The 2022 Global State of Enterprise Risk Oversight, 5th edition, a joint commission with North Carolina State University and AICPA & CIMA, reports on the ever-evolving status of risk management globally.
This report includes insights about the current state of risk management processes based on insights from 747 executives in organizations around the world and provides insights on the current state of enterprise wide risk oversight, including identified similarities and differences in four separate geographic regions.
Five overarching themes emerge from the report:
Business leaders overwhelmingly perceive that the volume and complexities of risks they face are increasing extensively; however, most do not describe their risk management process as mature or robust.
- The volume and complexity of risks is increasing in all regions of the world with most organizations experiencing unexpected operational surprises.
- For most regions of the world, only about one-third of organizations have complete ERM processes in place. Organizations in Asia and Australasia are most likely to have ERM in place relative to other regions.
Most organizations struggle to integrate their risk management and strategic decision making activities, leading to a perception that risk management does not provide competitive advantage.
- For many organizations, their risk oversight and strategic planning efforts appear to be separate and distinct activities.
- Fewer than half believe their risk management process provides important strategic advantages, and that percentage is noticeably lower for organizations in Europe & the UK and the US.
- Only about one-half of organizations believe their risk management processes are focused on emerging strategic, market, or industry risks.
An organization’s overall culture may be limiting progress towards more value-added risk management.
- There are a number of potential barriers within organizations that limit progress towards enhancing risk management processes.
- Most organizations do not include explicit risk management responsibilities in performance compensation plans.
- Fewer than one-third of organizations have provided formal training and guidance on risk management.
Needs for more advanced risk oversight are becoming obvious.
- Less than half of most organizations have regular and robust reporting of top risks to the board on an ongoing basis.
- Organizations acknowledge the need to strengthen their business continuity planning processes, particularly those in Asia & Australasia and Africa & the Middle East.
- Calls for enhanced risk oversight are equally strong between boards and CEOs/Presidents, and those requests are occurring even when outside pressures from regulators are not as strong.
Risk management practices may not be keeping pace with speed of risk emerging in today’s global environment.
- About one-half of organizations (outside Europe & the UK) have appointed a senior executive to lead the risk management process; just over one-third of organizations in Europe & the UK have done so.
- Fewer than one-half of organizations maintain risk inventories at an enterprise level.