RALEIGH – Nearly half of U.S. chief financial officers (CFOs) say managing their organization’s talent needs is one of their top concerns, according to a new report released on Tuesday by the American Institute of CPAs (AICPA) and North Carolina State University’s Enterprise Risk Management (ERM) Initiative.

“The State of Risk Oversight: An Overview of Enterprise Risk Management Practices” includes insights from 445 U.S. CFOs and senior finance leaders on their level of concern about a number of potential risks and their organization’s proactive management of these risks through adoption of enterprise risk management processes.

According to the report, 48 percent of CFOs said they are “mostly” or “extensively” concerned about their organization’s ability to manage the leadership and talent needs.

Other potential risks cited include: the impact of the economy (42 percent), innovations disrupting their organization’s business model (40 percent), shifts in consumer and social demographics (34 percent) and social media harming the organization’s reputation and brand (30 percent).

NCSU: Only 31% of companies have risk management process in place despite growing threats

Most (59 percent) senior finance leaders also agreed that the volume and complexity of corporate risks have changed “mostly” or “extensively” over the last five years. Despite this, a majority (69 percent) said their organizations do not have complete ERM processes in place, and less than a quarter (23 percent) would rate their organization’s overall risk management oversight as “mature” or “robust.”

The report did find indications, however, that adoption of ERM processes in the U.S. is on the rise. Over the last decade, the number of organizations that claim to have complete ERM processes in place has increased 22 percentage points, from 9 percent to 31 percent.

“While most executives perceive that uncertainties in the business environment are leading to more complex risk challenges for their organizations, few executives describe their organization’s approach to risk management as mature or robust,” says Mark Beasley, professor of enterprise risk management and accounting in NC State’s Poole College of Management and director of NC State’s ERM Initiative.

“That may be changing, given the majority of organizations have external stakeholders and boards of directors who are calling for more extensive management involvement in risk oversight,” Beasley says.

Q&A: What will fallout be for execs from NCSU risk management survey?

“In this environment of unprecedented levels of risk, CFOs must take the lead and guide their organizations to approach, evaluate and mitigate risk in a very systematic way,” says Ash Noah, CPA, CGMA, managing director of CGMA Learning, Education and Development at AICPA. “ERM provides organizations with a way to create and maximize value for their shareholders and stakeholders, ensuring the long-term viability of the business.”

Other key findings from the survey include:

  • There is a growing demand for Chief Risk Officers (CROs). The percentage of organizations that have formally designated individuals serving as CROs has more than doubled since 2009, from 18 percent to 50 percent.
  • Management wants a greater focus on risk. Over the last decade, the number of organizations with management-level risk committees has increased 43 percentage points, from 22 percent to 65 percent.
  • There is a disconnect between risk and strategy. Less than 20 percent of organizations view their risk management processes as providing important strategic advantage, and only 26 percent say their boards of directors discuss risk exposures when they discuss the organization’s strategic plan.
  • The survey also asked respondents to share perceived barriers to implementing enterprise-wide risk management processes in their organizations. Reasons cited include: believing risk was monitored in other ways besides for ERM (51 percent), competing priorities (49 percent) and insufficient resources (46 percent).


Survey: Even as risks mount, corporations’ risk management efforts lag