Risk assurance research and insights

Explore our publication library for in-depth analysis, detailed research, and our perspective on managing Risk holistically across your organization from IT project assurance, to making the Internal Audit function more efficient; from managing compliance and regulatory burdens to identifying and managing the risk in your supply chain.

Browse most viewed by...

Role:

  • By solution
  • By industry
  • By buyer
  • By business issue
  • By video/infographic

PwC & Salesforce: Managing risks in a Salesforce environment

Many companies are turning to the cloud and implementing Salesforce sales, marketing and service solutions to enable them to be more agile and customer-responsive. As companies address marketing, sales and service processes, previously defined internal controls and GRC processes also require reexamination to help establish effective and controlled business processes.

Demystifying EHR data: Harnessing advanced analytics to mitigate risks

Now that the dust has settled on electronic health record (EHR) system implementation, many providers are objectively assessing their EHR systems and identifying areas that many not have delivered the value they had hoped for. This paper focuses on a key pillar of EHR controls optimization: the use of advanced analytics for pre-live testing and post-live monitoring to decrease an organization’s levels of exposure to financial, clinical, system integration, and compliance risks.

Transforming internal audit to drive digital value

Digital disruption is here, and it’s not going away. To respond effectively, internal audit must develop truly disruptive, innovative, and transformational solutions. By aligning with the expectations of its key stakeholders, identifying and focusing on existing and emerging IT risks with greatest potential impact on the business agenda, and leveraging best-in-class techniques, tools, and skill sets to deliver a more advanced suite of technology audits, internal audit will become able to provide timely feedback and reporting for IT leadership and other stakeholders, will facilitate better information in support of decision making, and will drive change to help company leaders achieve strategic objectives.

Internal audit strategic planning: Making internal audit’s vision a reality during a rapid transformation

A strategic plan provides the means whereby internal audit can look forward at future needs and translate those needs into actionable steps it will take to meet them. With a strategic plan as its guidepost, internal audit can launch initiatives and make resource decisions at a pace that helps ensure it is a valuable contributor to the business in this time of rapid business change. Using insights gained from our PwC’s 2015 State of the Internal Audit Profession study, this paper explores the six steps for developing an internal audit strategic plan.

2015 State of the InternalAudit Profession study: Finding True North in a period of rapid transformation

As today's companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year's study, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

The Internal Audit Analytics Conundrum-Finding your path through data

Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way.

Fortified for success Building your company's risk, controls and compliance ecosystem, for the IPO and beyond

Going public is a transformational event that pushes company into view of regulatory, investor, and analyst scrutiny. Companies that delay getting their risk management, compliance and compliance infrastructure in order until after the IPO may be jeopardizing their ability to reap the full benefits of going public. This paper lays out steps that will help companies establish a foundation and cover the company's critical risks and controls, both pre-and-post IPO.

Using the third line of defense to boost performance

By involving internal audit in new product launches, mergers and acquisitions, new market entries, shifts to shared service centers, and other strategic actions, companies can actually move faster, more efficiently, and more profitably.

Metrics by design A practical approach to measuring internal audit performance

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. This paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

EU Data Protection Reforms

The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

How partnerships can catalyze growth

In a globalized marketplace, no company is an island. It's often necessary to join up with third-party companies to harness specific expertise and capabilities cost-effectively.

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. PwC's Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

SOC 2 and 3: Building customer trust through controls reporting

Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors' operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Enabling performance through advanced monitoring and testing: A monitoring and testing solution for the pharmaceutical and life sciences industry

As pharmaceutical and life sciences companies act to seize the vast and evolving opportunities of this environment, they must also make sure they are properly managing their inherent risks and obligations, and doing so in a cost-effective, scalable manner. Continuous monitoring and testing can give management day-to-day assurance that what’s supposed to be happening within the company’s operational controls and compliance environment is really happening.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

Improving enterprise resiliency with GRC technology

Risk-aware organizations are recognizing that enterprise resiliency can be significantly enhanced by leveraging their investment in GRC technology. Effective use of GRC technologies enables enterprise resiliency program owners to focus their time on leading and monitoring their programs' efficacy instead of being consumed with actively managing the documentation.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Six ways risk management helps companies move faster

Involving risk management in business decisions not only helps to avoid pitfalls but can also enhance a company's growth prospects.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Chasing a vision: Pursuing a single customer view for financial institutions

The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

Avoiding the drift: Optimizing and maintaining AML surveillance programs

This whitepaper provides methods and techniques to help companies optimize their AML compliance program and protect themselves from regulatory impact.

Goods gone bad: Addressing money-laundering risk in the trade finance system

Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Present and functioning: Fine-tuning your ICFR using the COSO update

This paper talks through the updated framework and these competencies to evaluate the effectiveness of companies' systems of internal control over financial reporting.

Setting the tone for enterprise risk management from the top

In order for a holistic enterprise risk management system to work well, the CEO needs to believe in it and spread that message across the company.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

EU Data Protection Reforms

The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Chasing a vision: Pursuing a single customer view for financial institutions

The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

Financial Services Internal Audit: Increased Expectations of Value (The 2015 State of the Internal Audit Profession Study)

The critical issues facing financial institutions today are affecting their entire business. The industry continues to address regulatory reform, wrestling with regulations from the Volcker rule within Dodd-Frank, Comprehensive Capital Analysis and Review (CCAR) including stress testing, and recovery and resolution planning, to OCC Part 30. These challenges combined with pressures to implement cost effective technologies, acquire talent, address changing customer behaviors and meet increasing demands from stakeholders are forcing financial institutions to rethink business strategies, which inherently introduces new risk.

Goods gone bad: Addressing money-laundering risk in the trade finance system

Money launderers and terrorist financiers have increasingly turned to global trade as a venue for moving illicit funds across borders and integrating them into the formal economy. Though the underlying techniques of most of these trade-based money laundering (TBML) schemes are relatively simple, they are difficult to detect because they are layered within the mass of legitimate payments. To stay ahead of regulatory pressures and mitigate the real risks that TBML poses, financial institutions and trade organizations need to begin developing analytics-focused AML procedures and monitoring capabilities designed specifically to detect TBML methodologies.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Enabling performance through advanced monitoring and testing: A monitoring and testing solution for the pharmaceutical and life sciences industry

As pharmaceutical and life sciences companies act to seize the vast and evolving opportunities of this environment, they must also make sure they are properly managing their inherent risks and obligations, and doing so in a cost-effective, scalable manner. Continuous monitoring and testing can give management day-to-day assurance that what’s supposed to be happening within the company’s operational controls and compliance environment is really happening.

Healthcare Internal Audit: In a Time of Transition (The 2015 State of the Internal Audit Profession Study)

This report reflects the opinions of executives in the Healthcare sector who participated in the 2015 PwC State of the Internal Audit Profession Study as well as PwC's experience with leading practice internal audit functions. It explores how leading internal audit organizations continue to demonstrate value and relevance by evolving their functions to meet the needs of the changing healthcare sector.

Healthcare needs to up its risk management game

Results indicate that healthcare executives may be missing important opportunities when it comes to leveraging risk management for strategic growth.

18th Annual Global CEO Survey: Healthcare Snapshot

Healthcare CEOs are coping with colliding megatrends and disruptive forces. To compete they are using digital and focusing on creating value in new ways.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Technology Sector Internal Audit: A Function in Disruption (The 2015 State of the Internal Audit Profession Study)

Emerging technology risks, data security and privacy, and velocity of business change are ranked as top opportunities by technology companies in PwC's 2015 State of the Internal Audit Profession study, as they continue to drive change based on the rise of social media, digital formats, and mobile channels.

Outside the box, inside the lines: Leveraging ethics and compliance to boost tech sector innovation and growth

In a time of heightened risk and increased scrutiny over regulatory compliance, a dedicated Ethics and Compliance function can be an asset to tech companies, while supporting their strategic agendas. By empowering an Ethics and Compliance function, and a proactive approach, technology companies can promote collaboration and integration, boost process efficiency, reduce gaps and redundancies, and proactively deal with the compliance implications inherent in new products, new geographies, and other business changes.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

2015 State of the InternalAudit Profession study: Finding True North in a period of rapid transformation

As today's companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year's study, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

2015 State of the InternalAudit Profession study: Finding True North in a period of rapid transformation

As today's companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year's study, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Setting the tone for enterprise risk management from the top

In order for a holistic enterprise risk management system to work well, the CEO needs to believe in it and spread that message across the company.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Dashboards can help companies visualize growth

Being able to use dashboards to visualize data takes risk management beyond controls and straight to the bottom-line results.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. PwC's Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

Six ways risk management helps companies move faster

Involving risk management in business decisions not only helps to avoid pitfalls but can also enhance a company's growth prospects.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Six ways risk management helps companies move faster

Involving risk management in business decisions not only helps to avoid pitfalls but can also enhance a company's growth prospects.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Transforming internal audit to drive digital value

Digital disruption is here, and it’s not going away. To respond effectively, internal audit must develop truly disruptive, innovative, and transformational solutions. By aligning with the expectations of its key stakeholders, identifying and focusing on existing and emerging IT risks with greatest potential impact on the business agenda, and leveraging best-in-class techniques, tools, and skill sets to deliver a more advanced suite of technology audits, internal audit will become able to provide timely feedback and reporting for IT leadership and other stakeholders, will facilitate better information in support of decision making, and will drive change to help company leaders achieve strategic objectives.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Internal audit strategic planning: Making internal audit’s vision a reality during a rapid transformation

A strategic plan provides the means whereby internal audit can look forward at future needs and translate those needs into actionable steps it will take to meet them. With a strategic plan as its guidepost, internal audit can launch initiatives and make resource decisions at a pace that helps ensure it is a valuable contributor to the business in this time of rapid business change. Using insights gained from our PwC’s 2015 State of the Internal Audit Profession study, this paper explores the six steps for developing an internal audit strategic plan.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

2015 State of the InternalAudit Profession study: Finding True North in a period of rapid transformation

As today's companies drive new business strategies forward, internal audit should also be evolving at a similar pace in order to maintain the relevance and value it brings. In this year's study, PwC discusses the concept of True North, a set of ideals used to guide an organization from its current state to where it wants to be.

Using the third line of defense to boost performance

By involving internal audit in new product launches, mergers and acquisitions, new market entries, shifts to shared service centers, and other strategic actions, companies can actually move faster, more efficiently, and more profitably.

Metrics by design A practical approach to measuring internal audit performance

As leading internal audit functions have transformed to meet increasing expectations, metrics have become a critical tool for Internal Audit to demonstrate its value to the organization and drive its performance against stakeholder expectations. This paper explores how internal audit functions can leverage metrics to both communicate the value they are providing as well as drive results.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

Why you should adopt the NIST Cybersecurity Framework

The NIST Cybersecurity Framework, yields no surprises for critical infrastructure executives who have followed its development. The Framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting to proactive risk-management standards. This paper outlines the primary components of the NIST Cybersecurity Framework as well as the pros and cons for early adopters.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

A collaborative monitoring and testing solution for power and utilities

Continuous monitoring and testing is enabling power and utilities companies to speed forward with less worry about being blindsided by compliance failures or unanticipated risk events. Read our most recent report.

Charting a future for US-dollar clearing and correspondent banking through analytics

The size and complexity of the US-dollar clearing and correspondent banking markets make them attractive to perpetrators of financial crime. As a result, regulators have intensified their focus on financial institutions’ compliance with anti-money laundering regulations, which has prompted some organizations to “de-risk” or drop their correspondent banking relationships. However, innovative uses of data analytics are providing an alternative to de-risking, by helping financial institutions manage their money laundering risks and costs of compliance.

Chasing a vision: Pursuing a single customer view for financial institutions

The development of unified platforms for analyzing customer activity remains elusive for many financial institutions. However, emerging advanced analytic techniques are helping fuel the development of a single customer view platform, from which financial institutions can address a wide range of risk, compliance, and operational objectives.

The Internal Audit Analytics Conundrum-Finding your path through data

Business development during recent decades has involved extensive use of technology designed to drive business competitiveness and expand new business horizons. Integrating data analytics into your Internal Audit approach can help you achieve your audit objectives in a more reliable and cost-effective way.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How partnerships can catalyze growth

In a globalized marketplace, no company is an island. It's often necessary to join up with third-party companies to harness specific expertise and capabilities cost-effectively.

Enabling performance through advanced monitoring and testing activities

Companies today need speed, agility, and adaptability to keep up with rapidly changing technologies, evolving customer needs, increasingly globalized businesses, intensifying regulatory pressures and fast-shifting business models. Continuous monitoring and testing is designed to give management day-to-day assurance into the company's controls and compliance environment. Learn more about the benefits of pursuing an advanced managed monitoring and testing solution in PwC's report.

Privacy and data security as a competitive edge

In the Digital Age, where information is highly distributed, privacy and security issues have become paramount. Use privacy and data security to gain a competitive edge.

Managing Risk in the Cloud - The Role of Management

As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data-and the business itself-to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.

EU Data Protection Reforms

The passage of the General Data Protection Regulation that is proceeding through the European legislature is likely to raise significant challenges in regard to data protection compliance for all businesses that operate or provide goods and services within the European Union. With passage likely, proactive companies are taking steps today that will help them prepare to comply with future requirements.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Streamlining and Aligning Your Control Processes For Stronger Growth and Lower Costs

Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, realtime management of internal controls.

Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study

Organizations have increased their adoption of Oracle Advanced Control to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations' awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

Beyond Accounting: Process, data, system and control implications of the new revenue standard

Companies must assess their business processes, data, systems and internal controls to determine whether they can capture and report the information needed to comply with the new standard.

Internal audit strategic planning: Making internal audit’s vision a reality during a rapid transformation

A strategic plan provides the means whereby internal audit can look forward at future needs and translate those needs into actionable steps it will take to meet them. With a strategic plan as its guidepost, internal audit can launch initiatives and make resource decisions at a pace that helps ensure it is a valuable contributor to the business in this time of rapid business change. Using insights gained from our PwC’s 2015 State of the Internal Audit Profession study, this paper explores the six steps for developing an internal audit strategic plan.

Integrating risk scenario analysis into an ERM program

This publication describes the potential benefits from risk scenario analysis, and describes a methodology for introducing risk scenario analysis to support strategic decision-making. Once risk scenario analysis is introduced to a management team, it often becomes a standard part of the risk analysis and planning process.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

Risk in review Decoding uncertainty, delivering value

PwC's annual risk survey included responses from over 1,200 global business executives and leaders who shared their views about the risk climate, their companies' risk management practices, and the key risks they're worried about now and on the horizon. So what did we learn from this year's survey?

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

State of Compliance Survey, 2015

In today's dynamic business environment, with rapidly emerging trends driving new compliance risks and impacting legal regulation, it's more challenging than ever for companies to understand and meet baseline obligations. We explore five themes on how the compliance function can move beyond its traditional responsibilities for meeting baseline legal and regulatory requirements and toward a more strategic role in the organization.

Streamlining and Aligning Your Control Processes For Stronger Growth

Regulatory pressures for businesses are intensifying, and compliance costs are rising, while resources remain scarce. Data is expanding exponentially in both volume and diversity. Organizations that move into developing markets face additional challenges. In this environment, companies must transform control and compliance management from burdensome, labor-intensive tasks into streamlined processes that support growth, add business value, and lower costs. To stay ahead of regulatory pressures, organizations should integrate compliance tools with back-end systems and use leading practices to streamline and automate control processes for continuous, real time management of internal controls.

Deeper insights for greater strategic value: Oracle Advanced Controls (GRC) Study

GRC Technology has become an increasingly critical factor for driving value (i.e., recovering profitability, increasing efficiency, detecting fraud, etc.) and automating manual compliance and risk management activity in the enterprise. Organizations have increased their adoption of Oracle Advanced Control (“AC”) to improve the oversight of corporate governance, including financial reporting compliance, enterprise risk management (ERM), and related audits. To better understand organizations’ awareness and how organizations are using (or considering using) Advanced Controls technology to drive value in an enterprise, PwC conducted an Oracle Advanced Controls study.

How to achieve excellent enterprise risk management

If you are looking for practical advice on how to develop enterprise risk management capabilities to support business decision-making, then you will want to read and subscribe to our series. In addition, the series focuses on continuous improvement to evolve organizations beyond the compliance-oriented initial risk assessment activities.

Breaking ground in the Pharma industry: A new reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in the Pharmaceutical and Life Sciences industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and reporting framework, organizations can provide customers with confidence over their third-party operations.

Common ground: New reporting framework for vendor risk

In today's evolving globalized marketplace, outsourcing in financial services, financial technology, or "fintech" industry is a common practice increasingly garnering the attention of regulators worldwide. Service providers must develop, expand, or evolve their vendor controls and compliance functions to satisfy regulators' requirements and fulfill customer demands. By adopting an independent assurance and SOC reporting framework, organizations can provide customers with comfort over their third-party operations and create a competitive advantage for their business.

Third party risk management insights for asset managers

Asset managers are increasingly relying on third parties in efforts to address those pressures as well as investors’ demands and at the same time reduce operating costs. An effective third party risk management framework helps organizations address risk throughout the third party life cycle.

How partnerships can catalyze growth

In a globalized marketplace, no company is an island. It's often necessary to join up with third-party companies to harness specific expertise and capabilities cost-effectively.

Vendor Controls Assurance (SOC 2+): A cost effective approach to building customer trust

The rate of global outsourcing of both core and support functions within organizations is rapidly rising. In an attempt to further reduce costs, organizations are asking that outsourced vendors play a larger role in supporting critical activities of the business. PwC's Vendor Controls Attestation Report (SOC 2+) is designed to manage outsourcing risks and provide assurance over vendor controls, while saving both the vendor and customer money and time.

SOC 2 and 3: Building customer trust through controls reporting

Organizations are increasingly looking to global markets for outsourcing as a means of reducing costs and increasing efficiencies. In order to receive assurance over their vendors' operations, companies are demanding SOC (Service Organization Controls) reports prepared by independent auditors.

Seeing the whole risk picture

Dean Simone discusses how PwC can team with you to provide risk assurance across your business.

Risk Management: A Growth Enabler and Performance Driver

PwC's Performance Governance, Risk and Compliance Leader, Brian Schwartz, discusses how risk management programs enable more insightful decision making allowing companies to be more

Advanced Analytics for New Insights

PwC's Risk and Compliance Systems and Analytics Leader, John Sabatini, discusses how increasingly crucial analytics and data are crucial for a business to remain competitive.

Maintaining Security in the Digital Age

PwC's Risk Assurance Cybersecurity, Privacy and Strategy Leader, Grant Waterfall, explains why risk-based decision making is ever-more important, and the right talent and tools are essential to make informed, timely decisions.

Internal audit: Potential to Boost an Effective Risk Management Function

PwC's Internal Audit Leader, Jason Pett, discusses the importance of leveraging all three lines of defense, including internal audit, to provide more opportunities for companies to be successful.