The worldwide economic crisis has put a spotlight on corporate risk, but a large percentage of companies around the globe do not have strong risk oversight protocols, according to a joint research report by the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants.
The organizations undertook the study to examine the current maturity of enterprise risk management – defined as the strategic, financial, operational, and compliance protocols – in organizations around the globe.
In a survey of U.S. CPA executives, 84 percent of respondents rated their companies’ risk oversight process as ranging from very immature to moderately mature. Sixty-one percent of global executives offered a similar assessment of their organizations’ enterprise risk management in a separate survey.
“While the report reveals that companies are more cognizant of risk, they are still falling significantly short in instituting risk management processes,” said Carol Scott, AICPA vice president of business, industry and government. “The financial crisis underscored the potential consequences for companies that have lax risk oversight.”
The report,Enterprise risk oversight: a global analysis, is the first in a series of global thought leadership research papers being developed by the AICPA and CIMA.
Forty-five percent of the U.S. respondents said their companies had no enterprise-wide risk management process in place and no plans for implementing one. This compares with 37 percent of the global respondents who reported the same situation in their organizations.
A majority of both of U.S. (60 percent) and of global (75 percent) respondents said the volume and complexity of risk are greater than they were five years ago. However, less than half of both groups (40 percent of U.S. and 47 percent of global respondents) described their organization as being risk averse.
Charles Tilley, chief executive of CIMA, said, “The report findings clearly show that organizations need to start putting processes in place to deal with the perceived increase in the complexity and volume of risk. As the events during the last few years show, companies can’t take a head-in-the-sand approach to risk management or simply hope for the best.”
More U.S. organizations (65 percent) formally assign the responsibility for risk oversight to the audit committee than do global organizations (57 percent). Some of the difference is “likely attributable” to differences in board governance structures that exist around the world, according to the report.
The report shows that the U.S. falls behind the rest of the world in risk-management training. While two thirds (67 percent) of global respondents said there was minimal or no training in this area, 78 percent of U.S. executives surveyed offered the same response.
The AICPA offers its members in both business and public practice guidance and many papers on enterprise risk management so they can counsel their employers and clients on this increasingly critical function. The Committee of Sponsoring Organizations, of which the AICPA is a co-founder, developed a series of guides on enterprise risk management, which are available for order at http://www.coso.org/guidance.htm.