Taking an agile risk management approach, underpinned by good governance, has been key to our resilience
Responsive, robust, purposeful
Over this financial year, we’ve managed a number of issues in an increasingly complex and changing environment, reinforcing the importance of our approach to risk management and our firm governance model. These included the ongoing impact of the war in Ukraine, the emerging challenges and opportunities from the rise of technology such as AI, and the impact of the cost of living crisis.
There have also been some high-profile failures outside of the UK that serve to remind us of the importance of acting ethically and with integrity at all times. And while our UK firm governance model is mature, we recognise the need to continue evolving it in response to new requirements and to ensure that it is resilient to the pace of change.
We support the ongoing reform to the corporate governance, reporting and audit system, and believe that it remains central to maintaining and strengthening the UK's reputation as a trusted and leading place to do business.
The firm also welcomes the FRC’s review of the UK Corporate Governance Code and its efforts to continue driving up standards, and is engaged with the consultation that was launched in May 2023.
Our purpose - to build trust in society and solve important problems - remains at the heart of our approach to firm governance and is central to our decision-making processes and our risk appetite. It also informs how we manage our business in the interests of our people, partners, and stakeholders. In FY23 the number of staff who said they understood how our work contributes to our Purpose in our firmwide staff Youmatter survey was 82%.
We’ve also spent time reflecting with our leaders on the importance of good governance and how it drives positive behaviours and culture, and the Board remains committed to holding that continual dialogue and striving for improvement.
Driven by transformation
Companies are dealing with more diverse, fast-moving and unpredictable risks than ever before. When faced with uncertainty and risk, the organisations that are most successful are those with robust systems of governance, risk management and control. And as companies prepare for new rules requiring a directors’ statement about the effectiveness of their internal controls, some are taking the opportunity to fundamentally upgrade their control environment.
As part of Belron’s network-wide technology and system upgrade, we helped design a new controls framework that not only supported their ability to assess the effectiveness of their financial, operational and compliance systems, but to respond to growing demand from a range of stakeholders.
This includes insurance companies, whose primary focus is getting customers who have suffered damage to their car windows back on the road as quickly as possible. New controls built in around the location of inventory, for example, have become essential in demonstrating how Belron is able to get the right pieces of glass to the right store in plenty of time.
By taking the opportunity of the network-wide upgrade to redesign Belron’s control environment from the ground up, we were able to help them build the flexibility to respond to both current and future compliance requirements.
Roadmap to success
Belron’s goal was to achieve a ‘best in class’ setup, which improved board level overview of risk and control across nearly 20 separate businesses that need to continue to operate independently.
We helped by baselining Belron against other organisations of similar size and complexity, which provided an understanding of the current state of play versus peers, and helped management to establish a consensus on where they wanted to be.
Working in partnership with Belron, we also supported the development of a roadmap that set out the required change points. We helped them create a controls framework, policy standardisation and incorporated automated controls to help monitor compliance.
Our specialists continue to help execute this roadmap across the Belron group, such as through control design work in system transformation programmes, and other strategic priorities. These include the development of control self assessments, and implementation of governance risk and control technology.
A key to success was the time spent articulating to senior stakeholders and control owners the importance of risk and controls and their role in enabling the transformation, and delivering the ultimate vision. Clear accountability and creating a culture of risk and control was an important success drive of our work.
We supported Belron to achieve this through:
- Defining roles to enable Belron to identify control owners.
- Recommending a safe environment for control owners to discuss risk and controls through a dedicated network.
- Providing control owners with the support they needed:
- We designed and ran a foundational training course in FY23, for control owners to reset and remind people what was meant by risk and controls at Belron, how risk is managed and what was expected of them.
- We held detailed sessions to articulate how controls should be operated in the system to maximise automation.
Our work upskilling the team means they understand their roles and what is expected of them, ensuring the people operating Belron’s controls know exactly what they need to do.
“PwC bring a helpful independent view of how organisations are designed and operate; given the scale of their client base, they can effectively provide benchmarking against similar organisations. Their willingness to provide robust challenge, desire to bring a different perspective and experience makes them a helpful partner to work along-side.”
Group Director of Risk
and Internal Audit
Responding to our stakeholders
During FY23 we significantly refreshed our materiality matrix, which included extensive consultation with stakeholders, through surveys and interviews with our people, alumni, the investor community, as well as ongoing feedback from clients and some additional desk-based analysis. The results were discussed with members of our Executive Board and now underpin our purpose-led framework. A wide range of stakeholders, including regulators, policymakers, clients and our people, shape our thinking as a business, and benefit from our products and services. We engage with these stakeholders to gain a greater understanding of their challenges and experiences, as well as collaborate with them for deeper insight and mutual benefit.
To help fulfil our purpose, we also aim to make a constructive contribution to public policy debates, while maintaining a strict policy of political neutrality. For example, through our submission to the Government’s Net Zero review led by Chris Skidmore MP. Meanwhile, our tax strategy sets out our approach to managing risk and developing good governance in relation to taxation.
Our risk register breaks down the principal risks facing the firm, including those that are externally influenced such as geopolitical issues, and operational issues including cybersecurity. In response, we work collaboratively with our Risk Governance bodies to ensure our approach to assessing risk is agile, and that we can evolve our risk culture to adapt to the changing landscape, implementing mitigants that protect our firm, our clients and deliver on our purpose.
For example, in FY23 we’ve added in risks related to the climate and environment, and our responsibilities to the firm and our clients on the transition to net zero.
On a firm-wide basis, all staff (including contractors and secondees) and UK Firm partners are required to complete annual mandatory training to reinforce our risk aware and resilient culture. As in FY22, we are proud to continue our 100% completion rate, demonstrating our people’s commitment to managing risk and combating corruption.
Our Code of Conduct is based on the PwC Purpose and a core set of shared values. The Code sets out a common framework around how we are expected to behave, do business and to do the right thing. This includes encouraging our people to use our Speak Up helpline if they come across a situation that is inconsistent with the Code or our values.
We also have a dedicated Business Conduct team, are required to report to the FRC on non-financial conduct matters, and a duty to report to the ICAEW.
There have been no major non-conformities under ISO 27001, which is the international standard for managing information security.
Our Transparency Report is designed to help our stakeholders stay informed about important information relating to our Audit practice and audit-related services, which will be updated for FY23 and released on 30 October 2023. As the audit profession continues to be under significant scrutiny and given its importance to corporate governance and the functioning of the economy, we consider it critical to continue to share insight into what we do, and how we do it - whether it’s our approach to recruiting, training and rewarding our people, our focus on audit quality, or how we create an inclusive culture - all overseen by robust governance structures.
Our governance
structures
We are a large partnership managed and governed by four main bodies each with a different role and responsibility. The key matters, and how the firm managed risk, considered in the year by our governance bodies included culture, people, quality, performance, regulation and reputation.
Management board Our executive body responsible for the policies, strategy, direction and management of the UK firm. Read more about the management board.
Supervisory Board Our elected governance body with responsibility for the interests and wellbeing of the wider partnership and the UK firm. Read more about the supervisory board
Public Interest Body Our majority independent governance body responsible for discharging PwC UK’s duties under the Audit Firm Governance Code. Read more about the public interest body
Audit Oversight Body Our Audit Oversight Body is a committee of the Public Interest Body whose purpose it is to oversee the UK firm’s obligations with respect to the pursuit of the Financial Reporting Council’s objectives, outcomes and principles for operational separation of audit practices insofar as they are within the control of the audit practice. Read more about the oversight body
You can hear more from members of our governing bodies in our Transparency Report.
Modern slavery
As a leading professional services firm, we’re committed to respecting and upholding internationally recognised human rights. Heightened by current geopolitical instability, the rising cost of living and the effects of climate changes are being felt more starkly across the world, leaving vulnerable people exposed to exploitation. That’s why it’s important that we continue to identify and manage potential risks associated with human rights violations in our business and supply chain, adapting to changing times and global issues.
In FY23 we continued to review and strengthen our approach to human rights, including modern slavery, across our operations and supply chain. We have a comprehensive programme to manage the associated direct and indirect risks. Meeting the UK legislative requirements of the Modern Slavery Act (2015), our approach draws on the principles of the UNGP’s Reporting Framework.
Contact us
