A study conducted by
The study, done via an on-site survey of CS STARS clients, evaluated stages of progress in the following categories: establishing an ERM culture, aligning ERM programs with organizational goals, formal ERM framework adoption, and executive level participation.
Completed in March, the study includes responses from 65 CS STARS clients. All study participants were employed in a formal capacity involving the management of their organization’s risk.
Establishing an Enterprise Risk Management Culture: Almost half (46%) of the participants reported that their organization has a strong, risk-focused culture. An additional 31% reported their organization as having partially adopted a risk-focused culture. However, only 22% of the participants reported that their organization has fully adopted elements of ERM into their risk management programs; an additional 28% said that their organization had implemented some elements of ERM.
“While the overwhelming majority of clients report a strong risk-focused culture, only a small percent have implemented an ERM program,” said Sharon Malloy, product strategist for CS STARS. “Our target group of risk managers clearly understands the value of a risk focused culture, but they are still challenged by the process of applying that culture to an ERM program.”
Aligning ERM Programs with Organizational Goals and Strategies: More than 40% of participants reported that their organizations have a common definition of risk, and managers within their organizations have a consistent understanding of those risks that are unacceptable and those that are not. More than 40% also reported that their organization activity pursues risk opportunities as well as threats. And, a quarter of the participants reported that their organization has a fully developed current inventory of risks.
Of the total participants, 43% reported that their organization regularly reviews internal and external events in terms their potential impact on the goals of the business; 34% report that their company does this partially and 12% report that their organization is in the initial stages of implementing a process for this.
Formal ERM Framework Adoption: Only 22% of participants reported that their organization has a formalized and fully documented ERM framework that is used and communicated throughout the organization. However, another 26% report a partial or in-progress implementation. Half of the participants reported that ERM practices, such as risk assessments, are employed before undertaking large projects, products and/or acquisitions.
“We have been working with client advisors to be sure that our system broadly supports common, framework-independent ERM elements,” said Sharon Malloy. “ERM is a process, not a software platform. And, since no standard has been universally embraced, we will continue building around best practices and key ERM elements such as accountability, communication and transparency.”
Executive Level Participation: Of the study participants, 46% report that their board or executive committee understands the company’s risk appetite and threshold. 31% indicate that ERM is part of an ongoing agenda at the board or executive level. Consistent with these findings, 42% report that their organization has an executive level person responsible for setting the organization’s ERM agenda.
More than half of the participants reported that their organization has established, or is in the process of implementing, a function for monitoring and reporting on the effectiveness of their ERM program to their board or executive committee.
CS STARS has incorporated data from its ERM Study into the new features of STARS Enterprise that support enterprise risk management. The firm expects to complete Phase II of the ERM Study by the end of the year.
