Ongoing Uncertainty, Growing Global Risks Continue to Outpace Risk Management Processes of U.S. Organizations
According to a report by the AICPA and NC State University, U.S. CFOs reveal that despite growing volumes of risk and uncertainty in the marketplace, risk governance processes lack robustness and maturity.
Media Contacts:
Suzanne Stanard
NC State University
919.264.4998
sjstanar@ncsu.edu
Bill Ferguson
AICPA & CIMA
919.402.4610
bill.ferguson@aicpa-cima.com
DURHAM, NC (July 23, 2024) – A report issued today by the Association of International Certified Professional Accountants representing AICPA & CIMA and North Carolina State University’s Enterprise Risk Management (ERM) Initiative found that 65% of senior finance leaders agree that the volume and complexity of corporate risks have changed “mostly” or “extensively” over the last five years. Despite this, only a third (37%) say their organizations have complete enterprise risk management (ERM) processes in place, and just over a quarter (30%) rate their organization’s overall risk management oversight as “mature” or “robust.” These findings are unchanged or slightly changed from a year ago.
New and rapidly changing risk events, including concerns about the economy and inflation, geopolitical developments impacting trade and supply chains, disruptive technologies and AI, cyber and privacy threats, and a host of other risk triggers are continuing to drive significant disruptions that impact an organization’s business model and strategic planning. Despite these unfolding realities, most organizations continue to not have robust enterprise risk management (ERM) practices in place.
The 2024 State of Risk Oversight: An Overview of Enterprise Risk Management Practices represents a 15-year partnership between the AICPA and NC State’s ERM Initiative and includes insights from a survey of 377 U.S. organizations (CFOs and senior finance leaders) conducted in winter 2024. The survey measured finance-related executives’ assessments of the level of maturity in their organization’s proactive management of these risks through adoption of ERM processes.
“Organizations with a robust, enterprise-wide and strategically focused approach to managing risks increase the odds that these risks can be managed proactively so that key strategic initiatives stay on track,” said Mark Beasley, Alan T. Dickson Distinguished Professor and Director of the ERM Initiative at NC State. “There has been a slow steady embrace of ERM as a formal risk management practice over the past 15 years of our study. However, the study finds that the majority organizations of all types and sizes continue to completely overlook or are making slow progress in advancing their ERM processes.”
The report did find indication, however, that adoption of ERM processes in the U.S. is on the rise. Over the last 15 years, the percentage of organizations that claim to have complete ERM processes in place has increased 28 points, from 9% to 37%, but that still suggests most entities do not. This finding, up 3% from last year’s report, again highlights the emphasis that more ERM focus is needed. Given the ongoing experience in navigating the multitude of risks experienced over recent years, more organizations will likely want to further enhance their focus on efforts to strengthen their entity’s approach to managing the interconnected nature of risks to their business models.
Additional key findings from the report include:
- Most executives do not believe their organization’s risk management processes provide strategic advantage (65% state no or minimal advantage), with less than half (46%) positioning risk management significantly to pinpoint emerging strategic risks.
- The frequency at which management shares risk exposure with the board of directors varies, with 64% reporting top risks to the board.
- Only 34% of executives note that their ERM process would assist in identifying and managing a significant risk event that would impact their organization’s reputation and brand.
“Disruption continues to be the norm as the transforming environment creates new and exacerbates ongoing risk triggers. It’s the preparedness and the speed of response that determines how businesses manage these situations that matters most to stakeholders. A solid risk management plan allows organizations to have mitigation and response plans in place to enable them to continue delivering critical products and services to their customers in the face of disruptions due to incidents or crisis,” said Ash Noah, CPA, CGMA, Vice President and Managing Director Learning Education and Development at the Association of International Certified Professional Accountants.
“That reality of disruptions and the 15-years of this research reinforces the need for enterprise risk management to be amplified in the list of priorities for CFOs. Value in the business is beyond the balance sheet these days and along with providing protection for the business, embracing ERM supports the creation and preservation of value and the long-term viability of the business.”
The report also includes several calls for action to help executives and boards identify actions they can take to enhance the strategic value of their risk oversight. These questions are just a sampling of the kinds of issues senior executives and boards of directors should consider as they evaluate the robustness of their entity’s approach to managing a rapidly evolving portfolio of risks:
- What are management’s perceptions about the current approach to risk management?
- Is there consensus about the most significant enterprise risks?
- How is the output from risk management used in strategic planning?
- Does management have access to robust key risk indicators?
- Is our entity sufficiently prepared to manage a significant risk event?
NC State’s ERM Initiative has a breadth of tools and resources to help executives through its searchable ERM Resource Center and offers a number of executive learning opportunities and events.
Methodology
The 2024 State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes data collected during the winter of 2024 through an online survey sent to members of the AICPA’s Business and Industry group who serve in chief financial officer or equivalent senior executive positions. In total, 377 fully completed surveys were submitted.
About AICPA & CIMA, together as the Association of International Certified Professional Accountants
AICPA® & CIMA®, together as the Association of International Certified Professional Accountants (the Association), advance the global accounting and finance profession through our work on behalf of 597,000 AICPA and CIMA members, students and registrants in 188 countries and territories. Together, we are the worldwide leader on public and management accounting issues through advocacy, support for the CPA license, the CGMA designation and specialized credentials, professional education and thought leadership. We build trust by empowering our members and engaged professionals with the knowledge and opportunities to be leaders in broadening prosperity for a more inclusive, sustainable, and resilient future.
About North Carolina State University’s Enterprise Risk Management (ERM) Initiative
The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques.
- Categories:
- Series: