The American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA) just released a study about the current state of enterprise risk oversight at major corporations across the globe. The findings in the study that was conducted independently by North Carolina State University demonstrate the disparity in progress made by U.S. based companies versus the rest of the world. The following are a few of the more telling results.
- 84% of U.S. respondents assessed their risk oversight processes as ranging from very immature to only moderately mature. In contrast, 61% of the global respondents assessed their risk oversight as falling in those ranges. Only 1.5% of U.S. respondents and 8.2% of global respondents assessed their risk management oversights as ‘very mature/robust.’
- There seems to be a noticeable difference in the extent that top risk exposures facing the organisation are formally discussed when the board of directors discusses the organisation’s strategic plan. Over 60% of global respondents indicated that the extent of discussion about top risk exposures facing the organisation was extensive to ‘a great deal.’ In contrast, only 39% of U.S. respondents rated the level of discussion to that extent.
- 46% of global respondents describe their risk oversight process as systematic, robust, and repeatable in contrast to 11% of U.S. respondents who believe they have a complete enterprise-wide risk management process in place.
- Most organisations have not formally designated an individual to serve as chief risk officer or equivalent, although global respondents indicated a higher occurrence (31%) in contrast to U.S. respondents (23%).
- 50% of global respondents and just under one-third of U.S. respondents indicate that their boards of directors are increasing ‘extensively’ or ‘a great deal’ their focus on risk management activities and processes.
Based on these results, it is apparent that U.S. companies are lagging behind the rest of the world when it comes to risk oversight. In order to successfully compete on the global stage, U.S. companies must begin to narrow the gap with increased investment in enterprise risk management programs. Otherwise, a significant competitive advantage to manage risks in an increasingly complex world will be ceded to others.