Study Finds ‘Disconnect' Between Risk Control, Investment in Risk Oversight

Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...

By Yin Wilczek

Feb. 18 — While the global marketplace continues to evolve rapidly, few organizations—even the largest public companies—have in place complete or robust enterprise risk management (ERM) processes, a recent survey finds.

It also noted that organizations are facing increasing pressure from external sources—most notably regulators—to be more transparent about the risks impacting their businesses.

Importantly, organizations continue to struggle with integrating their risk oversight with strategy development and execution, states the study, conducted by North Carolina State University on behalf of the American Institute of Certified Public Accountants (AICPA).

The study, “2015 Report on the Current State of Enterprise Risk Oversight,” was released Feb. 11. It is the sixth annual study on trends in organizations' risk management processes. It polled chief financial officers and equivalent senior executives from AICPA members in fall 2014 and received 1,093 responses from a broad range of industries.

Complete or Robust ERM Processes 

According to the survey, only 25 percent of respondents believe they have a complete ERM process in place, and only 23 percent of the respondents described their ERM processes as “mature” or “robust.”

Meanwhile, 65 percent of the respondents said they experienced “somewhat” to “extensive” pressure from external parties, including investors, rating agencies and regulators, to provide more information about the risks affecting their businesses. The findings were even starker for financial services organizations, with 79 percent saying they experienced “somewhat” to “extensive” pressure from outside parties—notably regulators—to be more transparent about their risk exposures.

In comparison, only 58 percent of respondents in the 2013 survey said they faced risk transparency pressures.

As to strategic planning, less than half of the respondents—48 percent—said risk exposures are considered when evaluating new strategic opportunities. In addition, only 27 percent of the respondents said their boards reviewed the top risk exposures facing their organizations when discussing strategic plans.

Among other takeaways, the study suggested that there may be a “disconnect” between risk recognition in today's uncertain environment and organizations' decision to invest more in risk oversight. It also noted that while executives say they are receiving more calls for them to be involved in risk oversight, this has not resulted in significant year-on-year change in risk management approaches.

Looking ahead, the study said the “challenge question” for boards, senior executives and key stakeholders is: “how confident are we in our organization’s ability to effectively identify and navigate the unfolding uncertainties surrounding our current business model and new strategic initiatives?”

To contact the reporter on this story: Yin Wilczek in Washington at

To contact the editor responsible for this story: Ryan Tuck at

The survey is available at