Study Finds Most ERM Programs Still Immature

A recent study by researchers at North Carolina State University demonstrates the increasing need for more robust Enterprise Risk Management (“ERM”) programs at the largest U.S. corporations.  The study points out that despite the recent financial crisis and resulting impact, most companies describe their ERM programs as “immature”.  Here are a few of the study’s findings.

  1. Over 63% of respondents believe that the volume and complexity of risks have changed “Extensively” or “A Great Deal” in the last five years. This is relatively unchanged from the 62.2% who responded similarly in the 2009 report. Thus, most believe the world of risk is rapidly evolving in complex ways.
  2. Organizations continue to experience significant operational surprises. Thirty-nine percent of respondents admit they were caught off guard by an operational surprise “Extensively” or “A Great Deal” in the last five years. Another 35% noted that they had been “Moderately” affected by an operational surprise. Together, these findings suggest that weaknesses in existing risk identification and monitoring processes may exist, given that unexpected risk events have significantly affected many organizations.
  3. About half (47.5%) of respondents self describe the organization’s risk culture as one that is either “strongly risk averse” or “risk averse.” Given their admission of a highly complex and voluminous risk environment and the risk averse nature of the organization’s culture, one might expect these organizations to be moving rapidly towards more robust risk oversight processes.
  4. Ironically, 48.7% of respondents describe the sophistication of their risk oversight processes as immature to minimally mature. Forty-seven percent do not have their business functions establishing or updating assessments of risk exposures on any formal basis. Almost 70% noted that management does not report the entity’s top risk exposures to the board of directors. These trends are relatively unchanged from those noted in the 2009 report.
  5. Almost 57% of our respondents have no formal enterprise-wide approach to risk oversight, as compared to 61.8% in our 2009 report with no formal ERM processes in place. Only a small number (11%) of respondents believe they have a complete formal enterprise-wide risk management process in place as compared to 9% in the 2009 report. Thus, there has been only a slight movement towards an ERM approach since our 2009 report.

How mature is your company’s ERM program?  Not sure?  Wheelhouse Advisors can help with a quick diagnostic review of your ERM program.  Visit us at to learn more.


About Wheelhouse Advisors
Wheelhouse Advisors LLC is the publisher of The ERM Current™, an online publication and blog dedicated to providing the latest updates on current trends in Enterprise Risk Management & Control. Wheelhouse Advisors provides cost-effective Enterprise Risk Management & Control solutions to both large and mid-size corporations. To learn more about Wheelhouse Advisors, please visit our web site at

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: