COSO commissioned the ERM Initiative at North Carolina State University to survey senior management executives about the current state of enterprise-wide risk oversight. This report summarizes key findings from the analysis of responses from 460 senior executives about key elements of how they oversee their organization’s most significant risks. Findings suggest that there is room for improvement in enterprise risk management processes across most organizations:
- The state of ERM is relatively immature for most organizations. Almost 60 percent of respondents admitting that their risk management processes are ad hoc and informal and almost half (42.4 percent) describing their organization’s level of functioning of ERM processes as “very immature” or “somewhat mature”.
- There is notable dissatisfaction with how organizations are currently overseeing enterprise-wide risks. About a third (35 percent) admit they are “Not at All” or are “Minimally” satisfied with the nature and extent of reporting to senior executives of key risk indicators.
- Just under half (44 percent) note there was either no or only minimal processes for indentifying and tracking risks.
- Boards of directors are placing greater expectations on management to strengthen risk oversight in the majority of organizations.
- COSO’s 2004 Enterprise Risk Management – Integrated Framework was the overwhelming choice as the basis for implementing ERM within the respondent’s organizations.
Listen to a 20 minute podcast highlighting key findings of this report.
Download the full report.