Enterprise Risk Management Processes Remain Undervalued by Global Boards and Executives Amid Heightening Risk Environment Report from AICPA & CIMA and NC State University Report Finds.
- Enterprise Risk Management processes continue to be undervalued by boards and executives
- As organisational risks increase in volume and complexity, risk oversight processes are lacking in robustness and maturity
The latest report by AICPA & CIMA and North Carolina State University’s Enterprise Risk Management (ERM) Initiative confirms that risks are increasing globally in volume and complexity, regardless of geography. However, business leaders are not sufficiently investing in their organisation’s risk oversight despite the hazards posed to business models by not doing so.
The report found that 66 per cent of respondents sense volume and complexities of risk increasing globally, a sentiment echoed by respondents in Europe & the U.K. However, only 32 per cent globally, and 38 per cent in Europe & the U.K., describe their organisation’s risk oversight practices as “mature” or “robust.” Additionally, only 17 per cent worldwide, with a similar percentage of respondents in the Europe & U.K., indicate that their risk management process is providing insights that create competitive advantage.
These results come as participants also revealed that their organisation had faced a significant operational surprise in the past five years with 48 per cent indicating that their organisation has experienced a major, unexpected risk event impacting the organisation. Respondents in Europe & the U.K. indicated a marginally higher incidence, with 53 per cent reporting an operational surprise in the past five years. The occurrence of an actual significant risk event suggests a potential breakdown in organisational risk management processes.
Key findings from the report include:
- The volume and complexity of risks are increasing across the four geographic regions: Europe & U.K. (66 per cent), Asia & Australasia (68 per cent), Africa & Middle East (73 per cent), U.S. (64 per cent).
- Organisations are recognising the need to identify a risk management leader, with 47 per cent of respondent organisations globally appointing a single individual (Chief Risk Officer or equivalent) to lead the risk management function. However, more organisations (64 per cent) are likely to have a management-level risk committee in place versus a single individual risk management leader. Across the four geographic regions: Europe & U.K. (40 per cent single / 67 per cent committee), Asia & Australasia (48 per cent single / 61 per cent committee), Africa & Middle East (61 per cent single / 76 per cent committee), U.S. (48 per cent single / 60 per cent committee).
- In all regions of the world, respondents who claimed their organisations had “mature” or “robust” risk oversight are in the minority: Europe & U.K. (38 per cent), Asia & Australasia (25 per cent), Africa & Middle East (32 per cent), U.S. (30 per cent).
- Only about one-half of boards in organisations formally discuss risk information when the board reviews the strategic plan: Europe & U.K. (43 per cent), Asia & Australasia (46 per cent), Africa & Middle East (66 per cent), U.S. (24 per cent).
- Only 47 per cent of organisations describe their ERM process as a process that is “mostly” to “extensively” systematic, robust, and repeatable with regular reporting of top risk exposures to the board: Europe & U.K. (52 per cent), Asia & Australasia (45 per cent), Africa & Middle East (59 per cent), U.S. (44 per cent).
The 2024 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape measured finance-related executives’ assessments of the level of maturity in their organisation’s proactive management of all kinds of risks through adoption of enterprise risk management (ERM) processes (a methodology that looks at risk management strategically from the perspective of the entire firm or organisation, and aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organisation’s operations and objectives and/or lead to losses).
“Globally, effective enterprise-wide risk management should be one of the organisation’s most important strategic tools. Unfortunately, many organisations view risk management as a distraction from more important strategic tasks,” according to Mark Beasley, Alan T. Dickson Distinguished Professor of Accounting and Director of the ERM Initiative at NC State. “Risk management will not become easier over time. Given the rapid speed of change in the global business environment, complex risk issues will continue to emerge at rapid-fire pace. Now is the time for many organisations to give their approach to risk governance an honest assessment.”
“An ERM program is not only a value preservation mechanism but a potential strategic value generating asset that drives decision making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight,” said Ash Noah CPA, CGMA, Vice President & Managing Director of Management Accounting at the Association of International Certified Professional Accountants. “If enterprise-wide risk programmes are not teasing out emerging strategic risks, the output of those programs is less likely to provide valuable insights important for strategic decision-making. Finding ways to link risk management activities directly to strategic initiatives and demonstrating how ERM identifies and mitigates risks that threaten these goals and identifies opportunities that align with strategic aims is essential to improve ERM adoption.”
Methodology
The 2024 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape includes data collected during 2024 through an online survey of global business leaders across four core regions (Europe & U.K., Asia & Australasia, Africa & the Middle East, United States). In total, 623 fully completed surveys were submitted. About half of the respondents serve in senior accounting and finance roles, with the remaining representing a variety of management positions within a range of industries.
Source: https://managerplus.pl/kadry-kierownicze-nie-doceniaja-procesow-zarzadzania-ryzykiem-korporacyjnym-63568
