These surveys were commissioned by COSO and conducted in partnership with two outside organizations.
The first survey sought input directly from over 200 corporate directors to obtain deeper knowledge of the current state and desired future state of the risk oversight process as it is applied by boards of directors. Board members were divided on the effectiveness and maturity of their processes and efforts, according to the survey. While 53 percent of participants rated the risk oversight process in their organizations as “effective” or “highly effective,” more than 70 percent indicated that their boards are not formally executing mature and robust risk oversight processes.
This second survey suggests that boards may be over confident in management’s underlying risk management processes. Almost 60 percent of the 460 respondents admitted that their risk management processes are ad hoc and informal, almost half (42.4 percent) described their organization’s level of functioning of ERM processes as “very immature” or “somewhat mature” and about one-third (35 percent) admit that they are “not at all” or are “minimally” satisfied with the nature and extent of reporting to senior executives of key risk indicators.
The two studies suggest that there is room for improvement in enterprise risk management across many organizations.
Summary papers for the two surveys: