Enterprise Risk Management: Rethinking risk from a different perspective

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Enterprise Risk Management (ERM) is an oversight tool for Management to enhance online and prior-to-fact capturing of strategic, operational, compliance, financial and external risks surrounding the business environment. In order to confidently provide the required risk information and assurances, an ERM system should be fit-for-purpose and provide a complete and accurate view of the risk profile - if it does not, there is a potential for of being exposed to by increased scrutiny from stakeholders.

What good looks like

What good looks like

While there is no one-size-fits-all approach, the following principles will help you ensure the right building blocks are in place:

  • Risk management is wholly integrated into group business planning and strategic decision making.
  • A formal definition and articulation of your risk appetite for all major risk areas exists, providing practical guidance on acceptable risk and reward.
  • Robust analysis of risk information, focusing challenge and resource on critical risk areas is undertaken.
  • The Board visibly promotes and supports, both in word and spirit, the importance of effective risk management.
  • An embedded early warning system provides timely awareness of changes in control effectiveness and material areas of risk.
  • An understanding exists of the drivers of desired behaviours and the alignment of performance and incentivisation structures.
  • Transparent risk disclosures that balance stakeholder insight with protecting competitive advantage are undertaken
When to act

When to act

There are logical triggers in your business activities that prompt action. Here are some examples: 

  • Risk appetite - are you biting off more than you can chew?
  • Effective monitoring - Is managing crises missing the point?
  • The right culture - have you forgotten something regarding your people risk culture?
  • Providing assurance - do you have the required confidence to report on your risks?

History consistently shows that organisations that fail to effectively manage risk, often themselves fail!

How we can help

How we can help

Drawing on our experience with some of the world’s leading organizations of developing and embedding numerous ERM systems, and our innovative approach to measuring and strengthening culture, we can help you typically in the following areas:

What you gain

What you gain

Enhanced insight

Early and more accurate visibility of changes in the risk landscape in areas that could materially impact corporate objectives, facilitating more timely and informed management intervention.

Superior Performance

Behaviours that generate competitive advantage, and the agility and flexibility needed to anticipate change and capitalize on opportunities.

Increased Stakeholder Trust and Confidence

Reduced performance volatility and increased consistency in delivering objectives, which, combined with greater levels of transparency, engenders stakeholder confidence and potentially enhanced valuations.


Development of a robust ERM framework that complies with ISO 31000:2009 Standard and COSO Framework enables you to comply with local, national, regional and international standards and risk related compliance awards.

Better decisions

Increased awareness and understanding of the Board’s desired risk and reward trade-offs, driving decision making consistency throughout the organization.

Contact us

Hani Kababji

Hani Kababji

Enterprise Risk Management Leader, PwC Middle East

Tel: +966 56 934 4900

Follow us