The rise in corporate scandals, coupled with recent legislation like the Sarbanes-Oxley Act of 2002, have made companies more focused on risk management. Thus, it’s no surprise that enterprise risk management (ERM), which provides a framework for analyzing and confronting risks, is a practice now widely accepted by business managers, according to a 2004 survey conducted by The Conference Board and Mercer Oliver Wyman (international consultants in financial services and risk management).
In the June 2005 Conference Board research report “From Risk Management to Risk Strategy,” authors Stephen Gates, a strategy professor at Audencia Nantes Ecole de Management, and Ellen Hexter, a longtime consultant for The Conference Board, found that 91% of those surveyed are positively disposed toward accepting ERM or are actively implementing the practice.
The researchers surveyed 271 executives, the vast majority of which (97%) are based in North America or Europe. Although the participants represent a variety of industry sectors, over half (56%) come from manufacturing or financial services. The respondents are also heavily invested in assessing levels of risk: 93% are financial or risk managers.
The survey results suggest that while executives are motivated largely by a need to comply with rules and regulations, they are also interested in the advanced uses of ERM — namely, the ability to diagnose and control risks. Over two-thirds of the board members and senior managers surveyed see risk management as an increasingly important priority. Asked what is driving them to implement ERM, 66% of the respondents cited the need to respond to corporate governance requirements, while 60% ranked understanding strategic and operating risks as important.
But despite understanding the benefits ERM offers, those surveyed say only 11% of their firms have fully adopted the practice. Why? Building an ERM framework can be costly, and it can take several years to implement — therefore, it’s understandable that many efforts are still in the earliest stages. The slow progress may also reflect competing priorities, especially for American companies responding to Sarbanes-Oxley. However, the authors believe that a lack of consensus about ERM’s benefits may very well be the biggest impediment to adopting risk-management practices.
Approximately 18% of those surveyed do take inventory of their critical risks —a basic element of the ERM infrastructure.