Is enterprise risk management effective and is it adding the value to the organization that it can and should?
I wish more people were working to address these questions.
Several organizations survey practitioners and share the results in an effort to inform us of the ‘state of enterprise risk management’. Some, like the people at the ERM Initiative at North Carolina State (see their 2020 report) are independent organizations (although they are linked to the AICPA and COSO). Others, such as software company AuditBoard, have an interest in promoting their products and this may affect how they ask questions and consider the results.
The AuditBoard report (available at https://www.auditboard.com/blog/state-of-risk-management-report/) has a bit of a bias, evident in its title: The State of Risk Management: A Tipping Point for Digitization.
This is how they start Part I of their report:
Today’s risk leaders are confronted with obstacles ranging from a volatile risk environment to the operational and technical challenges found in their own risk functions and organizations.
My view is different. I would say this:
Today’s risk leaders are confronted with a disconnect between what they are doing and what business leaders need to make the intelligent decisions, both strategic and tactical, necessary for success….
