key lever to drive improved stakeholder alignment and increased value contribution. This paper shows you how.

The Eight Attributes: Delivering Internal Audit excellence as stakeholders expect more

Discussions with stakeholders and CAEs as well as PwC’s experience have consistently pointed to the importance of eight core attributes shared by effective internal audit functions, regardless of their mandate, scope of work, or size. This paper shares insight into these eight attributes, how they have evolved, and how internal audit leaders can think about their own performance against the eight attributes to better deliver the value stakeholders expect.

Integration opportunities for ERM programs

The best way to sustain enterprise risk management (ERM) programs—and generate ongoing value–is to integrate risk management processes with other business activities. Successful integration efforts require substantial planning and organization buy-in. We believe a comprehensive risk-management-process integration plan can improve risk management information, overall risk culture, and strategic decision making

Program assurance: Managing risk to enhance value delivery

Many companies continue to struggle to successfully deploy enterprise transformation and enterprise resource planning (ERP) solutions. Complexity driven by industry and technology trends and poorly designed or executed program governance are at the root of many failed implementations. Many of these issues can be mitigated by an effective program assurance function that equips decision makers with an unbiased, forward-looking view of program risks focused on business outcomes.

PwC & Salesforce: Managing risks in a Salesforce environment

Many companies are turning to the cloud and implementing Salesforce sales, marketing and service solutions to enable them to be more agile and customer-responsive. As companies address marketing, sales and service processes, previously defined internal controls and GRC processes also require reexamination to help establish effective and controlled business processes.

Thinking fast and slow: Using data to improve risk agility and resilience

Many companies still operate on the assumption that they must have their data completely under control before they can start using it to make important decisions. Somebody might say, “We really need to have a common warehouse” around risk, or compliance, or an area within the firm where they’re looking to do some standardization for deep and long-term analysis.

Name, set, match: Enhancing watch list screening through analytics

Financial institutions are facing an increasingly complex regulatory landscape amid ever-changing policies and geopolitical uncertainty. Maintaining regulatory compliance while managing risks and associated costs is a balance that is increasingly difficult to achieve, especially for global financial institutions. Advanced data analytics and technology allows financial institutions to better achieve that balance, gaining a more realistic view and approach to their risks while controlling and evaluating their costs.

Energy Trade Surveillance System Optimization

Energy trading organizations continue to experience compliance challenges as regulatory scrutiny intensifies. While many have implemented energy trade surveillance systems, they lack the customization and optimization needed to effectively detect noncompliance. This paper explores critical areas of an energy trade surveillance program and innovative methods for surveillance system optimization.

Beyond risk identification Evolving provider ERM programs

PwC conducted research to assess the state of enterprise risk management (ERM) within healthcare providers and found many are operating at comparable levels to their peers. However, given the increasingly complex and risk saturated environment providers operate in, there’s an urgency for providers to continuously enhance and improve their ERM programs beyond their current capabilities.

Demystifying EHR data: Harnessing advanced analytics to mitigate risks

Now that the dust has settled on electronic health record (EHR) system implementation, many providers are objectively assessing their EHR systems and identifying areas that many not have delivered the value they had hoped for. This paper focuses on a key pillar of EHR controls optimization: the use of advanced analytics for pre-live testing and post-live monitoring to decrease an organization’s levels of exposure to financial, clinical, system integration, and compliance risks.

Transforming internal audit to drive digital value

Digital disruption is here, and it’s not going away. To respond effectively, internal audit must develop truly disruptive, innovative, and transformational solutions. By aligning with the expectations of its key stakeholders, identifying and focusing on existing and emerging IT risks with greatest potential impact on the business agenda, and leveraging best-in-class techniques, tools, and skill sets to deliver a more advanced suite of technology audits, internal audit will become able to provide timely feedback and reporting for IT leadership and other stakeholders, will facilitate better information in support of decision making, and will drive change to help company leaders achieve strategic objectives.

The Internal Audit Analytics Conundrum-Finding your path through data

Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way.

Fortified for success Building your company's risk, controls and compliance ecosystem, for the IPO and beyond

Going public is a transformational event that pushes company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company's critical risks and controls, both pre-and-post IPO.

Using the third line of defense to boost performance

By involving internal audit in new product launches, mergers and acquisitions, new market entries, shifts to shared service centers, and other strategic actions, companies can actually move faster, more efficiently, and more profitably.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Metrics by design A practical approach to measuring internal audit performance

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. This paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

EU Data Protection Reforms

The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

How partnerships can catalyze growth

In a globalized marketplace, no company is an island. It's often necessary to join up with third-party companies to harness specific expertise and capabilities cost-effectively.

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. PwC's Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

SOC 2 and 3: Building customer trust through controls reporting

Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors' operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

Risk and Review 2015: Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Enabling performance through advanced monitoring and testing: A monitoring and testing solution for the pharmaceutical and life sciences industry

As pharmaceutical and life sciences companies act to seize the vast and evolving opportunities of this environment, they must also make sure they are properly managing their inherent risks and obligations, and doing so in a cost-effective, scalable manner. Continuous monitoring and testing can give management day-to-day assurance that what’s supposed to be happening within the company’s operational controls and compliance environment is really happening.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

Improving enterprise resiliency with GRC technology

Risk-aware organizations are recognizing that enterprise resiliency can be significantly enhanced by leveraging their investment in GRC technology. Effective use of GRC technologies enables enterprise resiliency program owners to focus their time on leading and monitoring their programs' efficacy instead of being consumed with actively managing the documentation.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Six ways risk management helps companies move faster

Involving risk management in business decisions not only helps to avoid pitfalls but can also enhance a company's growth prospects.

Empower loss prevention with strategic data analytics

Retailers are realizing that the strategic management of risk and the reduction of shrink can have substantial impact on both profitability and customer satisfaction. Savvy retailers are using data analytics to add value to their loss prevention and risk management programs. This paper outlines key ways retailers are building successful enterprise-wide loss prevention programs that apply data and analytics.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Chasing a vision: Pursuing a single customer view for financial institutions

The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

Avoiding the drift: Optimizing and maintaining AML surveillance programs

This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.

Goods gone bad: Addressing money-laundering risk in the trade finance system

Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

The Internal Audit Analytics Conundrum: Finding your path through data

Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way. This white paper highlights what Internal Audit can be doing to help utilize analytics across their audit plan.

Virtual Currencies: Out of the deep web, into the light

Bitcoin and other virtual currencies have reached the point of broad influence, with the potential to tip over into full mainstream acceptance. But the potential for money laundering, large-scale theft, terrorist financing, and other illicit uses has regulators concerned. Financial services firms can play a critical role in the integration of virtual currencies through the implementation of anti-money laundering procedures and controls, including transaction monitoring and know-your-customer protocols.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Present and functioning: Fine-tuning your ICFR using the COSO update

This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies' systems of internal control over financial reporting.

Setting the tone for enterprise risk management from the top

In order for a holistic enterprise risk management system to work well, the CEO needs to believe in it and spread that message across the company.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

10Minutes on why the COSO Update deserves your attention

COSO has published a PwC-authored update to its framework, the first in over 20 years, which gives you an opportunity to refresh your controls for today's environment.

Take a two-sided approach to Cybersecurity and Privacy

Cyber threats are everywhere. They are increasingly frequent, difficult to detect, and expensive to resolve, and the damage to your company’s brand can be irreversible. Protecting your company requires risk resiliency—which in the context of cybersecurity means investing in a broad-based cybersecurity risk management program that automates security and privacy controls, and works to minimize system downtime in the event of an attack.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

EU Data Protection Reforms

The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

Managing the shadow cloud: Integrating Cloud governance into your existing compliance program

The world of computing has changed, and executives have begun to realize that shadow cloud activity cannot be ignored. At the same time, realizing the benefits of the cloud with more confidence about the risks and rewards depends on knowing how to prudently say “yes” to the cloud.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Chasing a vision: Pursuing a single customer view for financial institutions

The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

Financial Services Internal Audit: Increased Expectations of Value (The 2015 State of the Internal Audit Profession Study)

The critical issues facing financial institutions today are affecting their entire business. The industry continues to address regulatory reform, wrestling with regulations from the Volcker rule within Dodd-Frank, Comprehensive Capital Analysis and Review (CCAR) including stress testing, and recovery and resolution planning, to OCC Part 30. These challenges combined with pressures to implement cost effective technologies, acquire talent, address changing customer behaviors and meet increasing demands from stakeholders are forcing financial institutions to rethink business strategies, which inherently introduces new risk.

Goods gone bad: Addressing money-laundering risk in the trade finance system

Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Enabling performance through advanced monitoring and testing: A monitoring and testing solution for the pharmaceutical and life sciences industry

As pharmaceutical and life sciences companies act to seize the vast and evolving opportunities of this environment, they must also make sure they are properly managing their inherent risks and obligations, and doing so in a cost-effective, scalable manner. Continuous monitoring and testing can give management day-to-day assurance that what’s supposed to be happening within the company’s operational controls and compliance environment is really happening.

Healthcare Internal Audit: In a Time of Transition (The 2015 State of the Internal Audit Profession Study)

This report reflects the opinions of executives in the Healthcare sector who participated in the 2015 PwC State of the Internal Audit Profession Study as well as PwC's experience with leading practice internal audit functions. It explores how leading internal audit organizations continue to demonstrate value and relevance by evolving their functions to meet the needs of the changing healthcare sector.

Healthcare needs to up its risk management game

Results indicate that healthcare executives may be missing important opportunities when it comes to leveraging risk management for strategic growth.

18th Annual Global CEO Survey: Healthcare Snapshot

Healthcare CEOs are coping with colliding megatrends and disruptive forces. To compete they are using digital and focusing on creating value in new ways.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Technology Sector Internal Audit: A Function in Disruption (The 2015 State of the Internal Audit Profession Study)

Emerging technology risks, data security and privacy, and velocity of business change are ranked as top opportunities by technology companies in PwC's 2015 State of the Internal Audit Profession study, as they continue to drive change based on the rise of social media, digital formats, and mobile channels.

Outside the box, inside the lines: Leveraging ethics and compliance to boost tech sector innovation and growth

In a time of heightened risk and increased scrutiny over regulatory compliance, a dedicated Ethics and Compliance function can be an asset to tech companies, while supporting their strategic agendas. By empowering an Ethics and Compliance function, and a proactive approach, technology companies can promote collaboration and integration, boost process efficiency, reduce gaps and redundancies, and proactively deal with the compliance implications inherent in new products, new geographies, and other business changes.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

2015 State of the InternalAudit Profession study: Finding True North in a period of rapid transformation

As today's companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year's study, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

2015 State of the InternalAudit Profession study: Finding True North in a period of rapid transformation

As today's companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year's study, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Setting the tone for enterprise risk management from the top

In order for a holistic enterprise risk management system to work well, the CEO needs to believe in it and spread that message across the company.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Dashboards can help companies visualize growth

Being able to use dashboards to visualize data takes risk management beyond controls and straight to the bottom-line results.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. PwC's Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Six ways risk management helps companies move faster

Involving risk management in business decisions not only helps to avoid pitfalls but can also enhance a company's growth prospects.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Six ways risk management helps companies move faster

Involving risk management in business decisions not only helps to avoid pitfalls but can also enhance a company's growth prospects.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Transforming internal audit to drive digital value

Digital disruption is here, and it’s not going away. To respond effectively, internal audit must develop truly disruptive, innovative, and transformational solutions. By aligning with the expectations of its key stakeholders, identifying and focusing on existing and emerging IT risks with greatest potential impact on the business agenda, and leveraging best-in-class techniques, tools, and skill sets to deliver a more advanced suite of technology audits, internal audit will become able to provide timely feedback and reporting for IT leadership and other stakeholders, will facilitate better information in support of decision making, and will drive change to help company leaders achieve strategic objectives.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Internal audit strategic planning: Making internal audit’s vision a reality during a rapid transformation

A strategic plan provides the means whereby internal audit can look forward at future needs and translate those needs into actionable steps it will take to meet them. With a strategic plan as its guidepost, internal audit can launch initiatives and make resource decisions at a pace that helps ensure it is a valuable contributor to the business in this time of rapid business change. Using insights gained from our PwC’s 2015 State of the Internal Audit Profession study, this paper explores the six steps for developing an internal audit strategic plan.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Using the third line of defense to boost performance

By involving internal audit in new product launches, mergers and acquisitions, new market entries, shifts to shared service centers, and other strategic actions, companies can actually move faster, more efficiently, and more profitably.

Metrics by design A practical approach to measuring internal audit performance

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. This paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

Why you should adopt the NIST Cybersecurity Framework

The NIST Cybersecurity Framework, yields no surprises for critical infrastructure executives who have followed its development. The Framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting to proactive risk-management standards. This paper outlines the primary components of the NIST Cybersecurity Framework as well as the pros and cons for early adopters.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Chasing a vision: Pursuing a single customer view for financial institutions

The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

The Internal Audit Analytics Conundrum-Finding your path through data

Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Internal audit functions can leverage metrics to communicate value and drive results.

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. Building on key findings from PwC’s 2014 State of the Internal Audit Profession study, this paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How partnerships can catalyze growth

In a globalized marketplace, no company is an island. It's often necessary to join up with third-party companies to harness specific expertise and capabilities cost-effectively.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

EU Data Protection Reforms

The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Streamlining and Aligning Your Control Processes For Stronger Growth and Lower Costs

Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, realtime management of internal controls.

Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study

Organizations have increased their adoption of Oracle Advanced Control to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations' awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Internal audit strategic planning: Making internal audit’s vision a reality during a rapid transformation

A strategic plan provides the means whereby internal audit can look forward at future needs and translate those needs into actionable steps it will take to meet them. With a strategic plan as its guidepost, internal audit can launch initiatives and make resource decisions at a pace that helps ensure it is a valuable contributor to the business in this time of rapid business change. Using insights gained from our PwC’s 2015 State of the Internal Audit Profession study, this paper explores the six steps for developing an internal audit strategic plan.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

Streamlining and Aligning Your Control Processes For Stronger Growth

Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. Data is expanding exponentially in both volume and diversity. Organizations that move into developing markets face additional challenges. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, real time management of internal controls.

Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study

GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

How partnerships can catalyze growth

In a globalized marketplace, no company is an island. It's often necessary to join up with third-party companies to harness specific expertise and capabilities cost-effectively.

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. PwC's Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

SOC 2 and 3: Building customer trust through controls reporting

Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors' operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

Navigating new trust challenges

As trust continues to evolve, businesses need new mechanisms to ensure confidence and drive growth.

State of Compliance 2016

5 key questions on laying a strategic foundation for strong compliance risk management.

Seeing the whole risk picture

Dean Simone discusses how PwC can team with you to provide risk assurance across your business.

Risk Management: A Growth Enabler and Performance Driver

PwC's Performance Governance, Risk and Compliance Leader, Brian Schwartz, discusses how risk management programs enable more insightful decision making allowing companies to be more

Advanced Analytics for New Insights

PwC's Risk and Compliance Systems and Analytics Leader, John Sabatini, discusses how increasingly crucial analytics and data are crucial for a business to remain competitive.

Maintaining Security in the Digital Age

PwC's Risk Assurance Cybersecurity, Privacy and Strategy Leader, Grant Waterfall, explains why risk-based decision making is ever-more important, and the right talent and tools are essential to make informed, timely decisions.

Internal audit: Potential to Boost an Effective Risk Management Function

PwC's Internal Audit Leader, Jason Pett, discusses the importance of leveraging all three lines of defense, including internal audit, to provide more opportunities for companies to be successful.