New Report: Enterprise Risk Management Processes Remain Undervalued by Global Boards and Executives Amid Heightening Risk Environment

Media Contacts:
Suzanne Stanard
NC State University
919.264.4998
sjstanar@ncsu.edu

Bill Ferguson
AICPA & CIMA
919.402.4610
bill.ferguson@aicpa-cima.com

NEW YORK (October 31, 2024) – The latest report by AICPA & CIMA and North Carolina State University’s Enterprise Risk Management (ERM) Initiative confirms that risks are increasing globally in volume and complexity, regardless of geography. However, business leaders are not sufficiently investing in their organization’s risk oversight despite the hazards posed to business models by not doing so.

The report found that 66% of respondents sense volume and complexities of risk increasing. However, only 32% describe their organization’s risk oversight practices as “mature” or “robust.” Additionally, 17% indicate that executives do not see the benefits of ERM exceeding the costs or feel that there are too many other pressing needs.

These results come as participants also revealed that their organization had faced a significant operational surprise in the past five years with 48% indicating that their organization has experienced a major, unexpected risk event impacting the organization. The occurrence of an actual significant risk event suggests a potential breakdown in organizational risk management processes.

Additional key findings from the report include:

• The volume and complexity of risks are increasing across the four geographic regions: Europe & U.K. (66%), Asia & Australasia (68%), Africa & Middle East (73%), U.S. (64%).
• Organizations are recognizing the need to identify a risk management leader, with 47% of respondent organizations globally appointing a single individual (Chief Risk Officer or equivalent) to lead the risk management function. However, more organizations (64%) are likely to have a management-level risk committee in place versus a single individual risk management leader. Across the four geographic regions: Europe & U.K. (40% single / 67% committee), Asia & Australasia (48% single / 61% committee), Africa & Middle East (61% single / 76% committee), U.S. (48% single / 60% committee).
• In all regions of the world, respondents who claimed their organizations had “mature” or “robust” risk oversight are in the minority: Europe (38%), Asia & Australasia (25%), Africa & Middle East (32%), U.S. (30%).
• Only 47% of organizations describe their ERM process as a process that is “mostly” to “extensively” systematic, robust, and repeatable with regular reporting of top risk exposures to the board: Europe (52%), Asia & Australasia (45%), Africa & Middle East (59%), U.S. (44%).

The 2024 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape measured finance-related executives’ assessments of the level of maturity in their organization’s proactive management of all kinds of risks through adoption of enterprise risk management (ERM) processes (a methodology that looks at risk management strategically from the perspective of the entire firm or organization, and aims to identify, assess, and prepare for potential losses, dangers, hazards, and other potentials for harm that may interfere with an organization’s operations and objectives and/or lead to losses).

“Globally, effective enterprise-wide risk management should be one of the organization’s most important strategic tools. Unfortunately, many organizations view risk management as a distraction from more important strategic tasks,” according to Mark Beasley, Alan T. Dickson Distinguished Professor of Accounting and director of the ERM Initiative at NC State. “Risk management will not become easier over time. Given the rapid speed of change in the global business environment, complex risk issues will continue to emerge at rapid-fire pace. Now is the time for many organizations to give their approach to risk governance an honest assessment.”

“An ERM program is not only a value preservation mechanism but a potential strategic value generating asset that drives decision making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight,” said Ash Noah CPA, CGMA, vice president & managing director of management accounting at the Association of International Certified Professional Accountants. “If enterprise-wide risk programs are not teasing out emerging strategic risks, the output of those programs is less likely to provide valuable insights important for strategic decision-making. Finding ways to integrate risk management and strategy is an imperative if risk management systems are to be value-adding.”

Methodology

The 2024 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape includes data collected during 2024 through an online survey of global business leaders across four core regions (Europe & the U.K., Asia & Australasia, Africa & the Middle East, United States). In total, 623 fully completed surveys were submitted. About half of the respondents serve in senior accounting and finance roles, with the remaining representing a variety of management positions within a range of industries.

About AICPA & CIMA, together as the Association of International Certified Professional Accountants   

AICPA ® & CIMA ® , together as the Association of International Certified Professional Accountants (the Association), advance the global accounting and finance profession through our work on behalf of 597,000 AICPA and CIMA members, candidates and registrants in 188 countries and territories. Together, we are the worldwide leader on public and management accounting issues through advocacy, support for the CPA license, the CGMA designation and specialized credentials, professional education and thought leadership. We build trust by empowering our members, candidates and registrants with the knowledge and opportunities to be leaders in broadening prosperity for a more inclusive, sustainable and resilient future.

About North Carolina State University’s Enterprise Risk Management (ERM) Initiative

The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques.