Skip to main content

Room for Improvement in Corporate Risk Oversight Worldwide, ERM-led Research Shows

The report, Enterprise Risk Oversight: A Global Analysis , is the first in a series of global thought leadership research papers being developed by the AICPA and CIMA. The underlying research in the report was conducted by faculty in the Enterprise Risk Management (ERM) Initiative in the North Carolina State University College of Management.

“The report summarizes two separate ERM research surveys designed and executed by the ERM Initiative,” said Dr. Mark Beasley, Deloitte Professor of Enterprise Risk Management and director of the ERM Initiative. The first survey, conducted in December 2009 at the request of the AICPA, sought information about risk oversight trends and techniques from U.S.-based members of the AICPA’s business, industry and government group, while the second survey in July 2010 focused on industry members of CIMA who work in organizations around the globe.

The organizations undertook the study to examine the current maturity of enterprise risk management, defined as the strategic, financial, operational and compliance protocols, in organizations around the globe.

“Both the U.S. and global surveys of executives find that the state of enterprise risk oversight is still relatively immature for most organizations,” Beasley said. “However, growing expectations are placing greater pressures on senior executives and boards to strengthen their approach to risk oversight. Boards of directors, including their audit committees, are calling on management to strengthen the robustness of how they identify, assess, and manage the organization’s most strategic and emerging risks.”

In a survey of U.S. CPA executives, 84 percent of respondents rated their companies’ risk oversight process as ranging from “very immature” to “moderately mature.” Sixty-one percent of global executives offered a similar assessment of their organizations’ enterprise risk management in a separate survey.

“While the report reveals that companies are more cognizant of risk, they are still falling significantly short in instituting risk management processes,” said Carol Scott, AICPA vice president – business, industry and government. “The financial crisis underscored the potential consequences for companies that have lax risk oversight.”

Forty-five percent of the U.S. respondents said their companies had no enterprise-wide risk management process in place and no plans for implementing one. This compares with 37 percent of the global respondents who reported the same situation in their organizations.

A majority of both of U.S. (60 percent) and of global (75 percent) respondents said the volume and complexity of risk are greater than they were five years ago. However, less than half of both groups (40 percent of U.S. and 47 percent of global respondents) described their organization as being “risk averse.”

Charles Tilley, chief executive of CIMA, said, “The report findings clearly show that organizations need to start putting processes in place to deal with the perceived increase in the complexity and volume of risk. As the events during the last few years show, companies can’t take a ‘head in the sand’ approach to risk management or simply hope for the best.”

More U.S. organizations (65 percent) formally assign the responsibility for risk oversight to the audit committee than do global organizations (57 percent). Some of the difference is “likely attributable” to differences in board governance structures that exist around the world, according to the report.

The report shows that the United States falls behind the rest of the world in risk-management training. While two thirds (67 percent) of global respondents said there was minimal or no training in this area, 78 percent of U.S. executives surveyed offered the same response.

The AICPA offers its members in both business and public practice guidance and many papers on enterprise risk management so they can counsel their employers and clients on this increasingly critical function. The Committee of Sponsoring Organizations, of which the AICPA is a co-founder, developed a series of guides on enterprise risk management, which are available for order at http://www.coso.org/guidance.htm.

Research Methodology

In December 2009, the AICPA commissioned the Enterprise Risk Management Initiative in the North Carolina State University College of Management (see erm.ncsu.edu) to survey members of the business, industry and government group. CPA executives from 331 U.S.-based organizations responded. In July 2010, CIMA separately commissioned the Enterprise Risk Management Initiative to conduct a similar survey of its membership, with 264 respondents representing organizations based in all regions of the globe. Individuals responded to over 40 questions in online surveys. The majority of those responding (61 percent of global respondents and 65 percent of U.S. respondents) had the title of chief financial officer or finance director. Global respondents’ organizations had median revenue of $100 million, whereas U.S. respondents’ organizations had median revenue of $50 million.

About the Enterprise Risk Management (ERM) Initiative

The ERM Initiative was created in the NC State University College of Management to meet growing expectations for boards of directors, audit committees, and senior executives to design and implement effective enterprise risk management systems to protect and enhance an entity’s value, help them manage risk more effectively across the enterprise – and to remain competitive. The initiative is funded in part by a $1 million gift from the Bank of America Foundation. For more information about the ERM Initiative, visit www.erm.ncsu.edu.

About the NC State University College of Management

The College of Management was established in the North Carolina State University in 1992. It offers bachelor’s degrees in accounting, business management and economics undergraduate and, through its Jenkins Graduate School of Management, offers the Master of Accounting, Master of Business Administration, and Master of Global Innovation Management degree programs, with an emphasis on management and leadership in a technology focused, global marketplace. The college also offers master’s and doctoral degrees in economics, presented jointly with NC State’s College of Agricultural and Life Sciences. For more information about the NC State College of Management, visit poole.ncsu.edu.

About CIMA

p3. The Chartered Institute of Management Accountants, founded in 1919, is the world’s leading and largest professional body of Management Accountants, with 172,000 members and students operating in 165 countries, working at the heart of business. CIMA members and students work in industry, commerce and not-for-profit organisations. CIMA works closely with employers and sponsors leading-edge research, constantly updating its qualification, professional experience requirements and continuing professional development to ensure it remains the employers’ choice when recruiting financially-trained business leaders. For more information about CIMA, please visit www.cimaglobal.com.

About the AICPA

The American Institute of Certified Public Accountants (www.aicpa.org) is the national, professional association of CPAs, with approximately 360,000 CPA members in business and industry, public practice, government, education, student affiliates and international associates. It sets ethical standards for the profession and U.S. auditing standards for audits of private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination. The AICPA publishes the website www.IFRS.com to inform members and the public about international accounting standards. The AICPA maintains offices in New York, Washington, D.C., Durham, N.C., Ewing, N.J. and Lewisville, Texas.