Room for improvement in corporate risk oversight globally

The worldwide economic crisis has put a spotlight on corporate risk, but a large percentage of companies around the globe do not have strong risk oversight protocols, according to a joint research report by CIMA (the Chartered Institute of Management Accountants) and the AICPA (the American Institute of Certified Public Accountants).

The organisations undertook the study to examine the current maturity of enterprise risk management, defined as the strategic, financial, operational and compliance protocols, in organisations around the globe.

In a survey of US CPA executives, 84% of respondents rated their company’s risk oversight process as ranging from ‘very immature’ to ‘moderately mature’. 61% of global executives offered a similar assessment of their organisation’s enterprise risk management in a separate survey.

“While the report reveals that companies are more cognisant of risk, they are still falling significantly short in instituting risk management processes,” said Carol Scott, AICPA vice president for business, industry and government. “The financial crisis underscored the potential consequences for companies that have lax risk oversight.”

The report, Enterprise risk oversight: a global analysis, is the first in a series of global thought leadership research papers being developed by the AICPA and CIMA.

45% of the US respondents said their companies had no enterprise-wide risk management process in place and no plans for implementing one. This compares with 37% of the global respondents who reported the same situation in their organisations.

A majority of both of US (60%) and of global (75%) respondents said the volume and complexity of risk are greater than they were five years ago. However, less than half of both groups (40% of US and 47% of global respondents) described their organisation as being ‘risk averse’.

Charles Tilley, Chief Executive of CIMA, said, “The report findings clearly show that organisations need to start putting processes in place to deal with the perceived increase in the complexity and volume of risk. As the events during the last few years show, companies can’t take a ‘head in the sand’ approach to risk management or simply hope for the best.”

More US organisations (65%) formally assign the responsibility for risk oversight to the audit committee than do global organisations (57%). Some of the difference is ‘likely attributable’ to differences in board governance structures that exist around the world, according to the report.

The report shows that the United States falls behind the rest of the world in risk management training. While two thirds (67%) of global respondents said there was minimal or no training in this area, 78% of US executives surveyed offered the same response.

To view a copy of the report and for more information on CIMA’s work in enterprise risk management, visit http://www.cimaglobal.com/enterpriserisk.