A worrying immaturity of ERM processes and a lack of understanding by executives and boards of the strategic value of an effective risk oversight process is emerging.
At the same time, a new report shows a significant increase in the level and complexity of risks their organisations are facing.
It found that 68% of respondents sense volume and complexities of risk increasing. However, only 31% describe their organisation’s risk oversight practices as “mature” or “robust.” Additionally, 18% indicate that executives do not see the benefits of ERM exceeding the costs or there are too many other pressing needs.
Key findings from the report include:
* The lack of embrace of the importance of risk oversight in organisations may be attributed to only 20% of organisations having embedded risk management incentives in their compensation plans.
* The volume and complexity of risks is increasing across the four geographic regions: Europe and UK (66%), Asia and Australasia (81%), Africa and Middle East (78%), US (65%).
* In all regions of the world, respondents who claimed their organisations had “mature” or “robust” risk oversight are in the minority: Europe (38%), Asia & Australasia (19%), Africa and Middle East (29%), US (29%).
* Only 44% of organisations describe their ERM process as a “mostly” to “extensively” systematic, robust, and repeatable process with regular reporting of top risk exposures to the board: Europe (51%), Asia and Australasia (46%), Africa and Middle East (43%), US (37%).
* Most executives do not believe their organisation’s risk management processes provide competitive advantage – Europe (15%), Asia and Australasia (23%), Africa and Middle East (40%), US (11%).
The 2023 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape, compiled by AICPA & CIMA and NC State University’s Enterprise Risk Management (ERM) Initiative, includes insights from a survey of 983 global senior finance and business leaders conducted in 2023. The survey measured finance-related executives’ assessments of the level of maturity in their organization’s proactive management of these risks through adoption of enterprise risk management (ERM) processes (a methodology that looks at risk management strategically from the perspective of the entire firm or organization, and aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organisation’s operations and objectives and/or lead to losses).
“Globally, the business environment is loaded with uncertainties that can generate risks at any point and in a variety of forms. Organisations face the realities of an increasingly complex risk environment while realising their current approach to risk oversight may be insufficient in a rapidly changing risk environment,” comments Mark Beasley, Alan T Dickson Distinguished Professor of Accounting and Director of the ERM Initiative at NC State.
“Failure to rethink and redesign how the organisation is managing risks means risk management practices embraced decades ago are the ones still being used in today’s incredibly complex, fast-changing environment. And that’s a recipe for disaster.”
In addition to their perceptions of the changing nature of the overall risk environment, respondents also reveal that their organisation has faced a significant operational surprise in the past five years, with 55% indicating that their organization has experienced a major, unexpected risk event impacting the organisation. The occurrence of an actual significant risk event suggests a potential breakdown in the organisations’ risk management processes.
“An ERM program is not only a value preservation mechanism but a potential strategic value generating asset that drives decision making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight,” says Ash Noah CPA, CGMA, vice-president and MD of management accounting at the Association of International Certified Professional Accountants. “Business leaders that embrace the reality that risk and return are related are likely to increase their investment in enterprise risk oversight to strengthen their organization’s resiliency and agility when navigating the increasingly complex and uncertain risk landscape.”