Professional Documents
Culture Documents
Decoding uncertainty,
delivering value
April 2015
Table of contents
An in-depth discussion 5
April 2015
The heart of the matter
Risk management
enables growth
Our senses are an early-warning to the Ukraine crisis all combined to are obliged to supply more data to
system that keeps us alive in a world of push Russia toward recession. China regulators and potential deal partners,
constant risk. Those who attune their and Brazil also saw their economies better understand the risks embedded
senses to their environment are armed decelerate, and the threat of deflation within their global supply chain, guard
to succeed. Those who don’t might hangs over the European Union. their firms from market uncertainty,
not survive. Meanwhile, technology continues to and protect their intellectual property
disrupt, both through innovations and customer data from increasingly
It’s the same in business: Companies like cloud computing and the Internet sophisticated and widespread
that treat risk management strategically of Things and also as a result of cyberthreats.
are arming themselves with the cybercrime and cyberterrorism.
knowledge to make efficient and But as our survey shows, companies
well-informed business decisions— The short story? Business risk is are not, largely, responding to this
anticipating and mitigating risk, seizing everywhere—external and internal, environment with improved risk
opportunities, and enabling better interconnected, growing, and ever- management programs. Despite the
overall business performance. changing. Executives and boards know fact that survey results show clearly
it, and they’re concerned. that an eagerness to confront business
This past year offered ample proof risks boosts management effectiveness,
that uncertainties and threats pervade In this year’s PwC Risk in Review prevents costly misjudgments, drives
today’s global business environment. On survey of 1,229 senior executives and efficiency, and generates higher profit
the plus side, the US and UK economies board members, 73% of respondents margin growth, only an elite group of
grew vigorously, and declining oil prices agreed that risks to their companies companies (12% of the total surveyed)
gave a welcome lift to most of the world. are increasing. Today’s business have put in place the processes and
However, plunging oil prices, a tumbling leaders often have to respond quickly structures to make them true risk
ruble, and international sanctions tied to a changing world, even as they management leaders.
2 Risk in review
Leading companies have proved it’s
Figure 1: Without a strong risk management program, capability gaps develop
possible to hit the sweet spot where
risk management becomes a strategic
enabler. While the path to proactive
risk management differs for every
company, the driving force is the same:
a resolve by senior leadership to use
the tools and techniques of modern risk
management to push their company
to greater heights of efficiency, Capability gaps
effectiveness, and profitability.
Risk
Increasing management
risks program
An in-depth discussion 5
What it takes to be a risk management leader
From our survey of 1,229 executives, we identified 12% of respondents companies that, based on answers to
specific questions, qualified as leaders in risk management. While financial services companies represent a
sizeable portion of this group, most industry sectors are represented. Risk leaders are also more likely to be
publicly traded, by a margin of 75% to 25%. These risk management leaders report that they:
• Have a fully integrated risk management strategy that ties risk management to the strategic planning process
• Have risk management programs that are “fully” or “highly” aligned with a range of business stakeholders,
such as senior management, external stakeholders, IT, and the business units
• Use a broad range of risk management tools and techniques
What outcomes set risk management leaders apart? They are more likely to:
• Have experienced a profit margin increase over the past three years
• See how risks are interconnected and cascading, and take an aggregated view of risks when making decisions
• Have a deeper understanding of their own risk appetite across a range of areas
• Say they are increasingly taking a risk-enabled approach to growth
• Say that increasing speed to market is a significant priority, and involve risk management even when they need
to move quickly
6 Risk in review
Key strengths of risk management leaders
Risk management leaders distinguish
Figure 3: Risk management leaders take an aggregated view of risk
themselves from others in four
key areas.
When making strategic decisions, we are able to take an aggregated
view of our risks across multiple areas.
1. Risk management leaders
understand how risks 73% 22% 4%
interconnect and impact Risk leaders
their business
“Having an enterprise-wide view of We are able to see how risks are interconnected and cascading across
risk gives a company a very clear and our company.
realistic understanding of operational 70% 22% 8%
issues and market opportunities,”
says Dean Simone, PwC Partner Risk leaders
and Risk Assurance Leader. “It
allows you to make more informed
business decisions that align to your
strategic imperatives.” 23% 35% 38%
An in-depth discussion 7
2. Risk management Even though rapid-fire business viewed as an enabler and a support
leaders are far more decisions are frequently required, risk function to the business.”
likely to be aligned across management leaders are far more likely
business units to say they involve risk analysis in their This alignment is critical. It lets
decision-making process (67% vs. 43% executives at risk-leader companies
The vast majority of risk leaders of non-leaders). “One of the biggest see the impact of risk across the
(90%) say their risk management risks is missing opportunities if you are organization, empowering them to act
program is fully or very aligned with not agile and fast,” says Luis Custodio, quickly and proactively. This speed and
their company’s strategic planning Chief Risk Officer at IBM. “We do not effectiveness helps these companies
process, compared with just 36% of slow down our business units. The avoid mishaps, and can also boost
non-leaders. Alignment is especially last thing that business leaders want profitability and revenue growth.
strong in the financial services and is bureaucracy. Risk management is
healthcare sectors, where complex and
increasingly demanding regulatory
requirements help drive investments
in risk management programs. Across
the board, leaders also demonstrate
Some 46% of risk management leaders say they
greater cross-functional alignment spend more time calculating and preparing for
than non-leaders, particularly risk rather than reacting to it, compared with
through aligning their risk function
with the finance function (97% vs.
just 21% of non-leaders.
58%), internal audit (95% vs. 65%),
and corporate compliance (93% vs.
55%). Likewise, the risk management
programs of risk management leaders
are more likely to be leveraged during
the strategic planning process (78% vs.
38% of non-leaders).
8 Risk in review
Figure 4: Risk management leaders show alignment across the board
How aligned is your company’s risk management program today with the
following business functions? (Very aligned/fully aligned)
Board of directors
97%
55%
Finance
97%
58%
Internal audit
95%
65%
Compliance
93%
55%
Legal
90%
51%
Strategic planning
90%
36%
Business units
87%
37%
Operations
86%
40%
80%
IT
35%
External stakeholders
63%
24%
Sales/marketing
59%
22%
Leaders
All others 0% 20% 40% 60% 80% 100%
An in-depth discussion 9
3. Risk management leaders • Scenario planning (77% vs. 33%) every major market will be served by
apply more sophisticated two or three integrated healthcare
• Stress testing (75% vs. 30%)
techniques to anticipate delivery systems.” Meanwhile,
and address risks • Risk rating (96% vs. 62%) consumer and industrial products and
services (CIPS) companies are more
Risk management leaders’ operational Looking at the overall results from our likely than other sectors to perform
behavior also shows how their survey, it’s easy to see that respondents environmental, health, and safety
approach can yield greater results. across sectors have different approaches audits.
For example, some 46% of leaders say to anticipating risk. For example, as
they spend more time calculating and a result of the global financial crisis Whether a company is based in an
preparing for risk than reacting to it, and subsequent changes in regulatory emerging or developed market can
compared with just 21% of non-leaders. requirements, financial services firms also impact the way it approaches
Leaders are also more likely to say they are more likely than other sectors risk management. Firms in developed
currently use and plan to continue to build horizon scanning or early- countries, for example, are much more
to use a variety of tools to effectively warning systems, and to invest in likely to say they identify and forecast
integrate their analysis. This checklist creating organizational resiliency to risk than those in emerging markets
of techniques includes: risks. Other sectors favor certain other (68% vs. 56%).
tools, for various reasons. Healthcare
• Identification and forecasting of companies, facing an exponential While financial services firms and
emerging risks (96% vs. 59% of increase in regulation (including the those companies located in developed
non-leaders) Affordable Care Act), are at the forefront markets are leading the way in the
• Building organizational resilience to of using enhanced due diligence, overall use of risk management
risk (88% vs. 42%) our survey shows. That makes sense, tools, it is clear that advanced risk
says Scott Lammie, Chief Financial management strategies can drive
• Horizon scanning/early-warning Officer of UPMC Health Plan. “We improved performance across all
indicators (81% vs. 33%) see consolidation and integration of types of companies, regardless of size,
• Monitoring via key risk indicators healthcare happening at a pretty rapid geography, or sector.
(80% vs. 27%) pace over the next decade. In the end,
10 Risk in review
Figure 5: Financial services firms lead in using risk management tools
Which of the following techniques for managing external risks does your
company currently use or plan to use over the next 18 months?
65% 17% 6% 71% 15% 5% 61% 19% 7% 64% 16% 7% 71% 10% 5% 60% 21% 5%
50% 21% 10% 58% 19% 7% 44% 24% 12% 44% 19% 17% 51% 14% 13% 45% 29% 5%
41% 25% 16% 52% 23% 11% 36% 26% 18% 31% 26% 22% 33% 24% 19% 48% 28% 9%
Currently use and plan Not using now Not using and not
to continue to use but plan to use planning to use
Note: FS = financial services; CIPS = consumer and industrial products and services; TICE = technology,
information, communications, and entertainment; HC = healthcare; Gov’t = government agencies
An in-depth discussion 11
4. Risk management regulatory and compliance risk (20% the board level. Because companies
leaders have a strategic vs. 13%), earnings and volatility obviously have many more enumerated
understanding of their risk risk (27% vs. 20%), and culture and risks, it’s important to perform a risk
appetite, and are willing to incentives risk (27% vs. 20%). interconnectivity analysis that will help
leadership and the board understand
take risks
Analyzing and assessing how what other threats impact or catalyze
different business risks affect one those key risks. So if risk number 28
Risk management leaders are more
another is an essential step in happens, does it trigger risk number 4?”
likely to articulate a “high” or “very
achieving a holistic and accurate risk
high” appetite for risk in 10 out of 12
management perspective, explains Undertaking a systematic review that
areas we examined. The variances
Brian Schwartz, PwC’s Performance determines what amounts of risk a
are most pronounced for accepting
Governance, Risk and Compliance company will take—and ensuring that
financial risk (31% vs. 21% for
Leader. “Companies typically track all business units understand those
non-leaders), diversification and
their top 10 or 20 key business risks at limits—remains a central tenet of risk
concentration risk (35% vs. 26%),
management leadership. Among risk
leaders, we found that 68% have a
Figure 6: Leaders are more confident about how risks are managed corporate risk appetite statement that
is well communicated and understood
(vs. 20% of non-leaders).
For each applicable risk factor previously selected, how effective is the risk
being managed?
These findings could well explain why,
Regulatory and compliance risk Human capital risk across the board, risk management
9% 1% 5% leaders feel significantly more
9% 26%
23% confident about how well their risks are
27%
Risk
24%
All Risk All
managed compared with non-leaders.
leaders others leaders others This is true even in areas where leaders
are more willing to take greater risks
90% 64% 67% 47% (e.g., financial, earnings, or volatility
risk). Naturally, having confidence
Technology risk Brand/reputational risk in their risk management programs
4% 2%
28% 19% 10% 9% allows managers to be more decisive.
34% Efficient, confident decision-making
Risk All Risk All can help a company compete more
leaders others leaders others
effectively in a rapidly evolving
35%
68% 44% 86% 51%
business climate.
In a business world being transformed rapidly by the power of analytics and Big Data, many risk executives say
that they still face significant challenges in identifying the right data—and the right amount of data—to bring to
the board’s attention in a timely fashion.
Lakshmi Shyam-Sunder, The World Bank Group’s Chief Risk Officer, says it can be challenging to sort out
what’s really critical for board members versus what’s “nice to know” or nice to give. “The key,” she says, “is to
continually communicate with the board to understand what is important for them.” John Nichols, the Chief Risk
Officer at Fannie Mae, knows that too much information can handicap his board. “You think you are doing the
board a service by providing more data and information,” he says, “but in fact you are just making it harder for
them to prioritize the information.”
Executives know that data is powerful. But indeed, “What I am seeing is that they are overwhelmed,” says John
Sabatini, PwC Principal and Risk and Compliance Systems and Analytics Leader. “For many years, there was the
idea that we could avoid risk by putting controls in place. But controls alone don’t give you the detail you need,
and in many cases there are workarounds to override them.”
With data analytics, the facts are the facts. “When you have the data, you create the transparency you need to find
the truth,” says Mr. Sabatini. New analytics systems make it significantly easier to bring disparate data together
to create powerful insights. “We can now do things that weren’t possible a decade ago,” says Mr. Sabatini. “We are
leveraging multiple data warehouses and bringing in both structured and unstructured data and external sources
to analyze and challenge business assumptions. This allows for much better decision-making.”
The key is creating the systems and processes that then allow those insights to be continually monitored and
addressed by top decision-makers. Mr. Sabatini suggests a three-tiered approach:
Surveillance systems. These are systems that focus on a particular area, whether it’s trading risk,
corruption, or fraud. “We build models that look at all the transactions under a certain area, monitor
the environment, and identify behavior that may be malicious or indicate the avoidance of controls
and processes,” says Mr. Sabatini.
Heat maps and dashboards. These are tools that allow board members and top management
to regularly review key risk management metrics, which can range from anti–money laundering to
excessive spending to commission tracking, depending on the company’s key issues.
Ad hoc analytics. “You want the ability to question your data as the market changes,” Mr. Sabatini
says. “You may need to create new dashboards, for example.” Ad hoc analytics serve as an incubator to
ensure current surveillance systems and dashboards remain relevant.
When executives have access to these tools, the results are powerful. “They reduce the complexity of the data
and get right down to the things that will help make your business stronger,” Mr. Sabatini says. “And that leads
to growth.”
An in-depth discussion 13
Why it matters: Risk management is critical to
improving performance
Today’s macroeconomic picture remains Scott Lammie of UPMC Health Plan transparency,” says Todd Bialick, PwC
clouded with uncertainties. Third- agrees. “As a healthcare provider, Partner and Risk Assurance Third
party risks grow as companies engage there are cyber-risks inherent in Party Assurance Leader. “Best-in-class
innovative but relatively less-established everything we do,” he says. “There firms share the most information; not
outsourcing vendors, contractors, and are privacy issues related to the just the positives, but also the negatives
sub-contractors. New financial and Health Insurance Portability and they run into and how they are dealing
healthcare regulations compel new Accountability Act (HIPAA) and with them.” The right tools, he adds,
compliance needs. Financial crime identity theft considerations. We enable firms “to develop trust and
is growing more sophisticated, amid are constantly under a barrage of transparency with their customers.”
recent reports that hackers may have possible cyberattacks.”
compromised ATM networks across Following damaging data breaches
many countries. Meanwhile, disruptive Outsourcing vendors need to against large retailers and health
technologies are developing at the standardize their reporting techniques insurance firms, concerns over
speed of light. In less than a decade, to assure their clients that their vital cybersecurity surged among US CEOs
we’ve gone from the mass adoption of data will be kept secure. “Using last year, according to PwC’s 2015 CEO
smart phones to the first generation Service Organization Controls (SOC) Survey. Among survey respondents,
of self-driving smart cars. As new reports can significantly reduce the 45% say they are “extremely”
technologies disrupt traditional business cost of compliance while boosting concerned, up from 22% a year ago.
models, companies are moving beyond
their comfort zones, diversifying their
businesses and converging into other Figure 7: Regulatory complexity tops the risk list
sectors. But to do so successfully, they
need to work from a deep understanding
of the pace of technological change, its Which of the following external forces will create the biggest risk or threat to
business performance or growth plans?
impact, and its risks.
An in-depth discussion 15
Case study: GE Capital’s perspectives on how it manages risk
In a world of record-low interest rates, high liquidity, and narrowing credit spreads, GE Capital has to be nimble
to navigate what feels like a riskier world. Ryan Zanin, the company’s Chief Risk Officer, emphasizes stress testing
and scenario analysis to help manage his firm’s risks.
Building a comprehensive risk analysis framework allows GE Capital to “connect the dots in our risk profile—not
just ‘I lent money and I got it back,’ but understanding each of the material risks that affect the company today
and under various scenarios in the future.”
“As risk managers, we can’t plan with certainty around assumptions,” Mr. Zanin says. He describes the kind
of iterative process his company employs. “You need to understand ranges of outcomes and regularly test
your hypotheses. You have to make sure you have the wherewithal to survive things you can’t control. We develop
hypotheses, test them, and make sure we understand what the risk outcomes could be, so that we don’t put the
firm at undue risk if we are wrong about any of those things.”
Among other features, GE creates a risk appetite statement at the board level, and then develops an additional
statement for each large business unit that fits within the broader, firm-wide risk appetite but is tailored
specifically to that unit’s operations. He notes that communicating risk appetite and embedding risk thinking
across the company is critical.
“We all have to understand that managing risk is everybody’s job,” Mr. Zanin adds. “This is a company-wide
effort. Risk management is broader than just the efforts of the independent risk organization. You have to make
sure that people throughout the organization understand that managing risk is their responsibility. The risk
management program has a mandate. It has its independence. It is there to challenge. But it is not there to absorb
all the risk outcomes, or all the risk management effort for the organization.”
The world of risk and opportunity: Two sides of the same coin
Real economic growth is taking shape PwC’s 18th Annual Global CEO Survey that 61% of CEOs believe there are
across much of the world, despite noted that company leaders are more opportunities. This suggests
new risks. Oxford Economics recently equally cognizant of the threats and that to survive and evolve today,
upgraded its global growth forecast opportunities in today’s environment. companies need to prepare their entire
to 2.9% for 2015, an increase from “When we surveyed CEOs, we found organizations to take advantage of big
2.6% growth last year.1 While the that 59% see greater risk this year shifts ahead of the competition, look
decline in oil prices has created greater than they did three years ago,” says around corners to anticipate risk and
uncertainty in some parts of the world, Dennis L. Chesley, PwC Global Risk be ready to respond to disruptions to
it’s also put money in the pockets of Consulting Leader. “But, we also found come out stronger on the back end.”
global consumers.
An in-depth discussion 17
The actions companies take to pursue leaders of those businesses, working in and are not always developing their
revenue growth generally increase tandem to ensure we are identifying products and services in the most
risk. This is especially true when it and managing the most significant risks intelligent way.” The issue extends
comes to mergers and acquisitions they face individually, as well as the beyond technology. For instance, when
(M&A), whether it’s diversification risks faced by the combined UA entity companies are operating in a variety of
or a growth strategy driving the now that we are the leader in the global global markets, a failure to adequately
transaction. Says Ray Young, Chief connected fitness space. We are in understand and address differing
Financial Officer of Archer Daniels constant communication with them.” rules, regulations, or even labelling
Midland, “One of the greatest strategic requirements can prove costly.
risks to manage is major acquisitions— Jason Pett, PwC Partner and Internal
whether it’s picking the right target, Audit Leader, underscores the Unlike a new product rollout, business
the right valuation, the right timing, or importance of tying risk management cycles aren’t always predictable.
executing the proper integration.” with strategic planning during Yet because they have developed
a merger: “We had a client that frameworks that are constantly being
Creating a culture of deal readiness was ready to move forward with adjusted to anticipate risk, risk-resilient
helps support M&A. When companies an acquisition—the financial and companies are better positioned for
rigorously examine their risk operational metrics all pointed toward the downside of an economic cycle and
management, controls, and compliance a go. But the third line of defense— are more ready to seize growth in an
infrastructure, it can help them internal audit—was there alongside upturn. As Ryan Zanin of GE Capital
ensure operational fit and integration management in the evaluation of the explains, “We are not afraid to work
success. This is one aspect of building target company. They identified some out and work through problems. We
a risk resiliency program to support cultural and compliance-risk issues understand that both companies and
inorganic growth. that ultimately took it to a no-go economies run through cycles and you
decision.” In the end, the decision to better be prepared to live through a
Performance sports apparel company walk away was the right one: “Had they down cycle and weather the storm.
Under Armour is in the process of gone forward,” he says, “the cost of the Part of our job is to make sure that
integrating two recent acquisitions— compliance and risk issues would have people understand the choices in the
MyFitnessPal, based in San Francisco, outweighed the financial return the harsh light of day, that there are really
California, and Endomondo, based acquisition would have produced.” no free risks. If you create the right risk
in Copenhagen, Denmark—with its framework, promote transparency,
current MapMyFitness business, based Similarly, failure to include risk have strong domain expertise, the right
in Austin, Texas. These assets help users managers in conversations about culture, and strong governance, the
track personal data about fitness and developing and rolling out new decisions will take care of themselves.”
health and share their experiences with products or innovative services
a fitness-minded global community. can have serious consequences, In the aftermath of the financial crisis,
Under Armour’s Senior Director of particularly as more and more products Lakshmi Shyam-Sunder, Chief Risk
Global Risk & Compliance, Jonathan become smart and connected. “We Officer for The World Bank Group, was
Schwartz, says the goal for his team have a generation of companies that acutely aware that the institution’s
is to help integrate these businesses suddenly are being reclassified as risk culture could be an advantage for
as effectively as possible, with the technology companies,” says PwC’s serving clients. As the bank moves to
strong support of Under Armour’s chief Grant Waterfall. “The danger is that make larger investments in frontier
financial officer. “We are constantly a lot of these companies aren’t used markets and faces an increasingly
on the phone with the operational to thinking about risk management, uncertain economic and geo-political
18 Risk in review
How risk officers and their boards see the world of risk differently
Top corporate executives and managers appear to be far more optimistic than risk professionals about their
companies’ prospects. Asked in our survey how well their companies anticipate risk, for example, 72% of
management and board members said “very well” or “well” compared with just 57% of risk officers. In addition,
while 61% of senior management believes risk-taking is well aligned with their strategic planning function, only
49% of risk officers concur. The gap is even wider when it comes to alignment with external stakeholders, where
41% of executives believe their risk profiles are aligned versus just 29% of risk officers.
Some might say that represents a significant disconnect between top leaders and those carrying out day-to-day
analysis. But many risk officers suggest it’s just the nature of the beast.
“As risk folks, we are paranoids by profession, and so we are going to view the glass as half empty,” says
John Nichols, the Chief Risk Officer of Fannie Mae. “Management and boards are paid to be more optimistic.
They want to believe that execution will be flawless. The chief risk officer’s job is to blend the paranoia and
optimism together.”
“If you start talking about things that may impede on their positive view,” says Mr. Nichols, “it takes a pretty
special board to stay focused on the conversation, because it is not necessarily a message they want to hear.”
For chief risk officers, says Mr. Nichols, the challenge is to “present information in a way that board members,
who often have a natural bias to discount negative information, will pay attention to.” It is crucial to make
arguments that are credible and to the point, he adds.
environment, creating a holistic risk notes PwC’s Brian Schwartz, citing the security breach could exceed the entire
management system becomes a more myth of third-party risk management. value of the company. “Managing risks
critical initiative. Some companies, he notes, “put too takes time. It takes resources, and
much reliance on a third party where while it costs money, it can ultimately
But our survey suggests that some it’s assumed they have adequate save companies significant expense
companies may not be striking the controls in place.” Yet the cost of a over the long term,” he says.
right balance of risk appetite and
risk management. Focused on rapid
expansion and aggressive growth but
lacking a strong risk management
program, these companies can leave
themselves vulnerable to mistakes.
“We understand that both companies and
They may make decisions, like economies run through cycles, and you better
committing to an outsourcing partner, be prepared to live through a down cycle and
without really having a solid handle
on the capabilities of their contractors, weather the storm.”
suppliers, and vendors. While —Ryan Zanin, Chief Risk Officer, GE Capital
companies often need to move quickly,
sometimes “they can move too fast,”
An in-depth discussion 19
What this means for your business
PwC proposes the use of a comprehensive ERM framework when assessing ERM practices
• Risk appetite • Material risk • Risk assessment • Risk monitoring • Internal controls • Risk-adjusted
setting identification criteria and limits • Validation controls performance
• Strategic planning and profile • Risk measurement • Corrective actions (e.g., model measurement and
• New product/new • Stress testing/ and aggregation • Issue and action validation) review (business
business/M&A scenario analysis • Stress testing tracking processes • Internal audit reviews)
• Enterprise-level • New product review • Risk and performance
limits approval process reporting
• Incentives and
compensation
Technology
Data
Resources
22 Risk in review
4. Continuously strengthen ability to work with the second line of areas where capability gaps create
your second and third lines defense, and its ability to understand risk. Says Under Armour’s Jonathan
of defense and align with the priorities of Schwartz, “Our company is growing
the business. very quickly, at 25-plus percent
Risk management, compliance, and annually. It means we have to have
• Are your three lines of defense
internal audit are management’s backup really good outside partners to help us
clearly delineated, fully integrated,
in the defense against risk. Risk and manage our risk profile globally and
and aligned within the overall risk
compliance functions sitting in your ensure our risk management processes
management framework?
second line of defense should focus are as innovative and strategic as our
on pushing out to the business a well • Is the maturity level of your risk business.” With the enterprise risk
thought-out approach for identifying, management program fully aligned profile constantly shifting, companies
assessing, and monitoring key business to the risk profile of the enterprise? need help to make certain their risk
risks. The second line should not take management programs keep pace.
on responsibilities related to managing 5. Partner with a risk • Have you performed a talent
risks since those belong in the first line, assessment across your company’s
management provider to
where these risks exist. The second risk management structure to
close the gap on internal
line should continually strengthen the determine your competency gaps?
overall risk management program so it
competencies
?
stays aligned to the evolving enterprise. • Have you engaged a risk
It’s not always possible for companies management service provider to
Meanwhile, a strong internal audit
to independently manage and/or independently assess your risk
function is best able to add value to the
strengthen all aspects of their risk management program’s current state
overall risk management framework
management program. Partnerships against your current risk profile and
through its objective point of view, its
can provide expertise and shore up leading industry practices?
To have a deeper conversation about how this subject may affect your
business, please contact:
© 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer
to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information
purposes only, and should not be used as a substitute for consultation with professional advisors.
PwC US helps organizations and individuals create the value they’re looking for. We’re a network of firms in 157 countries with more than 195,000 people who
are committed to delivering quality in assurance, tax and advisory services. Find out more and tell us what matters to you by visiting us at www.pwc.com/us.
MW-15-1178. Rr.