The latest report by AICPA & CIMA and NC State’s enterprise risk management (ERM) initiative has identified a worrying immaturity of ERM processes and a lack of understanding by executives and boards of the strategic value of an effective risk oversight process. At the same time the research showed a significant increase in the level and complexity of risks their organisations are facing.
The report found that 68 percent of respondents sense volume and complexities of risk increasing. However, only 31 percent describe their organisation’s risk oversight practices as “mature” or “robust”. Additionally, 18 percent indicate that executives do not see the benefits of ERM exceeding the costs or there are too many other pressing needs.
Key findings from the report include:
- The lack of embrace of the importance of risk oversight in organisations may be attributed to only 20 percent of organisations having embedded risk management incentives in their compensation plans.
- The volume and complexity of risks is increasing across the four geographic regions: Europe & UK (66 percent), Asia & Australasia (81 percent), Africa & Middle East (78 percent), US (65 percent).
- In all regions of the world, respondents who claimed their organisations had “mature” or “robust” risk oversight are in the minority: Europe (38 percent), Asia & Australasia (19 percent), Africa & Middle East (29 percent), US (29 percent).
- Only 44 percent of organisations describe their ERM process as a “mostly” to “extensively” systematic, robust, and repeatable process with regular reporting of top risk exposures to the board: Europe (51 percent), Asia & Australasia (46 percent), Africa & Middle East (43 percent), US (37 percent).
- Most executives do not believe their organisation’s risk management processes provide competitive advantage - Europe (15 percent), Asia & Australasia (23 percent), Africa & Middle East (40 percent), US (11 percent).
The 2023 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape includes insights from a survey of 983 global senior finance and business leaders conducted in 2023. The survey measured finance-related executives’ assessments of the level of maturity in their organisation’s proactive management of these risks through adoption of enterprise risk management (ERM) processes (a methodology that looks at risk management strategically from the perspective of the entire firm or organisation, and aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organisation's operations and objectives and/or lead to losses).
“Globally, the business environment is loaded with uncertainties that can generate risks at any point and in a variety of forms. Organisations face the realities of an increasingly complex risk environment while realising their current approach to risk oversight may be insufficient in a rapidly changing risk environment,” according to Mark Beasley, Alan T. Dickson distinguished professor of accounting and director of the ERM initiative at NC State. “Failure to rethink and redesign how the organisation is managing risks means risk management practices embraced decades ago are the ones still being used in today’s incredibly complex, fast-changing environment. And that’s a recipe for disaster.”
In addition to their perceptions of the changing nature of the overall risk environment, our respondents also reveal that their organisation has faced a significant operational surprise in the past five years with 55 percent indicating that their organisation has experienced a major, unexpected risk event impacting the organisation. The occurrence of an actual significant risk event suggests a potential breakdown in the organisations’ risk management processes.
“An ERM programme is not only a value preservation mechanism but a potential strategic value generating asset that drives decision-making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight,” said Ash Noah CPA, CGMA, vice president and managing director of management accounting at the Association of International Certified Professional Accountants. “Business leaders that embrace the reality that risk and return are related are likely to increase their investment in enterprise risk oversight to strengthen their organisation’s resiliency and agility when navigating the increasingly complex and uncertain risk landscape.”
Methodology:
The 2023 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape includes data collected during 2023 through an online survey of global business leaders across four core regions (Europe & the UK, Asia & Australasia, Africa & the Middle East, United States). In total, 983 fully completed surveys were submitted. Of those about half serve in senior accounting and finance roles, with the remaining representing a variety of management positions within a range of industries.
About AICPA & CIMA, together as the Association of International Certified Professional Accountants
AICPA® & CIMA®, together as the Association of International Certified Professional Accountants (the Association), advance the global accounting and finance profession through our work on behalf of 698,000 AICPA and CIMA members, candidates and engaged professionals in 188 countries and territories. Together, we are the worldwide leader on public and management accounting issues through advocacy, support for the CPA license, the CGMA designation and specialised credentials, professional and thought leadership. We build trust by empowering our members and engaged professionals with the knowledge and opportunities to be leaders in broadening prosperity for a more inclusive, sustainable and resilient future.
About North Carolina State University’s Enterprise Risk Management (ERM) Initiative
The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques (www.erm.ncsu.edu).