Despite perceived high volumes and complexities of risks, most organizations describe their risk management processes as immature
NEW YORK (July 12, 2022) – A new report issued today by the American Institute of CPAs (AICPA) and North Carolina State University’s Enterprise Risk Management (ERM) Initiative found that 65 percent of senior finance leaders agree that the volume and complexity of corporate risks have changed “mostly” or “extensively” over the last five years. Rapidly changing events, including the war in Ukraine, ongoing talent crisis, soaring inflation, lingering supply-chain disruptions, ransomware threats and a host of other risk triggers are leading to significant disruptions impacting an organization’s business model. Despite these complexities of risks, only a third (33 percent) say their organizations have complete ERM processes in place, and just over a quarter (29 percent) rate their organization’s overall risk management oversight as “mature” or “robust.”
The 2022 State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes insights from a survey of 560 U.S. CFOs and senior finance leaders conducted in winter 2022. The survey measured finance-related executives’ assessments of the level of maturity in their organization’s proactive management of these risks through adoption of enterprise risk management (ERM) processes. “
Our study finds that few executives perceive their risk management processes as providing important strategic value,” according to Mark Beasley, KPMG Professor of Accounting and Director of the ERM Initiative at NC State. “This is despite the reality that risk and return are interrelated – organizations must take risks in the pursuit of strategic objectives. It is our hope that the ongoing uncertainties and rapidly changing business environment will convince more executives of the strategic importance of having rich insights about risks facing the organization as they make key strategic decisions.”
The report found indication that adoption of ERM processes in the U.S. is on the rise. Over the last 13 years, the percentage of organizations that claim to have complete ERM processes in place has increased 24 points, from 9 percent to 33 percent, but that still suggests a majority of entities do not. Given the ongoing experience in navigating the multitude of risks experienced over recent years, more organizations will likely want to focus their efforts in strengthening their entity’s approach to managing the interconnected nature of risks to their business models.“
While predictable and unpredictable global disruptions continue to create new and exacerbate ongoing risk triggers, this research reinforces that enterprise risk management needs to be amplified in the list of priorities for CFOs,” said Ash Noah, CPA, CGMA, Vice President & Managing Director Learning Education & Development at the Association of International Certified Professional Accountants. “Value in the business is much more than the balance sheet these days, and along with providing protection for the business, embracing ERM especially at a time when organizations must pay close attention to ESG risks, supports the creation of value and the long-term viability and sustainability of the business.”
Additional key findings from the report include:
Most executives do not believe their organization’s risk management processes provide strategic advantage (63 percent state no or minimal advantage), with less than half (45 percent) positioning risk management to pinpoint emerging strategic risks.
A majority of boards of directors are calling for more senior executive involvement in risk oversight, with three-fourths (74 percent) signaling there will be significant changes to their existing continuity and crisis management planning.
While providing extensive data points about the state of risk oversight practices that organizations can use to benchmark their efforts, the report also offers a list of questions that executives and boards can use to assess their organization’s risk readiness and to help pinpoint tactical next steps for strengthening risk management processes. The questions cover nine areas including:
Drivers for enhanced risk management
Overall state of risk management maturity
Strategic value of risk management
Impact of culture on risk management
Assignment of risk management leadership
Risk identification and risk assessment processes
Risk monitoring processes
Board risk oversight structure
Board reporting and monitoring
The report also includes a number of calls for action to help executives and boards identify actions they can take to enhance the strategic value of their risk oversight. The full report can be found on both the AICPA and NC State websites at: https://www.aicpa.org/topic/management-accounting-and-finance/enterprise-risk-management or https://erm.ncsu.edu/library/article/2022-risk-oversight-report-erm-ncstate-lp
The ERM Initiative has a breadth of tools and resources to help executives through its searchable ERM Library and offers a number of executive learning opportunities and events.
The 2022 State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes data collected during the winter of 2022 through an online survey sent to members of the AICPA’s Business and Industry group who serve in chief financial officer or equivalent senior executive positions. In total, 560 fully completed surveys were submitted.
About the Association of International Certified Professional Accountants, and AICPA & CIMA
The Association of International Certified Professional Accountants® (the Association), representing AICPA® & CIMA®, advances the global accounting and finance profession through its work on behalf of 689,000 AICPA and CIMA members, students and engaged professionals in 196 countries and territories. Together, we are the worldwide leader on public and management accounting issues through advocacy, support for the CPA license and specialized credentials, professional education and thought leadership. We build trust by empowering our members and engaged professionals with the knowledge and opportunities to be leaders in broadening prosperity for a more inclusive, sustainable and resilient future.The American Institute of CPAs® (AICPA), the world’s largest member association representing the CPA profession, sets ethical standards for its members and U.S. auditing standards for private companies, not-for-profit organizations, and federal, state and local governments. It also develops and grades the Uniform CPA Examination and builds the pipeline of future talent for the public accounting profession. The Chartered Institute of Management Accountants® (CIMA) is the world’s leading and largest professional body of management accountants. CIMA works closely with employers and sponsors leading-edge research, constantly updating its professional qualification and professional experience requirements to ensure it remains the employer’s choice when recruiting financially trained business leaders.
About NC State’s Enterprise Risk Management (ERM) Initiative
The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques (www.erm.ncsu.edu).
Allison Carter Fanney,
NC State University