Governance, Risk & Compliance (GRC)

No matter where you are in your risk management journey, we can support you in setting up or improving your ERM function (in accordance with COSO ERM or ISO 31000) to meet your aspirations for risk management.

As co-authors of the COSO ERM standard, we understand how to adapt ERM principles to suit your unique operating model and objectives. This entails the development of your ERM Framework, including the ERM policy, procedures, governance, strategy and risk appetite.

We conduct maturity assessments and audits of your current risk management capability, providing you tailored recommendations in a defined implementation roadmap on how to take your ERM function to the next level.

Our PwC methodology assesses your capability in line with leading standards and practices, including ISO 31000 and COSO ERM.

Our professionals are highly experienced in the risk management process, meaning we can implement your framework to help you identify, assess, analyze, treat and monitor your most important strategic risks across the enterprise.

This typically involves the preparation of departmental and corporate risk registers (or risk profiles), in addition to risk reporting and dashboards for Management and Boards.

We will support you in identifying existing mitigation capabilities and potential opportunities for enhancements which will allow you to understand your current effectiveness and as needed implement additional controls to manage risk in alignment with your risk appetite and strategy.

We support organisations in developing their risk appetite for all categories of risk, support in quantifying the risk appetite thresholds and risk tolerance. We then help organisations operationalize the risk appetite through developing risk assessment criteria (impact and likelihood criteria) that will help the organisations to use the risk appetite on operational decisions.

We will assist you in developing key risk indicators (KRIs), key control indicators (KCIs) policy and facilitate the identification of these indicators and implementation.

We will help you to skill up your current risk management staff or risk champions through formal workshops, digital training modules and on-job training to ensure smooth running of the risk management department.

We offer end-to-end BCM implementation covering the BCM lifecycle in the following phases:

• BCM framework to govern your organisation's BCM programme
• Risk assessment and business impact analysis to understand and identify the potential threats and your organisation's critical business activities
• Business continuity strategy to enable the organisation to resume business operations with the most practical and cost-effective solutions
• Business continuity procedure to document workable processes to be performed by employees during a crisis. Aside from Crisis Management Plan and Business Continuity Management Plans, we can also assist to develop other contingency plans catered to specific situations to further support your company's BCM programme, such as IT Disaster Recovery Plan, Pandemic Plan, Contingency Funding Plan, Recovery and Resolution Plan and more.
• Exercising and testing to ensure that the plans and strategies developed are effective and reliable

We are also able to implement selected phases focused to fit your organisation's objectives and needs. 

Already have a BCM programme in your organisation but unsure how relevant and robust it is? We offer the following solutions to address these concerns:

• BCM effectiveness review
  An independent assessment of your organisation's BCM documentations against best practices or relevant standards and guidelines to identify gaps and improvement points. This review can also be part of your organisation's internal audit plan.
• BCM maturity assessment
  An evaluation to study the maturity of your organisation's existing BCM capabilities against best practices and relevant standards and guidelines.

While plans and infrastructure are important, the success of your BCM programme depends on your most valuable asset--your people. It is important that your employees are aware of your company's BCM programme and their respective roles and responsibilities. To help you achieve this, we can conduct customised training workshops or refresher courses based on your objectives and target audience.

We have extensive experience in assisting Audit Committees in different industries. We understand the legislation, know the classic pitfalls and provide bespoke advice on how leading practice should be applied in each organisation. 

We can help you with:

• The committee's mandate, role and annual plan
• Scope and content of Management's reporting to the Committee
• Competence building in accounting reporting and rules
• Competence building in internal audit, risk management and internal control

We help you conduct reviews of your Board to determine their effectiveness in performing their duties. We tailor our review approach to your specific circumstances and work with you to plan a review that takes into account your business, its environment, and more.

Our review of the board goes beyond the boardroom to include other stakeholders’ perspectives in understanding the true impact of the board’s activities.

An effective induction supports new directors in their role by providing them with the necessary information of the organisation to become as effective as possible in their role.

It is also important that the directors continue to be informed of their duties and relevant regulatory changes in order to sufficiently discharge their fiduciary duties.

We can construct an induction and training programme tailored to your organisation's culture, taking into consideration leading practices and deliver these.

We help our clients undertake specific regulatory and compliance reviews on domain subject matters (i.e. AML/CFT, ISO, MACC Adequate Procedures) and the design of remediation programmes to address gaps identified.

Organisations need to understand and appreciate their regulatory and compliance obligations to facilitate business practices. They dictate the planning and execution required to ensure compliance with the relevant standards.

We help our clients define the mechanism and process in identifying the compliance universe, applying it in the context of the organisation, monitoring and reporting of these requirements. Our compliance risk assessment model has been designed to:

• Scan the compliance and regulatory universe
• Function as a centralised depository as the and our core source of information
• Apply a risk-based approach to prioritise the regulations that matter most to the organisation and where resources should be focused on
• Translate regulatory and compliance requirements into reporting dashboards to monitor compliance risk