2024 The State of Risk Oversight: An Overview of Enterprise Risk Management Practices – 15th Edition
Each year, the ERM Initiative at NC State University, in partnership with the AICPA, conducts research about the current state of risk oversight processes in organizations of all types and sizes.
This 15th edition of The State of Risk Oversight: An Overview of Enterprise Risk Management Practices reflects insights from 377 respondent about the relative maturity of underlying activities executives and boards use to monitor the rapidly changing risk landscape.
Key Area of Focus
Our 15th annual report explores insights about questions spanning these 10 key areas of risk oversight practices:
Key Area of Focus | Key Questions Explored | |
---|---|---|
1. | Risk Environment | How do executives view the state of risk in the business environment today? |
2. | Maturity of Risk Management Practices | What is the maturity of risk management practices among organizations today? |
3. | Strategic Value of Risk Management | To what extent are risk management practices providing insights for strategic advantage? |
4. | Processes to Identify Risks | When and how are entities identifying risks to their organizations? |
5. | Techniques to Prioritize and Monitor Risks | How do organizations prioritize risks that are most important to the organization’s future and monitor those risks over time? |
6. | Approaches to Communicating Risk Insights | How are insights about enterprise-wide risks communicated to executive leadership and the board of directors? |
7. | Chief Risk Officers and Management-level Risk Committees | To what extent are organizations appointing individuals to lead the risk management process, including both chief risk officers and management-level risk committees? |
8. | Board Oversight of Risks | What are boards of directors doing to fulfill their risk governance responsibilities? |
9. | Expectations fo Enhanced Risk Management | To what extent are expectations for more robust enterprise risk management processes changing? |
10. | Barriers Limiting Risk Management Maturity | What barriers might be limiting an organization’s progress towards more strategic risk management? |
Key Findings
The report provides detailed insights about over 40 specific dimensions of risk oversight practices. Key themes emerging from this year’s study include the following:
- Increasing Risk Complexity: Executives perceive the overall volume of risks in the business environment to be complex and increasing.
- Risk Management Maturity Not Keeping Pace with Reality: While organizations have advanced the maturity of their risk management processes, the progress that has been made is relatively slow with most respondents indicating their risk management processes are not yet mature or robust.
- Disconnect Exists Between Risk Management and Strategy: Organizations continue to struggle to connect their risk management efforts with their strategic planning processes, with only a small percentage of respondents indicating their risk management processes provide significant strategic advantage.
- Focus on Emerging Strategic Risk Receives Lowest Priority: Most organizations engage in formal risk identification processes on an annual basis, focusing on operational, compliance and financial risk issues with emerging strategic market risks given the least attention.
- Scales Used to Rank Risks: Scales are generally provided to guide executives in their assessment of a risk’s likelihood and impact.
- Dashboards Lack Robust Key Risk Indicators: While management dashboards highlight key performance indicators, most dashboards do not have robust sets of key risk indicators to monitor changes in risk conditions.
- Management-Level Risk Committees More Common: Over the past 15 years, the percentages of organizations appointing an individual to serve as a chief risk officer or creating a management-level risk committee have steadily increased, with most risk committees meeting monthly or quarterly.
- Most Boards Delegate Risk Oversight: Most boards are delegating their risk oversight responsibilities to a subcommittee of the board, which is typically the audit committee except for financial services organizations that delegate to risk committees of the board.
- Expectations for Enhanced Risk Management Increasing: Pressure from the board and external parties continues to be placed on senior executives to increase their involvement in risk oversight activities.
- Cultural Barriers Limit Progress: Despite progress in advancing risk management activities over time, barriers continue to exist within organizations that limit such progress.
Suggested Discussion Questions for Board and Management Dialogues
In each of the 10 Key Focus Areas examined, the report includes a number of suggested topics that leaders can use to prompt discussion among management and the board about their organization’s risk management process. In total there are 50 suggested discussion items for executives can use to engage in productive dialogue to evaluate opportunities for risk management enhancements.
Discussion Items Examples: #1 Risk Environment and #2 Maturity of Risk Management Practices
This report highlights the state of risk oversight practices in 377 organizations. We believe readers can use this report to identify a number of factors to be considered as they seek to enhance their ERM approaches to managing the ever-changing nature of risks in the global business environment.
You can access all of the prior years’ reports by clicking on the links below.
- 14th Edition
- 13th Edition
- 12th Edition
- 11th Edition
- 10th Edition
- 9th Edition
- 8th Edition
- 7th Edition
- 6th Edition
- 5th Edition
- 4th Edition
- 3rd Edition
- 2nd Edition
- 1st Edition
If your organization seeks additional training on the topic of ERM, the ERM Initiative hosts executive education and ERM Roundtable Summits featuring ERM best practices. Learn more.
Want more?
Subscribe to ERM Insights. We’ll deliver directly to you inbox the latest research, insights and opportunities from the NC State ERM Initiative to help you and your organization lead with confidence.
Original Article Source: “2024 State of Risk Oversight Report“, Mark S. Beasley and Bruce C. Branson, AICPA and NC State University ERM Initiative, July 2024