New report from the AICPA and North Carolina State University compares senior executives’ perceptions of risk over the last decade and reveals an uptick in adoption of enterprise risk management (ERM) practices in organizations
- 59% of CFOs say the volume and complexity of risks are rising
- 69% of organizations don’t have complete ERM practices in place
- Adoption of ERM has increased 22-percentage points over the last decade
- Demand for Chief Risk Officers has more than doubled over the last 10 years
NEW YORK (APRIL 2, 2019) –Nearly half of US CFOs say managing their organization’s talent needs is one of their top concerns, according to a new report released today by the American Institute of CPAs (AICPA) and North Carolina State University’s Enterprise Risk Management (ERM) Initiative.
The State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes insights from 445 US CFOs and senior finance leaders on their level of concern about a number of potential risks and their organization’s proactive management of these risks through adoption of enterprise risk management (ERM) processes.
According to the report, 48% of CFOs said they are “mostly” or “extensively” concerned about the organization’s ability to manage leadership and talent needs. Other potential risks cited include: the impact of the economy (42%), innovations disrupting the organization’s business model (40%), shifts in consumer and social demographics (34%) and social media harming the organization’s reputation and brand (30%).
Most (59%) senior finance leaders also agreed that the volume and complexity of corporate risks have changed “mostly” or “extensively” over the last five years. Despite this, a majority (69%) said their organizations do not have complete ERM process in place, and less than a quarter (23%) would rate their organization’s overall risk management oversight as “mature” or “robust.” The report did find indication, however, that adoption of ERM processes in the US is on the rise. Over the last decade, the number of organizations that claim to have complete ERM processes in place has increased 22 percentage points, from 9% to 31%.
“While most executives perceive that uncertainties in the business environment are leading to more complex risk challenges for their organizations, few executives describe their organization’s approach to risk management as mature or robust,” said Mark Beasley, CPA, professor of enterprise risk management and accounting and director of NC State’s ERM Initiative. “That may be changing, given the majority of organizations have external stakeholders and boards of directors who are calling for more extensive management involvement in risk oversight.”
“In this environment of unprecedented levels of risk, CFOs must take the lead and guide their organizations to approach, evaluate and mitigate risk in a very systematic way,” said Ash Noah, CPA, CGMA, managing director of CGMA Learning, Education and Development at the Association of International Certified Professional Accountants (the Association), the united voice of the AICPA and the Chartered Institute of Management Accountants (CIMA). “ERM provides organizations with a way to create and maximize value for their shareholders and stakeholders, ensuring the long-term viability of the business.”
Other key findings from the survey include:
- There is a growing demand for Chief Risk Officers (CROs). The percentage of organizations that have formally designated individuals serving as CROs has more than doubled since 2009, from 18% to 50%.
- Management wants a greater focus on risk. Over the last decade, the number of organizations with management-level risk committees has increased 43 percent points, from 22% to 65%.
- There is a disconnect between risk and strategy. Less than 20% of organizations view their risk management processes as providing important strategic advantage, and only 26% say their boards of directors discuss risk exposures when they discuss the organization’s strategic plan.
The survey also asked respondents to share perceived barriers to implementing enterprise-wide risk management processes in their organizations. Reasons cited include: believing risk was monitored in other ways besides for ERM (51%), competing priorities (49%) and insufficient resources (46%).
Download a copy of The State of Risk Oversight: An Overview of Enterprise Risk Management Practices. Find additional resources on risk management from the Association on CGMA.org.
The State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes data collected during the fall of 2018 through an online survey sent to members of the AICPA’s Business and Industry group who serve in chief financial officer or equivalent senior executive positions. In total, 445 fully completed surveys were submitted.