pwc.co.

uk

Governance,
risk and
control
frameworks
Contents
What’s on your mind? 01
Our point of view 02
Leading practice considerations for governance 04
Track record of success 05
How we can help 06
What you gain 07
When to act 08
Intelligent Digital 09
What’s on your mind?
As companies grow, expand their services and
evolve over time, they must establish sound
governance practices in the management of
risk, and ensure effectiveness and efficiency of
their control environment to facilitate informed
decision making; achieve strategic goals; and
meet the expectations of both internal and
external stakeholders.
However, organisations must understand that a key
enabler of sound risk management and control is an “How can I manage the conflicting
effective system of governance. The presence of strong demands of effective risk management,
governance can no longer be viewed as a reactive
process; instead, faced with increasing uncertainty, cost and regulatory scrutiny?”
organisations must take a proactive stance to manage
risk and realise business opportunities that align with “How do I gain comfort that I am made
stakeholders and ultimately their business strategy. aware of all key risks and issues?”
The process of delivering effective governance and
thereby managing risk can be complex. However, “How do I effectively oversee the
identifying the potential dangers to business resilience constantly changing regulatory
and continued strong performance is essential to environment, regionally and globally,
safeguarding the future of any business. Implementing
effective governance can facilitate information flows to divisionally and functionally impacting
communicate threats through the correct forum, to my business?”
define roles and responsibilities with clear ownership,
and using a common approach, to ensure that risk “How do I gain reliable assurance
reporting and assurance is provided in a timely way.
that risks are being managed to an
Appreciation of the intricate and interrelated nature of acceptable level?”
Governance, Risk and Controls (GRC) Frameworks
means there are some common concerns that our “How do I make sure everyone
clients face in this area. Here are some of the issues
they regularly raise with us: understands their roles and does what is
needed to maximise the opportunities for
the business?”

Governance, risk and control frameworks 1

Our point of view

PwC helps clients to assess, design and

implement leading practice operating models for
their GRC frameworks. These frameworks align
corporate governance to risk management and
control activities to assure and support business
decision making and performance. They also help
demonstrate to stakeholders that the business
is managed effectively, and that the interests of
these stakeholders are protected.

Demonstrability of core We endeavour to ensure each of

governance controls is essential these questions can be answered
for the support of compliance in full, with a focus on innovative,
activities in many sectors. Business digitally enabled practices that
leaders and key decision-makers provide clear line of sight into
must be able to answer the the sources of risk within an
questions ‘why did you make that organisation, ensuring these
decision?’, ‘what are the risks to challenges are aligned to the
its success?’ and ‘how are you overall appetite for risk exposure
managing that risk?’ set by the Board.

2 PwC
Governance, risk and control frameworks 3
Leading practice
considerations for governance

Having a sense of leading practice in the market

is key to realising the benefits that support from
PwC in the area of GRC Frameworks can provide,
not least in terms of regulatory expectations and
a bar that keeps rising. When working alongside
our expert teams, businesses can expect
to achieve:

Governance arrangements Governance, risk and controls

that are benchmarked to that are aligned to corporate
leading practice risk appetite
An in-depth view of an organisation’s An understanding of what the
GRC Frameworks that provides a appetite for exposure to risk should
clear understanding of the flow of be and develop statements that are
information and resources within consistent with the organisations
the organisation. This data can be strategy and existing governance
benchmarked against best practice framework. Where risk exceeds
within the relevant industry sector, appetite, tailored solutions can then
to identify potential areas of be identified to ensure full
improvement and drive enhanced accountability and confidence in
performance/efficiency. future decision-making.

Top-down understanding of
the governance framework
Insight and clarity into the key risks
faced and to assess whether
effective management of these risks
is being realised through the
organisation’s existing governance
framework. As an example, this
would include the provision of
value-adding risk information to
facilitate informed decision-
making, and to enable sufficient
oversight and challenge by the
Board and Senior Management.

4 PwC
Track record of success

At PwC, we’re proud of our extensive experience

in the delivery of effective Governance, Risk and
Control Frameworks. Throughout the years, our
support has helped to deliver a wide array of
success stories for clients, including:

• Delivery of the separation of • We worked with a large retailer

legal and compliance functions to identify a map of key risks,
for a global universal bank. We controls and to reveal sources of
ensured a clear delineation of assurance. From this we were
responsibilities within able to highlight areas of
departments, as well as support duplication, gaps in controls and
in outlining function mandates, ensure that there was an
and engagement model, appropriate mix of types of
interaction model and assurance activity.
communications strategy.
• Working alongside a global
financial institution, we
developed a framework to
monitor and manage
reputational risk. We advised on
how to define reputational risk
appetite and build a tailored
control framework and risk
assessment process around this.

Governance, risk and control frameworks 5

How we can help

PwC is able to provide a range of services designed to

provide greater clarity on Governance, Risk and Control
Frameworks, as well as to support best practice in
this area.

Our services include:

Governance frameworks
We assist management to design and implement governance frameworks that ensure
effective support and delivery of organisational priorities and strategy. This is achieved
through effective monitoring, reporting and engagement.

Risk assessment and monitoring

Identification of internal and external risk factors, including ‘horizon scanning’. We support
the development of a clear operational risk framework in line with risk appetite, as well
as support in response to risk-related incidents including detailed risk cause analysis and
remediation plans.

Control environment support

Identification of expected standards of conduct and internal controls on processes. We help
to design and implement control activities along the end-to-end business process. We map
risk, key controls and where assurance is provided over those risks to highlight gaps and
areas of duplication.

Technology-enabled solutions
Assist clients in technology-enabled GRC strategy, vendor selection, technology
implementation and transformational activities. Our services are supported by the latest
innovations in technology to deliver evidence-based insight and recommendations for
improvement.

Training and engagement

Working with key individuals and departments, we provide training to improve risk and
control capabilities, as well as supporting enhanced ‘controls consciousness’ for positive
behavioural change.

6 PwC
What you gain

Organisations that partner with us in this area can expect

to receive a range of benefits through their investment in
enhanced governance. These include:

Clear accountability Increased agility through a

sustainable model
Clearly marking individual
responsibilities and accountability to Models that provide clarity over roles,
facilitate enhanced oversight and which are tailored to the needs of the
support better future decision- client and are functional, clear and
making. consistent in the way they operate,
help to deliver more sustainable and
Increased efficiency and responsive strategy.
cost control
Combined, all of the above advantages
Skills and capabilities profiling,
to our clients help in the delivery of
coupled with process and
more effective risk management
responsibilities review, enables
that remains rigorous and effective
optimisation of workforce strategy
over the long-term.
without compromising risk coverage.
Greater visibility
The streamlining and simplification of
processes and controls supports the
delivery of more meaningful
management information and
stronger governance.

Governance, risk and control frameworks 7

When to act

Based on our extensive experience of providing

support to organisations in the area of Governance,
Risk and Control Frameworks, we have identified a
number of common triggers to this type of activity
among our clients:

Structural or Increased risk/ You have New/updated Your company is Your organisation
internal processes complexity has witnessed failure regulation or pursuing a new has poor visibility
have changed emerged within in your existing legislation that direction into its internal
within your your sector governance, affects your controls/processes/
business risk and control business – how employee behaviour
framework does this relate
to us?

8 PwC
Intelligent Digital
At PwC, we are harnessing the power of Intelligent Digital,
helping our clients to rethink their futures and reshape their
own world. We are using business understanding, innovation in
technology and human insight to help solve important problems,
meet human needs and make a difference to society.

Assuring our Governance, Risk and Control Frameworks are

based on strong evidence means a greater use of new technologies
to get to the heart of how organisations manage their exposure
to risk. Informed decision-making is essential to helping
organisations to safeguard their long-term success.

As a result, we remain committed to utilising the latest

technologies and innovative practices to support our clients
in understanding the world in which they operate and how to
better ensure they maintain a strong governance framework for
the future.

Governance, risk and control frameworks 9

Get in touch
James Maxwell
Partner – Assurance, PwC
+44 (0)7525 925982
[email protected]

Nicola Shield
Partner – Governance, Risk & Compliance, PwC
+44 (0)7931 388648
[email protected]

pwc.co.uk
This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

© 2018 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the UK member firm, and may sometimes refer to the PwC network.
Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

September 2018/180823-144803-KK-OS