Risks are up, and confidence in the ability to manage them is wavering.
More than two-thirds of finance leaders believe that the risks affecting their organisation are increasing in volume and complexity, yet their organisation’s approach to risk management is struggling to keep pace, according to a new global report.
The 2023 Global State of Risk Oversight: Managing the Rapidly Evolving Risk Landscape, released by AICPA & CIMA, together as the Association of International Certified Professional Accountants, and North Carolina State University’s Enterprise Risk Management (ERM) Initiative, includes insights from a survey of 983 executives around the world. In the report, 68% of respondents perceive that the volume and complexity of risks affecting their organisation increased “mostly” to “extensively” over the past five years. However, just 31% describe their organisation’s risk oversight practices as “mature” or “robust.”
Moreover, only about one-third of organisations have “complete ERM processes in place,” and 18% of finance leaders said that “executives do not see the benefits of ERM outweighing the costs or there are too many other pressing needs”, the report said.
“Globally, the business environment is loaded with uncertainties that can generate risks at any point and in a variety of forms,” said Mark Beasley, CPA, Alan T. Dickson Distinguished Professor of Accounting and director of the ERM Initiative at North Carolina State. “Organisations face the realities of an increasingly complex risk environment while realising their current approach to risk oversight may be insufficient in a rapidly changing risk environment.
“Failure to rethink and redesign how the organisation is managing risks means risk management practices embraced decades ago are the ones still being used in today’s incredibly complex, fast-changing environment. And that’s a recipe for disaster.”
Beasley, who also oversees a US-specific risk report, spoke earlier this year on an episode of the Journal of Accountancy podcast about the disconnect between the volume of risks and the state of risk management.
Other key findings from the global report include:
- Most executives don’t believe their organisation’s risk oversight provides a competitive advantage. Only 16% of respondents said their organisation’s risk management process is “mostly” to “extensively” providing a competitive advantage.
- Organisations are more likely to have a management-level risk committee than an individual to serve as the chief risk officer. In Europe and the UK, for example, 57% of respondents said their organisation has a risk committee, while only 43% have a designated risk officer.
- Only about one-fifth of organisations around the word include significant risk management incentives in their compensation plans — 20% in Europe and the UK and 14% in the US.
Additionally, more than half of the respondents said their organisation their organisation has experienced a major, unexpected risk event in the past five years. According to the report, such an event suggests a potential breakdown in the organisation’s risk management processes.
“An ERM program is not only a value preservation mechanism but a potential strategic value-generating asset that drives decision-making around opportunity identification and creates a competitive advantage while addressing the under-investment in risk oversight,” Ash Noah, CPA, FCMA, CGMA, managing director—Management Accounting and ESG for AICPA & CIMA, said in the news release. “Business leaders that embrace the reality that risk and return are related are likely to increase their investment in enterprise risk oversight to strengthen their organisation’s resiliency and agility when navigating the increasingly complex and uncertain risk landscape.”
— To comment on this article or to suggest an idea for another article, contact Kevin Brewer at Kevin.Brewer@aicpa-cima.com.