Diagram 1: COSO ERM Framework

www.pwchk.com

Staying Ahead of the Curve Enterprise Risk ManagementHow well do you understand your organisation’s risk profile?Risks faced by corporates have dramatically increased in recent years with a mixture of complex business environment and regulatory changes. In particular, large scale expansions into new and unfamiliar markets and products, financial volatility, rapid technological advances as well as frequent accounting standard changes have created unprecedented emerging risks for many organisations.

Regulators now expect companies to put in place risk management infrastructure to cope with the increased scope and scale of current and planned business activities. In addition, stakeholders demand more corporate visibility and accountability for risk management. Furthermore, many credit rating agencies now require evidence of effective governance, risk management and compliance programmes as part of their credit rating assessments.

1 Committee of Sponsoring Organizations of the Treadway Commission: Enterprise Risk Management — Integrated Framework (2004)

At PwC, we believe that organisations should be defining and embedding an ERM programme tailored for their business environment for a consistent view of risks across the organisation. An effective ERM process at all levels – subsidiary, business unit, division and entity-level, can help drive superior decision-making, increase business value and bring about numerous tangible business benefits.

The COSO ERM1 framework, which is widely adopted internationally, defines ERM as “a process, affected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

An ERM framework brings benefits of:

• Aligning risk appetite and strategy

• Enhancing risk response and decisions

• Reducing operational surprises and losses

• Identifying and managing multiple and cross-enterprise risks

• Seizing business opportunities

• Improving deployment of capital

Impetus for value-adding Enterprise Risk Management (“ERM”)MF Global, Societe Generale, Enron, Worldcom, China Aviation Oil… each one a different case with a number of “bad actors”, but each fundamentally the result of risk-taking by employees who failed to fully assess or acknowledge both the risks/opportunities and the possible consequences of their actions. In each case, it is the human element that leads to success or otherwise – risk management is all about enabling people to consistently evaluate the circumstances and make the best decisions possible for the business and its stakeholders.

www.pwchk.comThis publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Limited, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

© 2014 PricewaterhouseCoopers Limited. All rights reserved. PwC refers to the Hong Kong member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. HK-20141112-9-C1

Tangible benefits of value to the businessSo what business benefits can be achieved by adopting an effective Enterprise Risk Management programme? Based on our experience and empirical evidence, supported by industry benchmarks and surveys, ERM programmes help organisations make smarter business decisions and stay ahead of the curve. The business value associated with ERM programmes helps you to:

• Assess and benchmark your organisation’s risk maturity;

• Identify, assess and respond to your organisation’s strategic, operational, financial and compliance risk;

• Engage stakeholders in dialogues to adopt the right risk appetite;

• Design and embed appropriate risk-taking culture into your organisation;

• Develop, define and embed a suitable internal controls framework that is fully integrated with the risk management framework;

• Develop principles-based frameworks that facilitate improved decision-making;

• Improve governance, risk and compliance effectiveness and integrate the responses to risks and regulation across the organisation;

• Develop and integrate effective and meaningful risk management practices;

• Establish sustainable risk reporting and monitoring processes on Key Risk Indicators;

• Integrate technology to support the application of these principles; and

• Manage through a crisis with confidence, ensuring that you are taking the right measures to remediate the problems and avoid a relapse.

ERM can help management to increase its level of Risk Resilience – to identify its risks and to have confidence in making critical business decisions.

ContactsPlease contact one of our Risk Management specialists below so that we can have a further discussion on ways that we can help:

Central China Northern China Southern China

Aileen Wang +86 (21) 2323 6655 aileen.wang@cn.pwc.com

Hengpeng Lee +86 (10) 6533 7905 hengpeng.lee@cn.pwc.com

Eric Yeung +852 2289 1953 eric.ck.yeung@hk.pwc.com

Cimi Leung +852 2289 2997 or +86 (20) 3819 2997 cimi.leung@cn.pwc.com