Enterprise Risk Management processes continue to be undervalued by boards and executives
As organizational risks increase in volume and complexity, risk oversight processes are lacking in robustness and maturity
NEW YORK, October 31, 2024 – The latest report by AICPA & CIMA and North Carolina State University’s Enterprise Risk Management (ERM) Initiative confirms that risks are increasing globally in volume and complexity, regardless of geography. However, business leaders are not sufficiently investing in their organization’s risk oversight despite the hazards posed to business models by not doing so.
The report found that 66 percent of respondents sense volume and complexities of risk increasing. However, only 32 percent describe their organization’s risk oversight practices as “mature” or “robust.” Additionally, only 17 percent indicate that their risk management process is providing insights that create competitive advantage.
These results come as participants also revealed that their organization had faced a significant operational surprise in the past five years with 48 percent indicating that their organization has experienced a major, unexpected risk event impacting the organization. The occurrence of an actual significant risk event suggests a potential breakdown in organizational risk management processes.
Key findings from the report include:
The volume and complexity of risks are increasing across the four geographic regions: Europe & U.K. (66 percent), Asia & Australasia (68 percent), Africa & Middle East (73 percent), U.S. (64 percent).
Organizations are recognizing the need to identify a risk management leader, with 47 percent of respondent organizations globally appointing a single individual (Chief Risk Officer or equivalent) to lead the risk management function. However, more organizations (64 percent) are likely to have a management-level risk committee in place versus a single individual risk management leader. Across the four geographic regions: Europe & U.K. (40 percent single / 67 percent committee), Asia & Australasia (48 percent single / 61 percent committee), Africa & Middle East (61 percent single / 76 percent committee), U.S. (48 percent single / 60 percent committee).
In all regions of the world, respondents who claimed their organizations had “mature” or “robust” risk oversight are in the minority: Europe & U.K. (38 percent), Asia & Australasia (25 percent), Africa & Middle East (32 percent), U.S. (30 percent).
Only about one-half of boards in organizations formally discuss risk information when the board reviews the strategic plan: Europe & U.K. (43 percent), Asia & Australasia (46 percent), Africa & Middle East (66 percent), U.S. (24 percent).
Only 47 percent of organizations describe their ERM process as a process that is “mostly” to “extensively” systematic, robust, and repeatable with regular reporting of top risk exposures to the board: Europe & U.K. (52 percent), Asia & Australasia (45 percent), Africa & Middle East (59 percent), U.S. (44 percent).
The 2024 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape measured finance-related executives’ assessments of the level of maturity in their organization’s proactive management of all kinds of risks through adoption of enterprise risk management (ERM) processes (a methodology that looks at risk management strategically from the perspective of the entire firm or organization, and aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organization's operations and objectives and/or lead to losses).
“Globally, effective enterprise-wide risk management should be one of the organization’s most important strategic tools. Unfortunately, many organizations view risk management as a distraction from more important strategic tasks,” according to Mark Beasley, Alan T. Dickson Distinguished Professor of Accounting and Director of the ERM Initiative at NC State. “Risk management will not become easier over time. Given the rapid speed of change in the global business environment, complex risk issues will continue to emerge at rapid-fire pace. Now is the time for many organizations to give their approach to risk governance an honest assessment.”
“An ERM program is not only a value preservation mechanism but a potential strategic value generating asset that drives decision making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight,” said Ash Noah CPA, CGMA, Vice President & Managing Director of Management Accounting at the Association of International Certified Professional Accountants. “If enterprise-wide risk programs are not teasing out emerging strategic risks, the output of those programs is less likely to provide valuable insights important for strategic decision-making. Finding ways to link risk management activities directly to strategic initiatives and demonstrating how ERM identifies and mitigates risks that threaten these goals and identifies opportunities that align with strategic aims is essential to improve ERM adoption.”
Methodology:
The 2024 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape includes data collected during 2024 through an online survey of global business leaders across four core regions (Europe & the U.K., Asia & Australasia, Africa & the Middle East, United States). In total, 623 fully completed surveys were submitted. About half of the respondents serve in senior accounting and finance roles, with the remaining representing a variety of management positions within a range of industries.
Media Contact:
Bill Ferguson
AICPA & CIMA
bill.ferguson@aicpa-cima.com