Despite 65% of senior finance leaders agreeing that the volume and complexity of corporate risks have changed ‘mostly’ or ‘extensively’ over the last five years, just 29% rate their organisation’s overall risk management oversight as ‘mature’ or ‘robust’.
A report from the American Institute of CPAs (AICPA) and North Carolina State University’s Enterprise Risk Management (ERM) Initiative found that despite these complexities, only 33% say their organisations have complete ERM processes in place.
The report includes insights from a survey of 560 US CFOs and senior finance leaders collected in early 2022. The survey covered a number of aspects related to their organisation’s risk oversight processes. It measured their assessments of the level of maturity in their organisation’s proactive management of these growing risks through usage of adoption of ERM processes.
KPMG Professor of Accounting and ERM Initiative at NC State director Mark Beasley said: “Our study finds that few executives perceive their risk management processes as providing important strategic value.”
Most executives (63%) do not believe their organisation’s risk management processes provide strategic advantage (‘no’ or ‘minimal’ advantage). Risk management is also only positioned by 45% to identify emerging strategic risks.
“This is despite the reality that risk and return are interrelated – organisations must take risks in the pursuit of strategic objectives. It is our hope that the ongoing uncertainties and rapidly changing business environment[s] will convince more executives of the strategic importance of having rich insights about risks facing the organisation as they make key strategic decisions,” Beasley adds.
There are several obstacles to advancing an organisation’s risk management process, with the most common reason being the belief that ‘risks are managed in other ways besides ERM’. Although the report found that over the last 13 years, the percentage of organisations claiming to have complete ERM processes in place has risen from 9% to 33%, they are still in the minority.
Given ongoing need to navigate a multitude of growing risks, more organisations will likely want to focus their efforts on strengthening their entity’s approach to managing the interconnected nature of risks to their business models. More senior executive involvement in risk oversight is being called for, with 74% of boards of directors signalling there’ll be significant changes to their existing continuity and crisis management planning.
Association of International Certified Professional Accountants vice president and managing director learning & development Ash Noah said: “Value in the business is much more than the balance sheet these days, and along with providing protection for the business, embracing ERM especially at a time when organisations must pay close attention to ESG risks, supports the creation of value and the long-term viability and sustainability of the business.”
Calls for action encourage readers to consider questions related to risk management in their own businesses. These cover current approaches and opinions, as well as strategies and indicators for key risks to plan for.