ERM News - The Maturing Process of Enterprise Risk Management
Enterprise Risk Management (ERM) processes appear to have leveled off in large organizations, public companies, and financial services organizations according to The ERM Initiative in the Poole College of Management at North Carolina State University's most recent study. However, significant opportunities remain for organizations to strengthen processes for assessing key risks for strategic impact.
The ERM Initiative 2014 study was completed in conjunction with the American Institute of Certified Public Accountants' (AICPA) Business, Industry, and Government Team. Data concerning risk management operations was received from 446 financial executives across United States industry. The key findings include:
1. Organizations continue to face an increasing volume and complexity of risks, and they report having been caught off-guard by operational surprises on a regular basis
2. While the percentage of organizations that claim to have a "complete formal enterprise-risk management process in place" has increased since the first year of their study (2009), the increase in 2013 over 2012 was only slight, suggesting that notable strides in risk oversight maturity did not occur over the prior year.
3. Despite that, almost half of all organizations in the survey have no ERM processes in place, which is surprising given that nearly 60% of organizations describe their risk culture as "strongly risk averse" or "risk averse" and over two-thirds of organizations surveyed have faced significant operational surprises.
4. For a majority (60.8%) of the organizations, the board of directors is asking "somewhat," "mostly," or "extensively" for increased senior executive involvement in risk oversight. Board expectations for greater senior executive involvement are much greater for the largest organizations (86.9%), public companies (78.1%), and financial services entities (72.6%).
5. While the percentage of organizations embracing ERM is on the rise, the level of risk management sophistication still remains fairly immature for most responding to their survey.
6. Almost 40% of all organizations maintain inventories of risks at the enterprise level, although close to three-quarters of the organizations do not provide explicit guidelines or measures to business unit leaders on how to assess probability and impact of risks
7. Just under half (45.1%) either have no structured process for identifying and reporting risk exposures to the board or they track risks by silos with minimal reporting of aggregate risk exposures to the board
The relevance of the study to organizations that currently do not have an ERM effort underway is:
1. Commence an effort to gain a holistic view of risk from a strategic viewpoint
2. Create measurement standards for the strategic, financial, operational, and hazard risk elements of the organization
3. Support technology and reporting as a way to understand key risk factors that affect the business objectives
4. Educate employees at all levels of the organization about specific risks that apply to the organization and them
5. Regularly discuss risk metrics and mitigation strategies as an integrated topic with other organizational objectives (i.e. build the "Risk Reward Relationship" into everything you do)
6. Communicate the benefits of risk management by showing increased income or savings
Click here for more information from the latest Report on the Current State of Enterprise Risk Management: Opportunities to Strengthen Integration with Strategy >>