The latest report by AICPA & CIMA and NC State’s Enterprise Risk Management (ERM) Initiative has identified a worrying immaturity of ERM processes and a lack of understanding by executives and boards of the strategic value of an effective risk oversight process. At the same time the research showed a significant increase in the level and complexity of risks their organisations are facing.

The report found that 68% of respondents sense volume and complexities of risk increasing. However, only 31% describe their organisation’s risk oversight practices as “mature” or “robust.” Additionally, 18% indicate that executives do not see the benefits of ERM exceeding the costs or there are too many other pressing needs.

Key findings from the report include:

  • The lack of embrace of the importance of risk oversight in organisations may be attributed to only 20% of organisations having embedded risk management incentives in their compensation plans.
  • The volume and complexity of risks is increasing across the four geographic regions: Europe & U.K. (66%), Asia & Australasia (81%), Africa & Middle East (78%), U.S. (65%).
  • In all regions of the world, respondents who claimed their organisations had “mature” or “robust” risk oversight are in the minority: Europe (38%), Asia & Australasia (19%), Africa & Middle East (29%), U.S. (29%).
  • Only 44% of organisations describe their ERM process as a “mostly” to “extensively” systematic, robust, and repeatable process with regular reporting of top risk exposures to the board: Europe (51%), Asia & Australasia (46%), Africa & Middle East (43%), U.S. (37%).
  • Most executives do not believe their organisation’s risk management processes provide competitive advantage – Europe (15%), Asia & Australasia (23%), Africa & Middle East (40%), U.S. (11%).

The 2023 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape includes insights from a survey of 983 global senior finance and business leaders conducted in 2023. The survey measured finance-related executives’ assessments of the level of maturity in their organisation’s proactive management of these risks through adoption of enterprise risk management (ERM) processes (a methodology that looks at risk management strategically from the perspective of the entire firm or organisation, and aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organisation’s operations and objectives and/or lead to losses).

Commenting on this, NC State professor of accounting and ERM Initiative director, Alan Dickson, said: “Globally, the business environment is loaded with uncertainties that can generate risks at any point and in a variety of forms. Organisations face the realities of an increasingly complex risk environment while realising their current approach to risk oversight may be insufficient in a rapidly changing risk environment.

“Failure to rethink and redesign how the organisation is managing risks means risk management practices embraced decades ago are the ones still being used in today’s incredibly complex, fast-changing environment. And that’s a recipe for disaster.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In addition to their perceptions of the changing nature of the overall risk environment, our respondents also reveal that their organisation has faced a significant operational surprise in the past five years with 55% indicating that their organisation has experienced a major, unexpected risk event impacting the organisation. The occurrence of an actual significant risk event suggests a potential breakdown in the organisations’ risk management processes.

AICPA vice president and managing director of management accounting, Ash Noah, concluded: “An ERM program is not only a value preservation mechanism but a potential strategic value generating asset that drives decision making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight.

“Business leaders that embrace the reality that risk and return are related are likely to increase their investment in enterprise risk oversight to strengthen their organisation’s resiliency and agility when navigating the increasingly complex and uncertain risk landscape.”