Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Breaking down barriers to compliance assurance


Published on

In the age of increasing government regulation and ever-present corporate scandals, boards, Audit Committees, and management seek greater assurance that critical organizational risks are being …

In the age of increasing government regulation and ever-present corporate scandals, boards, Audit Committees, and management seek greater assurance that critical organizational risks are being addressed efficiently and effectively. Many Audit Committees and members of management want to better understand the various roles in governance and risk assurance across the lines of defense-business operations, compliance, and internal audit. As a result, compliance and internal audit are being forced to make collaboration a reality and make it visible to the organization.

Presented at the Creating value and trust: Navigating risk and meeting customer expectations, PwC's Internal Audit Ethics and Compliance Retail and Consumer Roundtable for internal audit and ethics and compliance executives, April 2014.

For more information, visit:

Published in: Retail
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Breaking Down Barriers to Compliance Assurance PwC Retail & Consumer Roundtable April 23, 2014
  • 2. PwC Three lines of defense – a foundation for effective governance 2 1st Line of defense: Functional and line management are responsible for operationalizing risk management and internal controls 2nd Line of defense: Risk management and compliance functions are responsible for establishing and monitoring policies and standards 3rd Line of defense: Internal audit is responsible for providing objective assurance and advice on governance, risk and compliance Senior Management Board / Audit Committee
  • 3. PwC 3 Framework for effective compliance Business strategy Business management Business assurance Tone at the top Risk assessment Lines of communication Oversightand responsibility Policies and procedures Training Monitoring Auditing Enforcement and discipline Response and prevention How are your various functions working together to address compliance risk?
  • 4. PwC Eight foundational attributes of internal audit 4 Internal Audit Business alignment Risk focus Talent model Stakeholder management Cost effectiveness Technology Service culture Quality and innovation What is internal audit’s role in providing compliance assurance?
  • 5. PwC Stakeholders seek greater functional alignment and enhanced “compliance assurance” 5 Desire for greater compliance assurance Common view of risk / risk assessment integration Coordination of scope to reduce duplication / eliminate silos Process standardization and technology to improve efficiency and effectiveness Auditing to confirm standards are in place and governance activities are working Monitoring of key compliance risks Aligned investigation practices across areas Consistency and transparency in reporting and communications Issue triaging and trending to enhance compliance
  • 6. PwC Aligning around key organizational compliance risks 6 Ethics and compliance scope of responsibility: Shared mainly with corporate function owner(s) Shared mainly with business unit owner(s) Code of Conduct / Helpline Anti-Bribery/ Anti-Corruption Competition Law/Antitrust Corporate Governance Insider Trading Labor & Employment Ethical Sourcing & Supplier Compliance Contract Compliance Financial Reporting/ SOX International Trade M&A DD / Integration Protection and Proper Use of Company Assets Tax Primary accountability Partial responsibility Coordination with Legal, EH&S, Procurement, BUs, Geographies, etc. Limited responsibility Reliance on functions, BUs, geographies, etc. Privacy IT Security Other Regulations Fraud Prevention Confidentiality Corporate Opportunities Discrimination and Harassment Conflicts of Interest
  • 7. PwC Key compliance integration points 7 Risk assessment Monitoriing Auditing Tone 1 - Business Operations • Owns and manages risks • Responsible for maintaining effective internal controls • Executes daily risk and control procedures • Identifies, assesses, controls, and mitigates risks • Develops and implements internal policies and procedures 2 - Ethics & Compliance • Oversees / monitors risks • Helps to translate legal interpretation of laws / regulations into actionable standards / policies / procedures for operations to implement • Facilitates transparent communications to the Board / Audit Committee regarding compliance risks / issues • Collaborates with other functions within the organization to create a culture of compliance 3 - Internal Audit • Provides independent assurance • Scope of assurance is broad – strategic, operations, financial reporting, and compliance risks • Provides management and the Audit Committee with assurance regarding the design and operation of governance, risk management and control processes Enforcement & discipline Response & prevention Lines of communication
  • 8. PwC Driving collaboration and coverage – a sample RACI model Compliance strategy & initiatives Compliance risk assessment Compliance monitoring & reporting Compliance policies & procedures Compliance communication & training Incident Management Chief Compliance Officer R R R R A R Compliance Committee A A A A I A Human Resources C I I R R R Compliance Program Leaders R C C C R I Business Unit Leaders A A A/I I A/I A/C Audit Committee A A I I I A Internal Audit C C I I I I Corporate-wideBusinessOversight 8 R = Responsible A = Accountable C = Consulted I = Informed
  • 9. PwC Compliance monitoring framework Process Governance Tools Records-based(Process) Observations-based(Field) Data-based(Statistical) Taking a risk-based monitoring approach and leveraging consistent processes, structured governance and available tools helps to more effectively identify potential compliance risks, necessary process changes and training opportunities. 9
  • 10. PwC Bringing it all together – integrating compliance and risk management 10
  • 11. PwC Thank you Andrea Falcione Managing Director 617-530-5011 Michelle Horton Director 312-298-5701 11
  • 12. PwC 12 This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.