Director’s guide to ERM fundamentals

ERM programs are intended to formalize how risks are identified, assessed, managed, monitored and reported on in light of strategic priorities. But what we’re seeing is that some ERM programs aren’t getting the desired traction, either losing momentum or lacking adequate investment. In short, they’re not doing what they’re supposed to do.

Having an effective ERM program can help the board and management make more informed decisions in the face of uncertainty — whether that’s specific to a particular company or sector or facing the entire economic landscape.

Read the report to learn more

How to use this guide

The first part of this guide introduces what it means to build a sustainable and enabling ERM program, including how the board can assess whether their ERM program’s maturity is where it should be. The second part of this guide outlines six key elements that we think make up an effective Enterprise Risk Management program. These key elements offer directors a foundation for overseeing enterprise risk management.

Enterprise

  • Alignment with corporate strategy: helping boards oversee risk as part of strategic planning and execution, not separate risk from strategy
  • Risk strategy and governance: driving clarity for managing and overseeing risk

Risk

  • A common risk language: promoting a consistent view of risk
  • Enterprise risk assessment: helping senior leadership and the board prioritize risk

Management

  • Risk response plans: managing prioritized risks
  • Ongoing monitoring: recognizing changes in risk

PwC’s ERM Maturity Model at a high level

How can we assess whether our ERM program’s maturity is where it should be?

Boards should question the maturity of the company’s ERM program and help management set expectations for where the organization wants to be in the future.

Foundational elements of enterprise risk management — breaking E-R-M down

Alignment with corporate strategy

Helping boards oversee risk as part of strategic planning and execution, not separate risk from strategy

Unexpected risk events have shown boards and management the value of instituting ERM practices. The degree of complexity and change facing organizations today highlights the need for strategies that account for risk.

Read more in the report

Conclusion: supporting management in the company’s ERM journey

The design and implementation of foundational ERM components can take time and depends on both the complexity the company faces in its operations and external environment and the resources committed to risk management. Leaders can’t take a one-size-fits-all approach to ERM - the process must align with the company’s culture, size, and complexity. To adequately oversee risk management, boards need to understand the foundational ERM elements and where they can make a difference in supporting management in the company’s journey. As the ERM program matures, the board can promote continuous improvement by challenging management on what is working and what is not.

Contact us

Ray Garcia

Leader, Governance Insights Center, Houston, PwC US

Email

Brian Schwartz

Partner, Governance Insights Center, Tampa, FL, PwC US

Email

Lillian Borsa

Principal, Governance Insights Center, Florham Park, PwC US

Email

Carin Robinson

Director, Governance Insights Center, Washington DC, PwC US

Email

Catie Hall

Director, Governance Insights Center, New York, PwC US

Email

Katee Puterbaugh

Director, Cyber, Risk and Regulatory, PwC US

Email

Follow us
Hide

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.