Featured insights

2024 Global Digital Trust Insights Survey

C-Suite insights

Board governance issues

Case studies

ESG

PwC Executive Pulse

Podcasts

Tech Effect

Webcasts

All Research and insights

Featured

The New Equation

Executive leadership hub - What’s important to the C-suite?

Capabilities

Audit and assurance

Alliances and ecosystems

Board governance issues

Business Model Reinvention

Cloud and digital

Consulting

Cybersecurity, Risk and Regulatory

Deals

Digital assets and crypto

Digital assurance and transparency

Financial statement audit

Generative AI

Managed Services

Metaverse

PwC Private

Sustainability and ESG

Tax services

Transformation

Viewpoint

All capabilities

Industries

Consumer markets

Energy, utilities and resources

Financial services

Health industries

Industrial products

Technology, media and telecommunications

All industries

Technology

Alliances and ecosystems

Cloud and digital

Delivery platforms

Emerging technology

Products

Tech-enabled services

Tech Effect

About us

Alumni

Analyst relations

Investing in our people

Newsroom

Offices

Our leadership

Purpose and values

The New Equation

Featured

The New Equation

Tech Effect

Careers

Why PwC

Entry Level Careers

Experienced Careers

University Relations

Featured

Shared success benefits

Loading Results

No Match Found

PwC’s Integrated Risk Technology (IRT) Framework

Seth Rosensweig Partner, Cyber, Risk and Regulatory, PwC US June 04, 2021

PwC’s Integrated Risk Technology (IRT) Framework outlines the key components for tech-enabling modernized risk management programs - including, and beyond, enterprise Governance Risk & Compliance (eGRC) technology. From risk vision and strategy through to the people and change management required to drive change and deliver value to the organization. Follow this series to learn more about PwC's perspective on IRT and what we’re seeing in the marketplace; and to take a deep dive into the different areas of the framework.

Modernizing risk management with Integrated Risk Technology and enterprise GRC

An abundance of data, emerging technologies and ever growing complexity in the business landscape are forcing organizations to rethink how to modernize their risk management to keep pace. And while it’s not the only component of modernization, a large part involves designing and implementing Integrated Risk Technology which includes eGRC that enables risk and compliance functions to work in concert to proactively manage risk and achieve strategic business objectives.

Let’s face it — organizations no longer rely on one technology to enable all of their risk programs and processes. Most companies have moved from a single system of record to an IRT ecosystem, which includes and goes beyond enterprise GRC technology. While the goal is the same — a complete and relevant view of governance, risk and compliance across the organization that provides insights to inform business decision making — the journey to accomplish this looks different.

Architect for the future: Implementing IRT requires strategic forward thinking about not only what’s important today, but what will be important for leaders to know and make better risk-informed decisions tomorrow — creating an IRT strategy in support of your business and risk objectives. Then it’s just like building a house. Get yourself a “solution architect” who will design an IRT blueprint that includes the various tools, technologies, data and processes that need to be part of the solution. To be clear, this is not an exercise to replace your current technology, but rather a strategic initiative that is going to change the way you manage risk and compliance.
Govern with a fresh lens: One of the most critical things in an IRT implementation is strong governance. From setting the vision and blueprint, to overseeing the execution of the IRT strategy, it requires significant investment from a cross-functional decision-making body like a steering committee. Though the concept of a steering committee is not new, in an IRT ecosystem, this governing body now has purview over multiple technologies and data sets, including automation and potentially bespoke complementary tools. Governing how the people, processes, data and technologies interact to modernize risk management is complex; as is overseeing the total cost of ownership and ROI, which make it imperative to select the right leaders to govern IRT.
Deliver valuable insights: An IRT ecosystem necessitates the creation of a robust abstraction and analytics layer with a well thought out strategy for the various types and levels of reporting because data lives in multiple places now. More importantly, integrated data-driven risk reporting is truly the value of IRT. In the journey to modernization, organizations are training their practitioners to have a data-driven mindset; and many are even hiring specifically for skillsets in data analytics and visualization that were not traditionally core to risk and compliance programs. Pro tip — build great reports as fast as humanly possible, and use them to show stakeholders the power of IRT, demonstrate value and drive adoption. Seeing is believing!

Managing an IRT ecosystem is a whole new challenge — as if managing one tool was not hard enough. So think about your risk programs and the multiple interconnected technologies that make up your ecosystem. Do you have your blueprint? What needs to change to more effectively govern the ecosystem? And what resources do you need in order to capitalize on the power of the data within the ecosystem and deliver valuable risk insights to your organization?

Additional insights

Trust solutions Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.