2022 Global State of Enterprise Risk Oversight
The volume, pace, and complexities of the ever-evolving array of risks are vast, and organizations that are well-prepared to manage that reality can benefit strategically by leaving those less prepared with disruptions to their core business and in some instances their demise. As the speed of change continues to increase, organizations with robust processes for identifying and managing emerging risks can leverage those risks into opportunities for strategic advantage, leaving competitors behind to be unexpectedly blindsided by risks as they occur.
Global Benchmarking of ERM Practices
To gain insights about the current state of risk management processes around the globe, we surveyed executives about how their organizations approach risk oversight. Our 2022 Global State of Enterprise Risk Oversight: Managing the Rapidly Evolving Risk Landscape report summarizes insights from 747 executives in organizations around the world and provides insights on the current state of enterprise-wide risk oversight, including identified similarities and differences in four regions around the globe:
- Europe & the UK
- Asia & Australasia
- Africa & the Middle East
- United States
State of ERM Around the Globe in 2022
Our analysis of the survey results high-light five overarching themes related to the state of ERM processes globally:
- Business leaders overwhelmingly perceive that the volume and complexities of risks they face are increasing extensively; however, most do not describe their risk management process as mature or robust.
- Most organizations struggle to integrate their risk management and strategic decision-making activities, leading to a perception that risk management does not provide competitive advantage.
- An organization’s overall culture may be limiting progress towards more value-added risk management.
- Needs for more advanced risk oversight are becoming obvious.
- Risk management practices may not be keeping pace with speed of risk emerging in today’s global environment.
Questions to Evaluate ERM Processes
The remainder of this report provides more detailed analyses of specific aspects of risk management practices that business leaders can use to identify potential opportunities for improvement. Business leaders may find it helpful to use these considerations to evaluate their organization’s preparedness for managing the rapidly evolving risk landscape. Key discussion items include:
- Is our organization’s approach to risk management providing robust risk insights useful for strategic decision making?
- To what extent has our leadership team been blindsided by unexpected risks that management failed to see in advance?
- Would most of our leadership team describe our approach to risk management as ad hoc and informal? How would the description vary if individual members of the board or senior management are asked to respond?
- Who among the management team would be viewed as the risk champion helping to advise and coach our leadership team in the oversight of risks on the horizon? Does a lack of risk leadership hinder our risk management effectiveness?
- To what extent does management’s identification of key risks tend to focus on already “known” or well-understood risks? To what extent is the risk management process helping management identify “unknown, but knowable” risks?
- Does senior management have consensus about what constitutes the top risks most important to our organization?
- How is our senior management team integrating risk perspectives into our strategic planning, budgeting, or capital allocation processes? Are top risks an important input to the strategic planning process? That is, does the strategic planning process evaluate the nature and extent of risks identified by the risk management process when evaluating strategic alternatives?
- How confident is senior management that the organization’s current responses to its top risks are in place and effective? Do we have a clear understanding of root causes of our top risks and are responses designed to help prevent root causes from emerging? For risks we cannot prevent, do we have responses in place to minimize the impact should the risk occur?
- To what extent does management’s information dashboard include risk metrics that help us monitor the potential escalation of risks over time?
- To what extent does our organization’s leadership encourage honest and transparent escalation of risk issues from middle management to senior management and the board of directors? How might training on risk management help key business leaders across the organization understand the importance of raising awareness of risk issues?
Original Article Source: “2022 Global State of Enterprise Risk Oversight: Managing the Rapidly Evolving Risk Landscape”, Mark S. Beasley and Bruce C. Branson, AICPA & CIMA and NC State University ERM Initiative, Fall 2022