News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
Organizations tend to separate their risk management decision making from their overall business strategy discussions, and that needs to change.
This was one of the key takeaways for finance professionals in AICPA’s latest “State of Risk Oversight” report, an annual report on risk oversight practices, according to a report co-author.
“One of the challenges we observe, and have observed for quite a while, is this sort of separation of how an organization manages and thinks about risk and how it manages and thinks about strategy,” Mark Beasley—co-author of the report, professor at the Poole College of Management at North Carolina State University, and director of its Enterprise Risk Management Initiative—told CFO Brew.
Frequently, C-suite leaders take charge of strategy and leave risk management to departments across the company such as legal, IT, insurance, or elsewhere, and often those risk managers do not communicate with each other, Beasley said.
“It’s not that entities don’t manage risk, but often they struggle to reconnect risk and strategy, to really integrate risk thinking as they think about strategy thinking,” Beasley said. “Pretty much every business leader understands risk and return go together…Well, unfortunately, the way we manage that practically, we separate it.”
AICPA and NC State surveyed 377 organizations and found that most respondents (65%) agreed the risk landscape has gotten bigger and more complex in the last half decade.
Yet, according to the survey, a lot of organizations have underdeveloped approaches to managing risks. Fewer than half of respondents (47%) said they have a formal policy regarding their companywide approach to risk management. Just 3 in 10 respondents described the level of their organization’s risk management oversight as “mature” or “robust.” And the cherry on top: about a quarter (27%) of respondents indicated they have “no enterprise-wide view of risks,” the survey found.
Executives are feeling both internal and external pressures to get more involved in risk oversight. Beasley said that pressure comes from a few sources, including boards of directors, external disruptions such as the Covid-19 pandemic, stakeholders no longer accepting “We didn’t anticipate that happening” as an excuse from management, and a growing number of executives who see the “strategic value of risk management.”