Site Search Site Search

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Loading Results

Risk oversight and the board: Navigating the evolving terrain

  • September 2025

We’re living in an era of unforeseen events that give rise to risks, including geopolitical conflicts and an evolving regulatory environment, with far-reaching economic and social consequences. While a company can’t always anticipate what might be around the corner, strong risk oversight by the board can help the company respond with more rigor and agility. The number and types of risks the board oversees continue to grow, even as their nature changes. Some become more likely as businesses are more interconnected. Some are likely to impact just a certain area of the business. Others could severely impact the entire brand.

The evolution of enterprise risk management (ERM)

ERM has always been about identifying and managing the top risks to the organization. That hasn’t changed. The inputs, the methodology, the output and the overall process have—because they’ve had to. As depicted below, there are several drivers for the evolution of ERM and risk oversight processes.

Download the paper

Key elements underpinning an effective risk management function:

Common definitions and standard categories of risk make it easier to accurately combine risk information across the business and spot discrepancies or interdependencies. Using the same terminology from the front lines up to senior leadership helps everyone communicate and escalate issues swiftly.

One risk assessment framework with a unified set of criteria allows different teams to share, compare, and consolidate risk perspectives. This consistency is crucial for prioritizing the most urgent or impactful risks and aligning them with strategy and performance goals.

By leveraging consistent, high-quality data that is often drawn from multiple sources, a company may enhance its ability to measure, monitor, and predict risk trends. An integrated data infrastructure supports better analysis (including real-time dashboards or advanced analytics) and more accurate decision-making.

Effectively managing risk requires synergy between the first line (i.e., business units that own and manage risk), the second line (i.e., functions like risk management and compliance that facilitate or monitor risk), and the third line (i.e., independent assurance, typically internal audit). Clear, open channels between these groups promote timely escalation, reduce duplication of effort, and strengthen the company’s overall risk posture.

A chief risk officer (or comparable role) supports risk management efforts across the company and coordinate risk reporting for both executive management and the board. By centralizing accountability, boards gain a clearer “owner” of enterprise risk with the goal of handling cross functional challenges like digital transformation or emerging AI risk cohesively.

In conclusion...

In a business risk environment that is becoming more complex and interconnected, boards play a crucial role in overseeing risk and keeping shareholders informed. 

  • To begin, boards can start by looking around the table. Is there diversity of experience, thought, gender and race to bring different perspectives on risk?
  • Boards will also want to understand their company’s ERM program and how they can contribute to that program. Additionally, they will want to spend time on their own structure for oversight.
  • Finally, boards will not want to forget about the company’s various stakeholders—what information is provided to them about the company’s risk management programs and activities?

By examining and refining its approach to risk oversight, a board can deliver enhanced value to the company and its shareholders.

{{filterContent.facetedTitle}}

Contact us

Brian Schwartz

Brian Schwartz

Principal, Governance Insights Center, PwC US

Email
Paul DeNicola

Paul DeNicola

Principal, Governance Insights Center, PwC US

Email
Lillian Borsa

Lillian Borsa

Principal, Governance Insights Center, PwC US

Email
Katee Puterbaugh

Katee Puterbaugh

Director, Cyber, Risk and Regulatory, PwC US

Email
Catie Hall

Catie Hall

Director, Governance Insights Center, PwC US

Email
Follow us

Required fields are marked with an asterisk(*)

I agree PwC can email me about its insights, newsletters, events, services, products, and offerings.*

Your personal information will be handled in accordance with our Privacy Statement. You can update your communication preferences at any time by clicking the unsubscribe link in a PwC email or by submitting a request as outlined in our Privacy Statement.

Hide

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.