Report reveals risk management processes at US companies are not keeping pace with growing risks – Poole College of Management | Region & Cash

Media contact:
Maria Potepalova
NC State University

Allison Carter Fanney

NEW YORK (July 12, 2022) – A new report released today by the American Institute of CPAs (AICPA) and North Carolina State University’s Enterprise Risk Management (ERM) Initiative found that 65 percent of senior finance leaders agree the volume and complexity of enterprise risk is increasing “mostly” or “mostly” changed. extensively” in the last five years. Rapidly changing events including the war in Ukraine, the ongoing talent crisis, rising inflation, ongoing supply chain disruptions, ransomware threats and a host of other risk triggers are creating significant disruptions that impact an organization’s business model. Despite this complexity of risk, only a third (33 percent) say their organizations have full ERM processes in place, and just over a quarter (29 percent) rate their organization’s overall risk management oversight as “mature” or “robust.” .

The 2022 State of Risk Oversight: An overview of enterprise risk management practices includes insights from a winter 2022 survey of 560 US CFOs and senior finance leaders. The survey measured finance executives’ perceptions of the maturity of their organization’s proactive management of these risks through the adoption of enterprise risk management (ERM) processes.

“Our study found that few executives view their risk management processes as a key strategic asset,” said Mark Beasley, KPMG professor of accounting and director of the ERM initiative at NC State. “This is despite the reality that risk and return are intertwined – companies must take risk to pursue strategic goals. We hope that the ongoing uncertainties and rapidly changing business environment will persuade more executives of the strategic importance of having comprehensive insights into the risks facing the business when making important strategic decisions.”

The report found evidence that the acceptance of ERM processes in the US is increasing. Over the past 13 years, the percentage of organizations that say they have complete ERM processes has increased 24 points from 9 percent to 33 percent, but that still suggests the majority of organizations don’t. With continued experience in managing the multitude of risks that have emerged in recent years, more organizations will likely want to focus their efforts on strengthening their organization’s approach to managing the interconnectedness of risk with their business models.

“While predictable and unpredictable global disruptions continue to create and exacerbate new and persistent risk triggers, this study reinforces the need to expand enterprise risk management in the list of priorities for CFOs,” he said Ash Noah, CPA, CGMA, Vice President & Managing Director Learning Education & Development at the Association of International Certified Professional Accountants. “Value in the business today is much more than the balance sheet and in addition to protecting the business, the adoption of ERM supports the creation of value and long-term profitability, especially at a time when businesses need to keep a close eye on ESG risks and sustainability of the company.”

Other key findings from the report include:

  • Most executives do not believe that their organization’s risk management processes provide a strategic advantage (63 percent report no or minimal benefit), with less than half (45 percent) positioning risk management to accurately identify emerging strategic risks.
  • A majority of boards call for more executive involvement in risk oversight, with three-quarters (74%) signaling there will be significant changes to their existing business continuity and crisis management plans.

The report not only provides rich data points on the state of risk oversight practices that organizations can use to benchmark their efforts, but also provides a list of questions that executives and boards can use to assess their organization’s risk appetite and the tactical next steps to strengthen it define risk management processes. The questions cover nine areas, including:

  • Drivers for improved risk management
  • Overall state of risk management maturity
  • Strategic value of risk management
  • Impact of culture on risk management
  • Assignment of the leadership of risk management
  • Processes for risk identification and risk assessment
  • risk monitoring processes
  • Risk Oversight Structure of the Board
  • Reporting and monitoring by the board of directors

The report also includes a series of calls to action to help executives and boards identify actions they can take to increase the strategic value of their risk oversight. The full report can be found on both the AICPA and NC State websites.

The ERM Initiative has a variety of tools and resources to help leaders through their searchable ERM library and offers a range of leadership learning opportunities and events.


The 2022 State of Risk Oversight: An overview of enterprise risk management practices includes data collected during the winter of 2022 through an online survey sent to members of the AICPA’s Business and Industry Group who hold Chief Financial Officer or equivalent senior positions. A total of 560 fully completed surveys were submitted.

Through the Association of International Certified Professional Accountants and AICPA & CIMA

The Association of International Certified Professional Accountants® (the association) representing the AICPA® & CIMA®, advances the global business and finance profession through its work on behalf of 689,000 AICPA and CIMA members, students and dedicated professionals in 196 countries and territories. Together, we are global leaders in public and corporate accounting through advocacy, support for the CPA license and specialized Certificates, professional education and thought leadership. We build trust by equipping our members and committed professionals with the knowledge and opportunities to be leaders in expanding prosperity for a more inclusive, sustainable and resilient future.

The American Institute of CPAs® (AICPA), the world’s largest membership association representing the CPA profession, sets ethical standards for its members and US auditing standards for not-for-profit private companies organizations, as well as federal, state and local governments. It also develops and grades the Uniform CPA exam and builds the pipeline of future talent for the public accounting profession.

The Chartered Institute of Management Accountants® (CIMA) is the world’s leading and largest professional association of management accountants. Working closely with employers, CIMA sponsors cutting-edge research and continually updates its professional qualification and work experience requirements to ensure it remains the employer’s choice when hiring financially educated executives.

About the NC States Enterprise Risk Management (ERM) initiative

The Enterprise Risk Management (ERM) initiative at North Carolina State University’s Poole College of Management provides thought leadership on ERM practices and their integration into strategy and business leadership. ERM Initiative faculty often work with boards of directors and senior management teams to help them link ERM to strategy and governance, host workshops and training sessions for executives, and publish research and thought papers on practical approaches to implementing more effective risk monitoring techniques (www .


Leave a Comment