• Advisory

Risk Consulting

Risk management is not the responsibility of a single department

it is the responsibility of everyone, from the chief executive down. Past corporate failings have been attributed to lack of accountability, strategy and transparency.

Tougher expectations by regulators and other stakeholders now mean that corporates and financial institutions should demonstrate better discipline, control and responsibility. Failure to keep on top of and comply with existing and emerging regulation could jeopardize reputations and livelihoods. How robust is your governance, risk and compliance program?

Financial risks have probably never been more acute. Capital reserves, credit portfolios, investment policies and capital and debt profiles all demand constant scrutiny to adequately manage and mitigate risk.

Companies should also be vigilant about risks presented by suppliers. A counterparty who defaults on a contract, or whose business collapses, can have serious financial and reputational ramifications for connected parties.

Fraud risks can also increase when cash is tight. Some employees become more opportunistic — and external hackers more resourceful. They find security lax in areas of the business that used to be better resourced … and they strike. Are your systems and policies sufficiently robust to ward off the risk of fraud?

At the same time, many companies are more likely to pursue litigation for losses that they would otherwise endure in more prosperous times. Disputes arise as they seek to apportion blame to other parties for inappropriate or negligent behavior that results in financial or business loss. Could you end up as instigator or defendant in a litigation case?

With all these demands, internal audit is in many companies often elevated from pure compliance to a function that regularly reviews the risk profile for emerging risks and identifies trends as it keeps its finger on the pulse of business performance. The chief risk officer, meanwhile, becomes increasingly involved in strategic decision-making where the emphasis is as much on risk as it is on growth.

Managing IT risk and compliance

How PKF member firms can help

Amid an evolving regulatory environment and increased oversight pressures, organizations face ongoing challenges to manage and comply with ever-mounting regulations that are coming their way. At the same time, organizations are focused on managing new and persistent risks to their business, while balancing revenue growth and expense saving business priorities.

In the face of these challenges, managing IT risk and compliance has become even more critical, as IT failures can lead to reputational damage, customer and market valuation loss, and an increase in privacy issues and high-profile legal exposure. In this environment, enhancing IT controls is crucial to help ensure businesses are managed and controlled appropriately, and functioning reliably.

The right technology, implemented properly, appropriately managed and monitored, can lead to significant gains in growth and efficiency. It is essential to get sound business advice to help ensure technology risks are managed.

We work with clients to analyze business technology issues within their businesses. We assist clients with the following areas:

Information Protection and Business Resiliency Advisory

Security Technology Assessment and Architecture.

Includes Security Testing and Assessment services, SEIM/Incident Response, and Security Architecture Services (Encryption, Firewalls, Endpoint, etc.)

  • Business and Technology Resilience

Includes contingency planning for disaster recovery, Business Continuity Management planning to ensure business functions continue in the event of business interruption and Crisis Management preparation.

  • Information Governance and Privacy

Focus on controls (confidentiality, Integrity, and Availability) of information, including operational and regulatory sensitive information.

  • Security Strategy & Governance

Includes Security Strategy, Organizational Governance and major Information Protection project/program
support.