Exec Survey: Risk Management Weak

Thursday, July 6, 2017 @ 05:07 PM gHale


Executives view the world as increasingly risky, with many reporting a “significant operational surprise” over the past five years, a new study found.

On top of that, the majority of executives also report their organizations are not developing more robust risk management processes.

RELATED STORIES
ICS Firms Admit to Attacks: Report
Companies Held for Ransom: Report
Cost of a Security Incident
Old OSes Prevalent, Vulnerable to Breaches

“These findings are particularly timely, given the political, economic and social uncertainties that businesses are facing in the United States and abroad,” said Mark Beasley, co-author of a report on the survey results and director of the Enterprise Risk Management (ERM) Initiative at North Carolina State University.

The report, “2017 Global State of Enterprise Risk Oversight,” ended up released jointly by NC State’s Enterprise Risk Management (ERM) Initiative and the Association of International Certified Professional Accountants (AICPA) – the global accountancy body formed by members of and the Chartered Institute of Management Accountants.

The report is based on a survey of 586 chief financial officers and other senior executives of organizations in sectors from manufacturing to insurance to nonprofits. Results in the report are organized based on four geographic regions: Europe and the United Kingdom; Asia and Australasia; Africa and the Middle East; and the U.S.

Just about 60 percent of executives reported the volume and complexity of their risks have increased over the past five years, though there was some variability across regions. 61 percent of executives in Europe and the U.K. reported an increase, 55 percent in Asia/Australasia, 76 percent in Africa/Middle East, and 59 percent in the U.S.

There was significantly more variability across regions in reporting “significant operational surprises” over the past five years: 53 percent in Europe, 46 percent in Asia, 71 percent in Africa, and 32 percent in the U.S.

“The increase in risks, and the operational surprises, are tied to the dynamic global business environment,” Beasley said. “For example, Europe and the U.K. have seen issues ranging from the Brexit vote to immigration challenges, while Africa and the Middle East have dealt with a wide variety of challenges, such as disruptions caused by the ongoing war in Syria and conflicts with ISIS. The U.S. has been comparatively stable, but we seem to have entered a period of domestic political uncertainty – which is not reflected in the survey – and of course issues abroad can have significant effects on U.S. organizations.”

Given these widespread surprises and perceived increase in risks, one might think executives are embracing ERM processes to better protect their organizations. But the survey found the level of risk management oversight is relatively immature.

“ERM is essentially an approach in which executive leadership looks at all of the potential risks an organization may face and develops plans to address those risks from the top down,” Beasley said.

“All organizations engage in risk management, but conventional risk management is done in silos, whereas the ERM approach allows for a holistic overview of risks across silos,” Beasley said. “In other words, it helps executives identify risks that span multiple silos, or that fall into blind spots that an organization might otherwise miss.”

However, few executives said their organizations had put thorough ERM processes in place. For example, while 53 percent of executives in Europe reported increasing risks, only 21 percent reported having complete ERM processes in place. And only 24 percent of executives in the Africa region reported complete ERM processes, with the number rising to 26 percent in the U.S. and 30 percent in the Asia region.

In addition, 80 percent of executives surveyed reported their organizations don’t conduct any formal risk management training for their executives.

“We’re seeing a major disconnect between how organizations perceive their challenges and how they are responding to them,” Beasley said.

“However, we also found that boards of directors, especially outside the U.S., are calling for executives to be more proactive about addressing potential risks,” Beasley said.

Specifically, the survey asked executives whether their boards of directors were asking for “increased senior executive involvement in risk oversight.” 56 percent of executives in Europe said yes, with the number rising to 59 percent in the Africa region and 70 percent in the Asia region. But only 38 percent of survey respondents in the U.S. reported the same pressure.

“In short, we found that there was no part of the world where a majority of organizations are doing all they can do to address risk – but the U.S. appears to be lagging more than most,” Beasley said. “And that could have consequences for our global competitiveness in the long term.”



2 Responses to “Exec Survey: Risk Management Weak”

  1. […] Read the full story about this latest ERM report in Industrial Safety and Security Source (ISS Source). […]

  2. […] Risk Management Weak: Mark Beasley Comments on Latest ERM Report […]


Leave a Reply

You must be logged in to post a comment.