A Damning New Report on the State of Risk Oversight Before COVID19
Reprinted from Britten Coyne Partners Strategic Risk Blog
The AICPA and the Poole College of Management at North Carolina State University have just released their 2020 “State of Risk Oversight” report, based on data collected from over 500 organizations in the fall of 2019.
It paints a damning picture of the situation that prevailed just before the arrival of the COVID19 pandemic.
Here are some of the report’s key findings:
- “Most respondents believe the volume and complexity of risks is increasing extensively over time.”
- “Respondents noted that a number of external parties were pressuring senior executives for more extensive information about risks.”
- “Strong risk management processes are becoming an expected best practice.”
- “Few executives described their organization’s risk management process as mature.”
- “Only about half of respondent organizations engage in formal risk identification and risk assessment processes.”
- “The process used to generate risk reports to the board is often ad hoc.”
- “Only 24% of the organizations’ board of directors substantively discuss top risk exposures in a formal manner when they discuss the organization’s strategic plan.”
- “Most boards of large organizations (84%) or public companies (91%) discuss written reports about top risks at least annually; however, just 60% of those describe the underlying risk management process as systematic or repeatable.”
- “Less than 20% of organizations view their risk management process as providing important strategic advantage.”
- “Many executive teams and boards of directors are now realizing the implications of being ill-prepared to manage the multitude of enterprise-wide risks triggered by such a large scale root cause event of the magnitude of the evolving COVID-19 crisis.”