Transforming Risk into Confidence podcast series and Rich Reynolds National Controls Testing and Monitoring Financial Services Leader and Seth Rosenweig National Digital Risk, GRC and Compliance Technology On Active Monitoring and Active Testing
“ The overall goal is to get the level of assurance and go to the board or executive management and say we are operating within our risk tolerance.
... The data, analytics and automation is one of the most important challenges our clients are facing ”
Mike Maali PwC Internal Audit, Compliance & Risk Management Solutions Practice and Dhiraj Malhotra Partner/Principal performance Governance, Risk and Compliance Practice Leader on Data enabled risk assessment
“With pre-identified data sources and datasets, you can take these with you for a qualitative conversations leveraging a data enabled risk assessment.
These help you scope your audits better with greater precision with greater depth. building over time continuous monitoring activity using data. ”
The TMR Takeaway
What an amazing series, looking at digital risk from each end of the three lines of defence, Mike with an internal audit (3rd line) perspective and Rich with Assurance and Governance (1st and 2nd line)
AND in both cases, across all three lines data and automation are the consistent theme. without data how can Internal Audit identity where controls either fail or don't exist, without data how can assurance and governance leaders report to executives the business is operating within it's risk acceptance thresholds
Data based risk functions ultimately need to collate, consume and construct meaningful outcomes from de-centralised and de-coupled services throughout organisations. Structure this data into something meaningful and then distribute with purpose across all three lines of defence in real time.
QC3 is a digital ground up re-think of risk and assurance with the third line specifically in mind. By secretly structuring the first and second lines in a consumable framework for 3rd line, QC3 provides the digital environment for Internal Audit to interrogate and hold precise qualitative discussions about organisations risk management frameworks and their effectiveness. Furthermore, QC3’s unparalleled digital risk integration and it’s data event API assurance submission services coupled with automated control testing, QC3 propels organisations risk and assurance programs into real time analytical functions supported by population based testing.