A report issued by the Association of International Certified Professional Accountants representing AICPA & CIMA and North Carolina State University’s Enterprise Risk Management (ERM) Initiative found that 65% of senior finance leaders agree that the volume and complexity of corporate risks have changed “mostly” or “extensively” over the last five years. Despite this, only a third (34%) say their organisations have complete enterprise risk management (ERM) processes in place, and just over a quarter (29%) rate their organisation’s overall risk management oversight as “mature” or “robust.” These findings are unchanged from a year ago. 

Rapidly changing events, including concerns about the economy and inflation, geopolitical developments impacting trade and supply chains, disruptive technologies and AI, cyber and privacy threats, and a host of other risk triggers are continuing to drive significant disruptions that impact an organisation’s business model. Despite these unfolding realities, most organisations continue to not have robust enterprise risk management (ERM) practices in place. 

The 2023 State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes insights from a survey of 454 U.S. CFOs and senior finance leaders conducted in winter 2023. The survey measured finance-related executives’ assessments of the level of maturity in their organisation’s proactive management of these risks through adoption of ERM processes. 

NC State professor and director of ERM Initiative, Mark Beasley, said: “Our study finds that organisations of all types and sizes continue to overlook an important reality that risks can emerge rapidly triggering a cascade of events that quickly derail the organisation’s strategic goals. 

 “Organisations that invest in robust risk oversight processes that explicitly link risk insights to strategies increase their nimbleness and agility, which can provide huge strategic advantage if done so better than their competitors.” 

The report did find indication, however, that adoption of ERM processes in the U.S. is on the rise. Over the last 13 years, the percentage of organisations that claim to have complete ERM processes in place has increased 25 points, from 9% to 34%, but that still suggests most entities do not. This finding, also unchanged from last year’s report, again highlights the emphasis that more ERM focus is needed. Given the ongoing experience in navigating the multitude of risks experienced over recent years, more organisations will likely want to further enhance their focus on efforts to strengthen their entity’s approach to managing the interconnected nature of risks to their business models. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Additional key findings from the report include: 

  • Most executives do not believe their organisation’s risk management processes provide strategic advantage (64% state no or minimal advantage), with less than half (40%) positioning risk management significantly to pinpoint emerging strategic risks. 
  • The frequency at which management shares risk exposure with the boards of directors varies with 43% reporting top risks to the board on an annual basis, followed by reporting on a quarterly basis (41%). Only 16% of organisations report top risk exposures to the board at every board meeting. 

Commenting on this, AICPA vice president and managing director for learning education and development, Ash Noah, said: “We can safely predict that disruption is the norm and will continue to create new and exacerbate ongoing risk triggers. It’s the preparedness and the speed of response that determines how businesses manage these situations that matters most to stakeholders. A solid risk management plan allows organisations to continue delivering critical products and services in the face of an unplanned incident or crisis. 

“That reality of disruptions and this research reinforces the need for enterprise risk management to be amplified in the list of priorities for CFOs. Value in the business is beyond the balance sheet these days and along with providing protection for the business, embracing ERM supports the creation and preservation of value and the long-term viability of the business.”