New report from the AICPA and North Carolina State University compares senior executives’ perceptions of risk over the last decade and reveals an uptick in adoption of enterprise risk management (ERM) practices in organizations
• 59% of CFOs say the volume and complexity of risks are rising
• 69% of organizations don’t have complete ERM practices in place
• Adoption of ERM has increased 22-percentage points over the last decade
• Demand for Chief Risk Officers has more than doubled over the last 10 years
NEW YORK – Nearly half of US CFOs say managing their organization’s talent needs is one of their top concerns, according to a new report released today by the American Institute of CPAs (AICPA) and North Carolina State University’s Enterprise Risk Management (ERM) Initiative.
The State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes insights from 445 US CFOs and senior finance leaders on their level of concern about a number of potential risks and their organization’s proactive management of these risks through adoption of enterprise risk management (ERM) processes.
According to the report, 48% of CFOs said they are “mostly” or “extensively” concerned about the organization’s ability to manage leadership and talent needs. Other potential risks cited include: the impact of the economy (42%), innovations disrupting the organization’s business model (40%), shifts in consumer and social demographics (34%) and social media harming the organization’s reputation and brand (30%).
Most (59%) senior finance leaders also agreed that the volume and complexity of corporate risks have changed “mostly” or “extensively” over the last five years. Despite this, a majority (69%) said their organizations do not have complete ERM process in place, and less than a quarter (23%) would rate their organization’s overall risk management oversight as “mature” or “robust.” The report did find indication, however, that adoption of ERM processes in the US is on the rise. Over the last decade, the number of organizations that claim to have complete ERM processes in place has increased 22 percentage points, from 9% to 31%.
“While most executives perceive that uncertainties in the business environment are leading to more complex risk challenges for their organizations, few executives describe their organization’s approach to risk management as mature or robust,” said Mark Beasley, CPA, professor of enterprise risk management and accounting, and director of NC State’s ERM Initiative. “That may be changing, given the majority of organizations have external stakeholders and boards of directors who are calling for more extensive management involvement in risk oversight.”
“In this environment of unprecedented levels of risk, CFOs must take the lead and guide their organizations to approach, evaluate and mitigate risk in a very systematic way,” said Ash Noah, CPA, CGMA, managing director of CGMA Learning, Education and Development at the Association of International Certified Professional Accountants (the Association), the united voice of the AICPA and the Chartered Institute of Management Accountants (CIMA). “ERM provides organizations with a way to create and maximize value for their shareholders and stakeholders, ensuring the long-term viability of the business.”
Other key findings from the survey include:
- There is a growing demand for Chief Risk Officers (CROs). The percentage of organizations that have formally designated individuals serving as CROs has more than doubled since 2009, from 18% to 50%.
- Management wants a greater focus on risk. Over the last decade, the number of organizations with management-level risk committees has increased 43 percent points, from 22% to 65%.
- There is a disconnect between risk and strategy. Less than 20% of organizations view their risk management processes as providing important strategic advantage, and only 26% say their boards of directors discuss risk exposures when they discuss the organization’s strategic plan.
The survey also asked respondents to share perceived barriers to implementing enterprise-wide risk management processes in their organizations. Reasons cited include: believing risk was monitored in other ways besides for ERM (51%), competing priorities (49%) and insufficient resources (46%).
The State of Risk Oversight: An Overview of Enterprise Risk Management Practices includes data collected during the fall of 2018 through an online survey sent to members of the AICPA’s Business and Industry group who serve in chief financial officer or equivalent senior executive positions. In total, 445 fully completed surveys were submitted.
About the American Institute of CPAs
The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 431,000 members in 137 countries and territories, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for its members and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, offers specialized credentials, builds the pipeline of future talent and drives professional competency development to advance the vitality, relevance and quality of the profession.
Media representatives are invited to visit the AICPA Press Center at www.aicpa.org/press.
About the Association of International Certified Professional Accountants
The Association of International Certified Professional Accountants (the Association) is the most influential body of professional accountants, combining the strengths of the American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA) to power opportunity, trust and prosperity for people, businesses and economies worldwide. It represents 667,000 members and students in public and management accounting and advocates for the public interest and business sustainability on current and emerging issues. With broad reach, rigor and resources, the Association advances the reputation, employability and quality of CPAs, CGMA designation holders and accounting and finance professionals globally.
About North Carolina State University’s Enterprise Risk Management (ERM) Initiative
The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques (www.erm.ncsu.edu).