Enterprise Risk Management

Value for stakeholders is created, preserved, or eroded by management decisions in all activities, from setting strategy to operating the enterprise day-to-day. Enterprise Risk Management (ERM) supports value creation by enabling management to: 

• Deal effectively with potential future events that create uncertainty; and,
• Respond in a manner that reduces the likelihood  of downside outcomes and increases the upside.

Building on the ISO31000 standard on risk management and the COSO ERM framework, PwC has developed and refined a pragmatic and intuitive framework for organisations to focus on. This framework encompasses:

1. Strategy and policies - the focus on risk within strategy and policy;
2. Processes – tools and techniques to assess, manage and monitor risk;
3. Infrastructure – mechanisms to sustain a focus on risk management;
4. Culture and behaviour – methodologies to create and maintain a risk-focused culture and behaviours.

The PwC ERM framework is applied to design, develop, improve or assess risk management practices on a company level, business unit level, for specific processes, projects or specific risk areas.