Skip to main content
Enterprise Risk Management

The 12th Edition of The State of Risk Oversight Sees How Organizations Are Evolving the Risk Landscape

The Enterprise Risk Management (ERM) Initiative teamed up with AICPA to produce the 2021 State of Risk Oversight, the twelfth edition of the annual report. The 2021 report highlights over 40 aspects of risk management practices that have been highlighted by the COVID-19 pandemic, social unrest and recent elections. 

“The need for robust risk management couldn’t be more evident in light of the past year’s events,” said Mark Beasley, director of the ERM Initiative. “Business leaders and other key stakeholders are realizing the benefits of increased investment in how they proactively navigate the ever-changing risk landscape. Now is the time for executives and their boards to make an honest assessment of the state of their existing risk management processes to pinpoint opportunities for improvement to enhance the long-term resiliency of their organizations and to pinpoint those risks worth taking for strategic success.”

Key Findings 

Risk Environment

Following a year of challenges and unrest, 2020 proved that no organization is immune to escalating volumes of complex risks. It revealed the need for many organizations to change how they govern their business and crisis management in order to improve the resiliency of their organizations to ever-growing challenges.  

Effective risk management has become a priority among boards of directors as many are facing pressures from numerous stakeholders to provide more risk information and to ensure the organizations they oversee are better prepared when unexpected risk events emerge.  

Maturity of Risk Management Practices

More than two thirds of organizations who were surveyed cannot claim that they have “complete ERM in place.” Many continue to struggle with integrating their risk management efforts with what strategically is important to the long-term success of the business.

There is a disconnect between desired and realistic risk management capabilities given that a majority of organizations describe their risk culture as “risk averse” even though only a minority of respondents describe their ERM process as “mature” or “robust.”

Risk Management Leadership

Pinpointing one executive among the C Suite to monitor risk management has become more common in the recent decade. Many chief risk officers report their findings directly to the CEO or chief financial officer. Even more common is the creation of management-level risk committees that regularly bring together individuals across multiple silos to consider enterprise-wide risk implications.

Ongoing Risk Monitoring 

The increased use of data analytics can provide opportunities to strengthen their management dashboard systems and track potential risks on the horizons. Often, boards of directors assign responsibility for risk management assessment and process to a board committee, typically an audit committee.

Most organizations prepare a formal report on top risks to the board at least annually, with the percentage highest in 2020.

About The State of Risk Oversight Report

This report highlights the state of risk oversight practices in 420 organizations. We believe readers can use this report to identify a number of factors to be considered as they seek to enhance their ERM approaches to managing the ever-changing nature of risks in the global business environment.