Skip to main content
NC State Home
Poole College of Management
Enterprise Risk Management Initiative
ERM Frameworks and Best Practices

2025 The State of Risk Oversight: Key Trends in Enterprise Risk Management (ERM)

September 8, 2025 Mark S. Beasley and Bruce C. Branson 4-min. read
2025 State of Risk Oversight Report 16th Edition Cover of Report

New ERM Research from NC State and AICPA Reveals Gaps in Risk Strategy

In today’s rapidly evolving risk environment, most organizations still fall short. Only 11% say their risk processes offer a strategic edge. Discover how NC State’s ERM Initiative and AICPA surveyed 273 U.S. executives to uncover five critical areas where risk oversight is failing—and what boards and executives can do about it.

Introduction

Explore the 2025 State of Risk Oversight Report, the 16th annual study conducted by the Enterprise Risk Management (ERM) Initiative at NC State University in collaboration with the AICPA. This comprehensive research analyzes how organizations of all sizes are adapting their risk oversight strategies to navigate today’s increasingly complex and volatile business environment.

Download accessible version (Word)

Key Findings from the 2025 ERM Report

  • 61% of executives report rising risk complexity, yet only 32% rate their risk oversight as mature or robust.
  • Just 11% believe their ERM processes offer strategic advantage.
  • Only 30% integrate risk exposure into capital allocation decisions.
  • 41% cite competing priorities and resource constraints as barriers to advancing risk management.
  • Only 27% say their ERM process helps manage reputation-impacting risks.
  • Most organizations lack long-term risk engagement strategies.

Five Strategies from the 2025 ERM Report

Focus AreaKey Insight
Strategic IntegrationRisk data is often excluded from strategic planning, despite its critical role in balancing risk and reward.
Executive CommunicationRisk discussions are mostly ad hoc, limiting proactive decision-making.
Leadership InvestmentMore organizations are forming risk committees and delegating oversight to board subcommittees.
Risk FundamentalsIT and compliance risks dominate attention; strategic and market risks are under-monitored.
Continuous ImprovementCompeting priorities hinder investment in risk management despite growing uncertainty.

Organizations must move beyond reactive risk management and embrace a proactive, enterprise-wide approach.”
— Tom Hood, EVP, AICPA & CIMA

Actions to Enhance Risk Oversight

This report highlights a number of areas where enhancements to an organization’s monitoring of the fast-changing risk landscape may be warranted. To assist senior executives and boards in recognizing limitations in their organization’s focus on risks and opportunities, the report includes 25 suggested discussion topics that senior executive teams and their boards of directors can use to engage in conversations about opportunities to strengthen their risk intelligence for their organization.

Next Steps for Strengthening Risk Oversight

StepsQuestions to Consider for Strengthening Risk Oversight
1.How rapidly is our organization’s business environment changing and how difficult is it for our leadership team to anticipate emerging issues?
2.Where is our organization most vulnerable if we continue with our status quo approach to risk management?
3.To what extent is the output of our risk management process an important input to strategic planning?
4.What can be done to alter our approaches to risk identification to help us think ‘outside the box’?
5.What enhancements to our management dashboard do we need to make to track changes in risks over time?
6.What cultural barriers are limiting our senior executives’ ability to recognize the importance of strategic risk management?
7.What can our organization do to raise awareness of the need for effective enterprise-wide risk management?
8.When risk information is communicated to leadership, is it generating robust discussion?
9.What are the risk oversight expectations of our key stakeholders and how well are we meeting them?
10.Do we have the right leaders engaged in overseeing the enterprise portfolio of risks?

Subgroup Insights

  • Large Organizations (76)
  • Publicly Traded Companies (61)
  • Financial Institutions (76)
  • Non-Profit Organizations (66)

PREVIOUS REPORTS

In the table below, you can download reports from previous years.

ACCESSIBLE VERSION IN WORDPDF VERSION
15th Edition15th Edition
14th Edition14th Edition
13th Edition13th Edition
12th Edition12th Edition
11th Edition11th Edition
10th Edition10th Edition
9th Edition9th Edition
8th Edition8th Edition
7th Edition7th Edition
6th Edition6th Edition
5th Edition5th Edition
4th Edition4th Edition
3rd Edition3rd Edition
1st Edition1st Edition

If your organization seeks additional training on the topic of ERM, the ERM Initiative hosts executive education and ERM Roundtable Summits featuring ERM best practices. Learn more.

Want more?

Subscribe to ERM Insights. We’ll deliver directly to you inbox the latest research, insights and opportunities from the NC State ERM Initiative to help you and your organization lead with confidence.

This field is for validation purposes and should be left unchanged.

Original Article Source:2025 State of Risk Oversight Report,” Mark S. Beasley and Bruce C. Branson, AICPA and NC State University ERM Initiative, September 2025

Original Accessible Article Source:2025 State of Risk Oversight Report,” Mark S. Beasley and Bruce C. Branson, AICPA and NC State University ERM Initiative, September 2025

More From Enterprise Risk Management Initiative

Cover of a new ERM Tool: Communicating Risk Information to the C-Suite and Board

How to Communicate Risk to the C-Suite and Board
Cyber Breach Response Playbook

ERM Tool: Developing a Cyber Breach Response Playbook
ERM tool cover with booklet image and colorful abstract design.

Evaluating Your Organization's Approach to Risk Management