Quality and risk management

Similar documents
Risks and uncertainties

Principal risks and uncertainties

Quality Assurance Checklist

Information Security: Business Assurance Guidelines

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Director, Sales and Marketing

U & D COAL LIMITED A.C.N BOARD CHARTER

Risk and Audit Committee Terms of Reference. 16 June 2016

Regulatory Standards of Governance and Financial Management

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Information Governance Strategy & Policy

Business Continuity Management

ISA 620, Using the Work of an Auditor s Expert. Proposed ISA 500 (Redrafted), Considering the Relevance and Reliability of Audit Evidence

APES 320 Quality Control for Firms

ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE)

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Consultation: Auditing and ethical standards

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

The Principles of Professionalism

Internal Audit and supervisory expectations building on progress

Internal Control Questionnaire and Assessment

BUSINESS CONTINUITY MANAGEMENT POLICY

Compliance. Compliance Toolkit. Protecting Charities from Harm. Chapter 2 Due Diligence, Monitoring and Verification of End Use of Charitable Funds

INTERNATIONAL STANDARD ON AUDITING 800 SPECIAL CONSIDERATIONS AUDITS OF FINANCIAL STATEMENTS PREPARED IN ACCORDANCE WITH SPECIAL PURPOSE FRAMEWORKS

Need to protect your information? Take action with BSI s ISO/IEC

Zurich Insurance Group. Our people 2014

NamCode. The Corporate Governance Code for Namibia

Statement of Procurement Conduct

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

The Critical Role of the Board of Directors in Acquisitions

INFORMATION GOVERNANCE POLICY

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

CODE OF CONDUCT AND ETHICS

Final Draft Revised Ethical Standard 2016

RISK BASED INTERNAL AUDIT

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Business Conduct, Compliance and Ethics Program. important

Government Communication Professional Competency Framework

Health and Safety Policy and Procedures

Macarthur Minerals Limited CODE OF CONDUCT. February 2012

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

the role of the head of internal audit in public service organisations 2010

REFORM OF STATUTORY AUDIT

CORPORATE GOVERNANCE TREASURY WINE ESTATES ANNUAL REPORT FY2014 / 33

Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

APES 325 Risk Management for Firms

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY

POLICY INVESTIGATIONS OF LEGAL AND ETHICAL MISCONDUCT

Indicator Protocols Set Product Responsibility (PR)

WHITE PAPER Third-Party Risk Management Lifecycle Guide

Solihull Clinical Commissioning Group

A Changing Commission: How it affects you - Issue 1

The Maersk Group s. Group Policies. maersk.com

(Effective as of December 15, 2009) CONTENTS

Norwich University Information Assurance Security Policy. Final Version 10.0 for Implementation

Statement of Guidance: Outsourcing All Regulated Entities

Corporate Governance Report

2015 WAS A MIXED YEAR FOR THE INDONE- SIAN RECRUITMENT MARKET.

OUR CODE OF ETHICS. June 2013

Disability Employment Services Quality Framework Advice V 2.0

KPMG LLP (CANADA) 2014 TRANSPARENCY REPORT. kpmg.ca

APB ETHICAL STANDARD 1 (REVISED) INTEGRITY, OBJECTIVITY AND INDEPENDENCE

Good Practice Guide: the internal audit role in information assurance

The Compliance Universe

Victorian Government Information and Communication Technology (ICT) Governance

How To Ensure That A Quality Control System Is Working Properly

Guidance for audit committees. The internal audit function

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

Board Governance Principles Amended September 29, 2012 Tyco International Ltd.

QUALITY ASSURANCE POLICY

Information Governance Management Framework

TERMS OF REFERENCE BOARD OF DIRECTORS

The PNC Financial Services Group, Inc. Business Continuity Program

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting

-Vacancy - Head of Communications (m/f) Fulltime & based in Berlin

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200

Role of IRB/IEC in GCP. Benjamin Kuo, MD, Dr.PH, CIP.

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

Corporate Governance in the ATP Group

ISO/IEC Information Security Management. Securing your information assets Product Guide

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

Corporate governance statement

Information Governance Strategy 2015/16

THE OPTIONS CLEARING CORPORATION BOARD OF DIRECTORS CORPORATE GOVERNANCE PRINCIPLES

BAHRAIN TELECOMMUNICATIONS COMPANY B.S.C. AUDIT COMMITTEE CHARTER

75% On the Record. Is Your Organization s Records Management Program Providing High Value or High Risk?

Safety in Management John Thomas and Nancy Leveson. All rights reserved.

Annual Assessment of the External Auditor

QUALITY MANAGEMENT POLICY & PROCEDURES

ORGANIZATIONAL ASSESSMENT TOOL (OAT) for Full Drucker Self-Assessment Process

Please complete the details below as this will help to ensure that we handle your response appropriately.

FREEDOM OF INFORMATION REQUEST

FFIEC Cybersecurity Assessment Tool

Achieve. Performance objectives

School of Management A different kind of business school. Student Work Placements

Audit summary of Security of Infrastructure Control Systems for Water and Transport

Transcription:

www.pwc.co.uk/annualreport Quality and risk management Annual Report 2015

Introduction Managing risk is a clear strategic priority for the Executive Board and senior management of the firm. We have a clear business strategy. In implementing this strategy it is vital that we also manage the risks associated with it. As a result we have a defined process for assessing, monitoring and controlling risk. The Executive Board takes overall responsibility for establishing systems of internal control and for reviewing and evaluating their effectiveness. The day-to-day responsibility for implementation of these systems and for ongoing monitoring of risk and the effectiveness of controls rests with senior management. The systems, which have been in place throughout the financial year and up to the date of approval of these financial statements, include the following: The Risk Council, an Executive Board subcommittee, is responsible for making sure that the controls are in place to identify, evaluate and manage risk. Our lines of service and our internal firm services, which document risks and the responses to them, carry out risk assessments annually and report to the Risk Council on how effectively they have managed risk during the year. Periodic reviews of performance and quality are carried out independently by the PwC network. Our internal audit team reviews the effectiveness of the financial and operational systems and controls throughout the Group and reports to the Executive Board and the Audit and Risk Committee. Our risk and quality functions oversee our professional services risk management systems and report to the Executive Board. We take client acceptance procedures extremely seriously and we do not automatically take on new client engagements or new work for existing clients. Understanding properly both who we are working with and the nature of the work requested is central to protecting our reputation for quality. We have procedures to assess the risks associated with new clients. We seek to serve only those clients we are competent to serve, who value our service and who meet appropriate standards of legitimacy and integrity. We also establish up front whether we are able to comply with independence requirements and to address any potential conflicts of interest. In addition, we conduct annual risk reviews of all audit clients.

Our principal risks The key risks faced by our business and the management response, are summarised below: Risk Quality Significant quality failure in the UK firm or the PwC network due to either engaging with an inappropriate client or inadequate delivery of services leading to a potential service failing, litigation and/or regulatory action. People and talent Failure to engage fully with our people, impacting our ability to attract, develop and retain the best talent and provide quality services. Public perception and reputation Failure to respond in a transparent manner to issues raised by the public interest debates Independence and regulatory requirements Failure to comply with relevant independence, legal, ethical, regulatory or professional requirements. Data compromise Failure to safeguard confidential information. Response Our internal quality management systems, which are designed to maintain and enhance quality, include: Recruitment standards and staff development procedures Client engagement and acceptance processes Client engagement standards supported by methodologies and tools Quality reviews of PwC network firms, including the UK firm Monitoring and review of key performance indicators by the Executive Board Regular reviews of the market for student and experienced talent to understand the firm s relative competitive position Embedding the PwC Professional global leadership framework to support the career progression of our people The deal to support staff engagement Use of various communication and discussion channels to engage with our people Monitoring and review of key performance indicators by the Executive Board, including staff surveys, external Brand Health Index and regular client feedback Embedding a culture of doing the right thing for our people, our clients and our communities, as a matter of strategic intent Open and active engagement in serious debate with relevant stakeholder groups on trust-related and public interest issues to inspire change Sharing of knowledge and insights on trust to sustain, widen and enrich the discussion Established compliance and independence management systems including: Clear policies, procedures and guidance Mandatory annual training for all partners and staff Client and engagement acceptance procedures Annual independence and compliance submissions for all partners and staff enforced by penalties for non-compliance Regular monitoring and reporting to the Executive Board Information Protection Governance Group, chaired by a member of the Executive Board, which provides overall strategic direction, framework and policies for information security The firm operates an ISO/IEC 27001:2013 certified information security management system which includes: Governance and policies for client data and other information Physical, technical and human resource controls Incident response capability Regular monitoring and independent review systems

Risk Regulatory change Failure to manage effectively the impact of changes in the multiple regulatory regimes, both UK and non-uk, under which the UK firm operates. Client assets Failure to appropriately manage client assets, including major client administrations. New business Failure to manage risks created by new business and other innovations in service delivery. Acquisitions Failure to integrate newly acquired business, non-realisation of expected synergies and inadequate on-boarding of new partners and staff. Digital disruption Failure to use advanced technology to underpin new business models and cost structures for existing services. Physical Security Failure to safeguard the physical security of all our people wherever deployed on the firm s business including within our own premises in the UK. Response Regulatory affairs team which leads the firm s efforts to track all changes in applicable regulatory regimes, of whatever origin, under which the UK firm operates Regular updating of firm processes and procedures to ensure compliance by all our people, on all our clients, with all applicable regulations Regular direct interaction, where possible, with applicable regulators to understand detailed provisions of changes and the implications for our businesses Regular/continuous monitoring of the cumulative impact of changes in the regulatory environment on the firm s ability to provide services to Audit clients Well-established procedures for dealing with client assets and related matters including: Portfolio diversification policy Daily monitoring of credit and related ratings and maturities Internal controls and procedures Monitoring and independent review A Treasury committee which receives regular updates on the above Firmwide process for reviewing new business so that relevant risks are identified promptly and addressed Regular reviews of commercial and risk management lessons learnt from recent acquisition experience Clear objective-led management of the integration process for all acquisitions On-boarding processes designed to handle the large number of lateral hires created by acquisitions Significant investment in new and innovative technology solutions for existing services Commitment to new platforms to allow delivery of quality services at a highly competitive pricing point Firmwide travel policy and processes for all our people, incorporating 24/7 tracking and, where appropriate, consultation with a dedicated security team Comprehensive security infrastructure covering all our premises Continuous monitoring of threat levels and issues in overseas travel destinations, and potential threats to our premises. Internal control assessment Our internal control systems are designed to manage, rather than eliminate, the risk of failure to achieve business objectives or, in the case of financial controls, the risk of material misstatement in our financial statements. Accordingly, they provide reasonable but not absolute assurance against such failure or material misstatement. The Executive Board has reviewed the systems of internal control in operation during the year and is satisfied with their effectiveness.

www.pwc.co.uk/annualreport

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information