Are Leaders Flying Blind on Risk?

News

1. Hero MotoCorp names Chitale as CEO

2. Mistral AI Raises €1.7B in Series C Funding Led by ASML

3. Databricks Surpasses $4B Revenue Run-Rate, Hits $100B Valuation with $1B Series K

4. Worldline, Mypinpad Tie Up to Make Smartphones the New PoS in South Asia

5. Enterprises Eye Agentic AI But Trust Issues Remain, GlobalData Says

6. Vikram-32 Debut Underscores India’s Push From Chip Importer to Innovator

At a time of high uncertainty and volatility, enterprise risk management (ERM) is a set of best practices that promises organizations the visibility needed to keep business plans on track. Ideally, when leaders have a holistic view of risks across the organization, they are better able to weigh the potential costs and benefits of their strategic options. However, a survey conducted by Baker Tilly and the Internal Audit Foundation earlier this year reveals that for more than 4 in 10 businesses that have implemented ERM, the resulting insights aren’t informing strategic decision-making.

Just 49% of the 567 corporate risk professionals surveyed agreed that risk awareness now resonates across the organization. That indicates that ERM practice has far to go if it is to meet the goal of managing risk across the entire enterprise. While 57% of respondents agreed that risk insights and/or capacities are used to guide decisions on business expansion and/or process optimization, that leaves a large minority failing to reap the full benefits of ERM.

Timeliness of ERM assessments is also an issue. About 1 in 4 respondents said their organization had not conducted an enterprisewide risk assessment in the past three years. A lack of resources and personnel, and a lack of leadership support, were identified as the top causes of the delay. In their report on the survey, the researchers point out that “considering the extraordinary level of disruption and risk volatility since 2020…a single risk assessment in three years would be insufficient for most organizations.” Of those that have assessed enterprisewide risk in the past three years, most (67%) have done so annually. Still, only a quarter of those doing annual assessments align them with the business cycle — which means that strategic planners may not have the freshest perspective on risks as they set priorities for the coming year.

How can more organizations get on a good track to mature ERM practice? The researchers advise greater communication and collaboration, as well as role clarity. That means having representatives from key risk functions meet at least quarterly, and adding specialized committees for key risk areas like cybersecurity. Companies should also provide annual risk training to direct stakeholders in the ERM process, if not to all employees, to ensure that risk factors are widely understood.