PwC: New threats, opportunities and regulatory obligations are an everyday business occurrence…businesses need controls to improve oversight and good governance

Kingston, Jamaica, 25, October, 2017 – PwC argues that organisations are becoming more challenged by rapidly changing business trends, while managing risks and technological innovations. Businesses must therefore integrate technology for a more centralized model to contribute to cost reduction while enhancing risk management and improving control processes and governance practices.

Featured speaker at the Government of Jamaica Audit Commission Conference on the topic of Integrating Technology to Improve Oversight on Governance, Risk and Control Processes, Bruce Scott, Risk Assurance Leader for PwC in the Caribbean says: “With the rapid change in the business landscape, it would be challenging, to build risk agility without the aid of technology."

"To achieve sustained success in this business environment, entities should seriously consider having the three lines of defense that drive their risk management process, using more technology. This could be a fully integrated governance, risk and compliance (GRC) technology or a specific tool such as TeamMate that primarily supports the third line of defense (i.e. internal audit).” 

^{Bruce Scott, Risk Assurance Leader for PwC in the Caribbean delivers the keynote At the GOJ Audit Commission Conference on Wednesday.  Looking on are (L-R) Colin Greenland, Vice-Chair, GOJ Audit Commission, Hon. Fayval Williams, Minister of State in the Ministry of Finance and Leighton McKnight, Chairman GOJ Audit Commission and Territory Leader, PwC Jamaica.}

^{PwC Jamaica team members share information with participants at the GOJ Audit Commission’s Annual Conference hosted on Wednesday (October 25) at the Knutsford Court Hotel in Kingston.}

The three lines of defense are:

• First line of defense is responsible for day-to-day  execution and management of risk and controls;
• Second line of defense has oversight  responsibilities with functions like risk management, quality and compliance; and
• Third line of defense is internal audit, which is responsible for independently testing that the company’s risks are being mitigated.

Scott opines that “GRC technology and similar tools provide coordination and standardisation of policies and controls, regulatory requirements and risk registers. It provides up-to-date, customisable, automated reporting and analysis that makes reporting to bodies such as the Audit Committee more efficient and powerful."

"It eliminates manual activities that can cause confusion over responsibilities or lack of role clarity or coordination, it also provides an integrated set of solutions, with each solution catering to the needs of each line of defense with a common foundation and structure – meaning each line of defense gets a specific benefit from GRC technology or similar tools.

He adds that companies that did not include technology as a dimension of their three lines of defense strategy may want to reconsider the impact of GRC as a robust technology tool as it can  help to bring an effective governance structure, sustainable risk management and common solution across the organisation.