The speed of innovation and the highly dynamic global business environment create tremendous opportunities for organizations as they pursue value. As business leaders manage the ever-changing economic, political, and technological landscape they face an exponentially increasing range of uncertainty that creates a highly complex portfolio of potential risks that, if unmanaged, can cripple an organization’s business model and brand.
A number of organizations are recognizing the value that a structured and explicit focus on emerging risks can bring to the leadership of an organization by arming it with richer insights about opportunities and challenges on the horizon. Many of them are strengthening organizational processes to identify, assess, manage, and monitor those risks most likely to impact – both positively and negatively – the entity’s strategic success. A number of these entities have embraced the concept of enterprise risk management (ERM) to help them strengthen their enterprise-wide risk oversight. While organizations have managed risks for decades, ERM is a process led from the top of the organization by its board and senior leaders that considers risks from a top-down, strategic perspective so that those risks can be managed proactively with an enterprise-wide lens which will make the organization more likely to achieve its core objectives.
To obtain an understanding of the current state of enterprise risk oversight among entities of all types and sizes, we have partnered over the past eight years with the American Institute of Certified Public Accountants’ (AICPA) Business, Industry, and Government Team to survey business leaders about a number of characteristics related to their current enterprise-wide risk management efforts. This is the eighth report that we have published summarizing our research in partnership with the AICPA. Data was collected during the fall of 2016 through an online survey instrument electronically sent to members of the AICPA’s Business and Industry group who serve in chief financial officer or equivalent senior executive positions. In total, we received 432 fully completed surveys. This report summarizes our findings and provides a resource for benchmarking an organization’s approach to risk oversight against current practices.
This year we observe that the maturity of enterprise-wide risk oversight processes remains relatively stable at levels consistent with the past few years with large organizations, public companies, and financial services organizations significantly more mature than other organizations in their enterprise-risk oversight processes. Most notably, organizations continue to struggle to integrate their risk oversight efforts with their strategic planning processes. We believe that significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks facing the entity especially as it relates to coordinating these efforts with strategic planning activities.
This report highlights some of the key findings from this research. The remainder of the report provides more detailed information about other key findings and related implications for risk oversight.