Worldwide Corporate Risk Oversight Needs Improvement – Report
Even though worldwide economic crisis has highlighted corporate risk, a large percentage of companies around the globe do not have strong risk oversight protocols, according to a joint research report by the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants.
In December 2009, the AICPA commissioned the ERM Initiative at North Carolina State University to survey members of the business, industry and government group. CPA executives from 331 U.S.-based organizations responded.
In July 2010, CIMA separately commissioned the Enterprise Risk Management Initiative to conduct a similar survey of its membership, with 264 respondents representing organizations based in all regions of the globe. Individuals responded to over 40 questions in online surveys.
The majority of those responding (61 percent of global respondents and 65 percent of U.S. respondents) had the title of chief financial officer or finance director. Global respondents’ organizations had median revenue of $100 million, whereas U.S. respondents’ organizations had median revenue of $50 million.
In a survey of U.S. CPA executives, 84 percent of respondents rated their companies’ risk oversight process as ranging from “very immature” to “moderately mature.” Sixty-one percent of global executives offered a similar assessment of their organizations’ enterprise risk management in a separate survey.
“While the report reveals that companies are more cognizant of risk, they are still falling significantly short in instituting risk management processes,” said Carol Scott, AICPA vice president – business, industry and government. “The financial crisis underscored the potential consequences for companies that have lax risk oversight.”
The report, Enterprise risk oversight: a global analysis, is the first in a series of global thought leadership research papers being developed by the AICPA and CIMA.
Forty-five percent of the U.S. respondents said their companies had no enterprise-wide risk management process in place and no plans for implementing one. This compares with 37 percent of the global respondents who reported the same situation in their organizations.
A majority of both of U.S. (60 percent) and of global (75 percent) respondents said the volume and complexity of risk are greater than they were five years ago. However, less than half of both groups (40 percent of U.S. and 47 percent of global respondents) described their organization as being “risk averse.”
Charles Tilley, chief executive of CIMA, said, “The report findings clearly show that organizations need to start putting processes in place to deal with the perceived increase in the complexity and volume of risk. As the events during the last few years show, companies can’t take a ‘head in the sand’ approach to risk management or simply hope for the best.”
More U.S. organizations (65 percent) formally assign the responsibility for risk oversight to the audit committee than do global organizations (57 percent).
Some of the difference is “likely attributable” to differences in board governance structures that exist around the world, according to the report.
The report shows that the United States falls behind the rest of the world in risk-management training. While two thirds (67 percent) of global respondents said there was minimal or no training in this area, 78 percent of U.S. executives surveyed offered the same response.
The AICPA offers its members in both business and public practice guidance and many papers on enterprise risk management so they can counsel their employers and clients on this increasingly critical function.