Governance Risk and Compliance (GRC) technology: Enabling the three lines of defense

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

GRC technology enables agile and resilient risk management processes by providing a common platform to collaborate, exchange information and conduct reporting. It also helps you to eliminate manual activities and create greater efficiency within each line of defense.

The scope impacted by the three lines of defense

The cornerstone of a successful three lines of defense model is the ability of your organization to create a central foundation:

  • common definitions and processes
  • clear delineation of roles and responsibilities
  • efficient collaboration and information sharing across all parties

GRC technology underpins this foundation and the creation of a robust and sustainable risk management model.

Three lines of defense

First line of defense

Second line of defense

Third line of defense

Management control - responsible for managing the day-to-day execution and management of risks and controls.

Risk management & compliance, among other functions - responsible for overseeing risk from an enterprise POV, making sure the business is in compliance with the law and providing oversight to leadership.

Internal audit - responsible for reviewing that a company’s risks are being managed through the assessment of its internal control framework.

How we can help

PwC’s Internal Audit, Compliance & Risk Management Solutions practice helps you anticipate the risks that can threaten your strategic growth.

Contact us

Mike Maali

Mike Maali

Internal Audit, Compliance & Risk Management Solutions Leader, PwC US

Brian Schwartz

Brian Schwartz

Partner and Primary Author of the Global Risk Study, Risk Assurance, PwC US

Follow us