Every year, the Risk Management Society (RIMS) conducts an annual global survey of companies to obtain insights into their risk management practices. We reviewed the RIMS 2017 Enterprise Risk Management Benchmark Survey to assess the level of adoption of ERM by leading companies around the world. The survey consisted of polling many companies, with the outcome having 397 respondents from over 14 different industries.
The scope of the survey focused on asking respondents various questions to assess the level of adoption of an ERM program in their respective organizations and the perceived benefits that were received from their programs, where applicable. Our scope focused on answering the following three key questions:
1. To what extent has your organization adopted and/or considering implementing an ERM program?
2. Are insights from your ERM program being used to inform and influence corporate strategy?
3. What motivated the implementation and/or the expansion of the enterprise risk management program at your organization?
The outcome of the RIMS survey revealed that many companies have made progress regarding their awareness, adoption, and implementation of enterprise risk management (ERM) programs. The survey also indicated that while some progress has been made, there is still significant improvement that could be made before we may conclude that ERM has been embraced as a useful and sustainable management tool for most leading corporations.
The outcome of survey indicated that approximately 72% of respondents had either fully or partially adopted and implemented ERM. Specifically, 24% of survey respondents had fully integrated ERM into their organization. Full integration is considered as ERM having been deployed at the corporate level and throughout all business units. Partial integration of ERM was 48%. In contrast, 14% of respondents had not implemented any type of ERM program. Finally, 13% of respondents had indicated that they were in the initial stages of implementing an ERM program.
Table 2 above illustrates the survey results pertaining to the extent to which an organization’s ERM program is being used to inform and influence corporate strategy. As depicted in the table, we see that 60% of respondents indicated that ERM program results are being used to drive corporate strategy; while 13% noted that ERM was not being used to drive corporate strategy. Finally, 27% was not sure. The primary purpose of ERM is supposed to be providing information to impact management decision and organization strategy.
Finally, regarding what was the key drivers or motivation for the implementation of ERM, over 60% of respondents indicated that the three largest drivers were: (1) an explicit directive from the Board of Directors; (2) Regulatory requirements; and (3) Risk Management function within the organization. Next, 15% of respondents indicated other drivers such as audits, grass roots efforts, rating agency requirements, and the financial crisis of 2008. Finally, 22% of respondents cited other reasons or did not know the motivations for ERM.
More from Dion:
IT General ControlsLearn more
ERM Intelligence Quotient: When Your Business Practices Screams the Need for ERMLearn more