RALEIGH—If you don’t have formal risk management processes in place, you’re putting your business in danger, according to new report, “Global State of Enterprise Risk Oversight, which was conducted by the Enterprise Risk Management Initiative at North Carolina State University on behalf of the Chartered Global Management Accountant (CGMA) designation.

While the new edition of the report notes that 60 percent of boards are seeking more involvement from senior management to prepare for potential crises. However, many organizations, especially small and medium enterprises, have not dedicated resources to ensure a risk management process is in place.

The report, which included the results from a study of more than 1,300 executives worldwide, found that about 60 percent of organizations are facing increasing and more complex risk issues than they were five years ago.

Despite that, fewer than 35 percent of organizations have implemented a formal enterprise risk management program (ERM) – a framework to identify and prepare for future threats to an organization’s core business model and strategic plan.

“With three-in-five companies facing increasing risks, and regulators, boards and shareholders beginning to demand more effective risk management from organizations, it’s critical for management teams to take a closer look at their risk management programs and make them more robust,” said Ash Noah, vice president of external relations, AICPA.

“Rigorously identifying and addressing potential threats is paramount for ensuring the long-term success of a company, pressure testing the effectiveness of risk mitigation plans and providing a competitive advantage in the market.”

Additional findings from the study include:

  • About one third, or 34 percent, of executives in the U.S. are experiencing increased demands from regulators for more effective risk oversight and 19 percent report similar demands from shareholders
  • Internationally, more than 70 percent of firms are formally assigning management’s risk oversight to their board of directors in contrast to only 46 percent of U.S. firms
  • About 70 percent of organizations felt that their risk management processes were not mature
  • Approximately 80 percent have not invested in risk management training for executives in the past few years
  • Only 20 percent of organizations integrate risk management activities with performance compensation/remuneration

With the risk environment presenting companies with greater challenges than ever before, having an effective enterprise-wide risk oversight program is crucial.

Steps organizations can take to improve include:

  • Take an honest and open assessment of the efficacy of the organization’s current approach to risk oversight in the light of the rapidly changing risk environment.
  • Organizations generally implement risk oversight using a siloed risk management approach. Instead, consider the extent to which critical risks may occur and not be detected by silo risk managers and implement greater cross-collaboration throughout the organization.
  • Many executives view risk management as mostly focused on compliance and loss prevention with little connection to strategy and value creation. Assess the extent to which risk management is an important input to the strategic planning process and adjust risk management processes accordingly.
  • Move from a casual, ad hoc way of thinking to implementing a structured and explicit set of risk identification, assessment and monitoring processes that requires focus and accountability at the board and senior management levels.

By following these four steps, senior management can gain a better view of the organization’s most pressing risks, be better prepared for issues before they arise and adjust company strategies as needed in order to navigate challenges that may impact the success of the business.

The American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA) commissioned the study, which was conducted by the Enterprise Risk Management Initiative at North Carolina State University on behalf of the Chartered Global Management Accountant® (CGMA®) designation.For more information on the AICPA and CIMA report, “Global State of Enterprise Risk Oversight 2nd Edition” or the Chartered Global Management Accountant(CGMA®) designation see: www.cgma.org.