Improving enterprise risk management: 5 steps to success

By Bryan Strickland

July 23, 2024

September 10, 2025

5 essential tactics of future-ready firms

September 10, 2025

MAP Survey finds CPA firm starting pay on the rise

September 8, 2025

What faculty should know about private equity in accounting

From the first edition of The State of Risk Oversight report in 2009 to the just-released 15th edition, proactive organizational responses that recognize both the dangers of risk and the strategic opportunities of robust risk management have tripled on average across four key metrics.

Those metrics, however, have remained largely stagnant over the past five years, prompting the report’s authors – experts in the value of enterprise risk management (ERM) – to suggest five action items aimed at getting things moving in the right direction again.

The survey that serves as the basis for the report, commissioned by AICPA & CIMA and the ERM Initiative in the Poole College of Management at North Carolina State University, asks each year:

The slowing momentum comes even as 65% of the 377 business leaders surveyed earlier this year reported increased risk over the past five years, with 77% noting at least one “operational surprise” since 2019.

“The data summarized in this report suggests that while there have been steady improvements in overall risk management practices over the 15 years we have conducted this study, business leaders still struggle to recognize and embrace the benefits that proactive and robust risk management can provide for creating strategic value for the organization,” wrote authors Mark Beasley, CPA, Ph.D., and Bruce Branson, Ph.D., leaders of the ERM Initiative. “It is our hope that this report might stimulate executive leadership teams and boards of directors to seek opportunities to strengthen the strategic value of their organization’s risk management processes.”

This year’s report is divided into 10 areas of focus, from an overview of the current risk environment and the maturity of risk management practices to barriers limiting risk management maturity. In each focus area, the authors pose five discussion items for management and board consideration.

Using this information, the authors encourage organizations to:

Review the areas of focus and pinpoint one to three areas that offer the greatest opportunity for risk management enhancements.
Convene individuals who are part of the executive leadership team and use the five discussion items in the chosen areas of focus to spur robust and honest conversations about risk management.
Develop a list of action items that address opportunities for improvements in risk management capabilities.
Assign owners to the action items and ask them to create ad hoc working teams to help them address their assigned tasks. Set deadlines for owners to report back to the executive team.
Keep things simple and try to not overcomplicate processes, always linking risk conversations to the strategy of the organization.

— To comment on this article or to suggest an idea for another article, contact Bryan Strickland at Bryan.Strickland@aicpa-cima.com.

FROM THIS MONTH'S ISSUE