Empower your organization to anticipate, manage, and thrive amid risks
Governance, Risk, and Controls (GRC)
Building resilience starts with proactive risk management—the ability to foresee potential hazards, implement strong controls, and continuously improve your processes. Our comprehensive risk and control systems solutions are designed to help your organization not only identify and mitigate risks but also automate and test controls efficiently, ensuring confidence in decision-making and operational continuity.
How we can help
We collaborate with your leadership to build tailored ERM frameworks that align with your strategic goals.
From risk identification to mitigation strategies, we help create scalable, integrated risk management programs that enhance visibility and accountability across your enterprise.
Our approach is modeled on the latest COSO Enterprise Risk Management (ERM) Framework (2017), which embeds management mechanisms that proactively identify, measure, prioritize, and manage risk to provide leaders with the valuable insight they need to make informed decisions.
Our services include:
- helping establish strong risk governance in all business areas;
- providing support in developing methodologies, policies, and procedures to help run your own risk management processes;
- supporting/coaching your risk committees (at management or board levels), including developing their terms of reference;
- running risk workshops with your management team to facilitate brainstorming and develop your organization’s risk profile;
- interviewing your staff to develop your company’s risk register;
- developing Key Risk Indicators (KRIs) and risk tolerance statements for your business units;
- developing your risk appetite statement;
- advising you on ways to get more value from your existing ERM process; and
- injecting challenge into your decision-making to improve your risk appetite.
Establishing clear governance structures and risk frameworks is key to sustainable risk management.
We help you define roles, responsibilities, policies, and procedures that promote risk awareness and accountability at every organizational level.
We support you in designing robust control activities, streamlining their implementation, and optimizing their performance through ongoing testing, ensuring controls remain effective, relevant, and scalable as your organization evolves.
Timely reviews of your processes and controls allow you to monitor the efficiency and effectiveness of your governance frameworks and controls designs.
Our services include:
- developing strong board and management processes to enable effective governance;
- guiding management to develop a clear tone from the top;
- measuring and monitoring your control culture;
- ensuring your processes incorporate expected levels of key controls;
- documenting the process flows and controls needed to support US Sarbanes-Oxley (SOX) and any other relevant regulations;
- leveraging cutting-edge technology to provide 24/7 review of key processes to identify issues (i.e., continuous monitoring);
- developing monitoring systems to ensure your controls support local governance and reporting needs; and
- delivering internal controls training to management and staff.
External relationships can introduce significant risks.
Our third-party risk management services include due diligence, contract reviews, and continuous monitoring, helping you manage supplier, vendor, and partner risks with confidence.
In an interconnected business environment, knowing your business partners and vendors is critical to maintaining the trust and confidence of your customers and stakeholders. By bringing together industry-specific skills in technology, regulatory compliance, financial and accounting and other business processes, we help you assess your third-party risk management program.
Our services include:
- designing and implementing a third-party risk management framework;
- reviewing the overall framework for third-party risk;
- performing a specific deep dive over a specific outsourcing arrangement;
- designing and operating a compliance program for managing service provider relationships;
- supporting reviews of frameworks for compliance; and
- completing assurance reviews for the benefit of stakeholders.
Insightful process reviews identify inefficiencies, control gaps, and improvement opportunities across business and IT functions.
We document (“manualize”) processes comprehensively, facilitating consistent execution, compliance adherence, and process automation.
We offer expert guidance on strengthening your internal control environment, identifying redundancies, and integrating controls seamlessly to maximize efficiency and effectiveness.
Our services include:
- designing and reviewing existing standard operating procedures to reflect the current operating environment;
- benchmarking processes and/or systems against leading industry control templates;
- optimizing existing internal controls to address the most critical business risks;
- developing risk-based, internal control frameworks; and
- upskilling your team on controls documentation in accordance with the Committee of Sponsoring Organisations of the Treadway Commission (COSO) method.
Navigating Sarbanes-Oxley (SOX) and Japan SOX (J-SOX) compliance demands rigorous internal control documentation and testing.
We guide your preparation, conduct remediation where needed, and perform testing to ensure full compliance, reducing regulatory risk.
We help you deliver internal controls advisory services in accordance with Section 404 of the US Sarbanes-Oxley Act (SOX), Japanese Financial Instruments and Exchange Act (J-SOX), and other laws and regulations through:
- Delivering customized, interactive training programs and workshops focused on the familiarization of employees with SOX and J-SOX requirements;
- delivering risk assessment and scoping exercises;
- assessing the degree of readiness and the level of maturity of company controls in meeting SOX and J-SOX requirements;
- documenting key business processes (through narratives, flowcharts, and/or risk matrices), identifying key controls, performing walkthroughs, and assessing the design effectiveness of controls based on PCAOB standards and the COSO framework;
- testing the operating effectiveness of company controls; and
- evaluating identified deficiencies and providing recommendations for improvement.
Contact us
Follow PwC Philippines
