Enterprise risk management (ERM) helps businesses maintain an acceptable risk level. With ERM, a company uses assessments, plans, and oversight to find and deal with risks that could potentially hurt business and to take advantage of opportunities that come their way. Enterprise risk management helps companies comply with existing business information compliance regulations, such as the Sarbanes-Oxley Act and the Payment Card Industry Data Security Standard (PCI DSS). The Sarbanes-Oxley Act deals with a company's internal financial controls and financial reporting methods. Sarbane-Oxley requires financial reports to be signed by people who have reviewed the internal financial controls and have listed any weaknesses in those controls. The reports must be accurate and published annually. PCI DSS is a standard created by the credit card companies for any business that process, store, or transmit credit card data. PCI DSS requires all companies that deal with credit or debit cards maintain a secure environment for their customers’ personal information. Companies must assess possible vulnerabilities in security, fix them, and report on what they fixed and how they fixed it. Sarbanes-Oxley and PCI DSS both require continuous monitoring to ensure compliance.