Business executives worldwide are saying despite their awareness and even (in some cases) implementation of enterprise risk management (ERM) practices and processes, they are still struggling to keep pace with today’s increasingly complex and high volume of risks, according to the recently released “2017 Global Risk Oversight Report.”

The Chartered Global Management Accountant (CGMA) study was commissioned by North Carolina State’s Enterprise Risk Management (ERM) Initiative and the Association of International Certified Professional Accountants (AICPA), and it surveyed 586 business executives from around the globe at companies of varying sizes and industries.

Here are some of the survey’s findings and insights:

A disconnect exists between risk perceptions and actual practices. The majority of respondents agree that the volume and complexity of risks have increased “mostly” and “extensively” over the past five years. But companies’ ERM processes aren’t aligned with perceptions—or even the reality—of risk events. Only 30 percent say they have “complete” ERM processes in place.

Integration of risk management processes into strategic planning is still sluggish. Only about 50 percent of respondents globally say they “mostly” or “extensively” consider risk exposures when evaluating new strategic initiatives. Interestingly, companies in Asia, Australia, Africa and the Middle East are more likely to believe their risk management practices provide a competitive advantage than companies in the U.S and Europe.

Deficiencies in formal infrastructure could be to blame. When using formal risk management policy and maintenance of risk inventories as indicators, most respondents lack adequate infrastructure, particularly in the U.S. and the U.K. with only about one-third of respondents saying they have these in place.

Who’s pressing for improvement? Most U.S. respondents said oversight of risk management practices comes from internal audit committees, while in other countries the board of directors drives the audit.

Barriers to improvement vary by business environment. Respondents outside the U.S. cited resources to invest in ERM as the main barrier slowing progress, while U.S. companies said it was competing priorities.

Is your company’s ERM process aligned with today’s risks?

While companies around the globe share a common need to balance risk and return, studies like this one underscore the importance of continuing to mature your risk management processes in the face of increasingly complex risks. Rate your company on some of these insights derived from the survey:

  1. Do your company’s executives consider risk exposure when evaluating new strategic initiatives? If so, are the data and insights used to inform those decisions coming from formalized risk management processes?
  2. Are you satisfied with the quality of the Key Risk Indicators (KRIs) and other output from your risk identification and assessment processes, and are they available to executives via reports or dashboards?
  3. Do you have clear, formal definitions built into your process, including an agreed-upon definition of the term “risk”? What about an ongoing risk inventory?
  4. Do you provide regular, formal training or guidance to your executives on risk management practices, and does your company tie performance/compensation to risk management?

Risk management technology can significantly shrink the gap between the risks you know exist and how proactively your company is managing them. Read this to learn how risk management technology enables your ERM program to keep pace with the risks of today and tomorrow.