A new report by North Carolina State University’s Enterprise Risk Management Initiative and the American Institute of CPAs shows that while most senior finance leaders agree that the volume and complexity of corporate risks are on the rise, only 31% report their organizations have complete enterprise risk management (ERM) processes in place. The report, “The State of Risk Oversight: An Overview of Enterprise Risk Management Practices” provides insights from a survey of 474 CFOs and senior finance leaders throughout the U.S. on how they proactively manage potential emerging risks by strengthening their organization’s processes surrounding the identification, assessment, management and monitoring of risks. Emerging and growing risks include increased cyber threats, geopolitical shifts, terrorism, tax reform, and other developments. These risks, if unmanaged, could upend an organization’s business model and reputation.
ERM practices in U.S. organizations, according to the report, are still relatively in the nascent stage. Fewer than a quarter (22%) of finance leaders described their organization’s overall risk management oversight as ‘mature’ or ‘robust’. On the upside, the report cites movement in the adoption of ERM among U.S. organizations. Since 2009, when the AICPA and NC State began the annual research study, there has been a 22% increase, from 9% to 31%, in the number of organizations that say they have complete ERM processes in place. While adoption of ERM is most common in larger organizations, public companies, and financial services organizations, the study revealed an uptick in adoption by not-for-profit organizations in the last year.
“Senior executives and boards of directors are realizing increasingly that the speed of change and the level of uncertainty in the global business environment is outpacing the ability of their organization’s traditional approach to managing risks,” noted Mark Beasley, Deloitte Professor of Enterprise Risk Management and director of NC State’s ERM Initiative. “While many are increasing the robustness of their processes for identifying, assessing, and managing emerging risks that may ultimately impact their core business model and strategic objectives, a number of organizations may not discover that need until they face a major risk event.”
Other key takeaways from the research include:
- Management is looking for greater focus on risk. The majority of board of directors (68%) want senior executives to increase management involvement in risk management.
- A disconnect exists between risk and strategy. Less than 20% of organizations say their risk management process provides a strategic advantage. Only 29% of the organizations’ boards of directors discuss risk exposures when they discuss the organization’s strategic plan.
- The demand for Chief Risk Officers (CROs) is on the rise, with 67% of large organizations and 63% of public companies looking to fill this role.
- Boards of directors and management should take a more proactive and aggressive role in strengthening an organization’s risk oversight. This includes looking for ways to incentivize management to invest in risk management and providing training and education on risk management.
RPS specializes in providing comprehensive insurance solutions and for a wide range of industry sectors including public entities, non-profits/social services, and others. Give us a call to discuss your clients’ needs.