An ERM survey that someone sent me yesterday is a little disconcerting. While there's a lot of focus on ERM lately, and I've seen more than a few surveys, this one gives the impression that some companies are winging it when it comes to their ERM programs.
The survey, "Report on the Current State of Enterprise Risk Oversight" from the ERM Initiative at N.C. State University, conducted on behalf of the American Institute of CPAs, studied more than 700 entities to determine their risk oversight process.
The list of key findings starts off okay, with more than 50 percent believing their risk culture is "strongly risk averse" or "risk averse." But then we discover that 44 percent of the respondents have no enterprise-wide risk management process in place and what's more, no plans to implement one.
And it goes on: 43 percent don't have their business functions establishing or updating assessments of risk exposure on any formal basis—and, more than 75 percent said their key risks are being communicated on an "ad hoc" basis at management meetings.
Not surprisingly, almost half (47 percent) said they are "not at all satisfied" or are "minimally" satisfied with the nature and extent of reporting of key risk indicators to senior executives regarding top risk exposures.
Scary? You bet. With all the emphasis on effective enterprise-wide risk management, and with the mounting issues facing organizations every day, from natural disasters to financial disasters to pandemics—and let's not forget supply chain breaks—risks are everywhere and cannot be taken lightly.
Something has to give, because the survey also found that nearly half the boards of the organizations surveyed are asking senior executives to increase their involvement in risk oversight. The board's involvement in risk, however, is being channeled through their audit committee—12 percent of which are asking directors to increase their oversight of risk "a great deal," and 46 percent asking for "extensive" oversight.
Risk managers have been challenged over and over to step up and be heard by their C-suite and board of directors. By the looks of this, that isn't happening in many cases. And if they are speaking up, they aren't being heard.
Incoming president of the Public Risk Management Association, Ron Hayes, said it well. He advised risk managers to speak up, but at the same time, to make sure they have something to say. He advised them to study the issues before speaking to upper management and at the same time, to work on getting more education and designations. Staying involved with the associations—which have excellent resources—is also advised.
This is good advice for all risk professionals, both corporate and those serving public entities.
From the looks of it, time's a-wasting. Doors are currently open to risk managers, even if only a crack, but they should take advantage of any opportunities—and if necessary, create those opportunities.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
