Help Net Security
Help Net Security

Enterprise risk management study

CS STARS has completed an Enterprise Risk Management (ERM) Study to gauge ERM activity. The study, done via an on-site survey of CS STARS clients, evaluates stages of progress in the following categories: Establishing an ERM Culture, Aligning ERM Programs with Organizational Goals, Formal ERM Framework Adoption, and Executive Level Participation.

This survey represents Phase I of CS STARS’ ERM Study. Phase II, currently underway, includes a closer look at which ERM frameworks are being adopted and also the tools, methods and best practices that are being used to support ERM programs.

Here is a summary of CS STARS’ ERM study findings. Completed in March, the study includes responses from 65 CS STARS clients. All study participants were employed in a formal capacity involving the management of their organization’s risk.

Establishing an ERM culture
Almost half (46%) of the participants reported that their organization has a strong, risk-focused culture. An additional 31% reported their organization as having partially adopted a risk-focused culture. However, only 22% of the participants reported that their organization has fully adopted elements of ERM into their Risk Management programs; an additional 28% said that their organization had implemented some elements of ERM.

Aligning ERM programs with organizational goals and strategies
More than 40% of participants reported that managers within their organizations have a consistent understanding of which risks are unacceptable and which are acceptable, and that the organization has a common definition of risk. More than 40% also reported that their organization activity pursues risk opportunities as well as threats. And, a quarter of the participants reported that their organization has a fully developed current inventory of risks.

43% of participants reported that their organization regularly reviews internal and external events in terms their potential impact on the goals of the business; 34% report that their company does this partially and 12% report that their organization is in the initial stages of implementing a process for this.

Formal ERM framework adoption
Only 22% of participants reported that their organization has a formalized and fully documented ERM framework that is used and communicated throughout the organization. However, another 26% report a partial or in-progress implementation. Half of the participants reported that ERM practices, such as risk assessments, are employed before undertaking large projects, products, and/or acquisitions.

Executive level participation
Of the study participants, 46% report that their board or executive committee understands the company’s risk appetite and threshold. 31% indicate that ERM is part of an ongoing agenda at the board or executive level. Consistent with these findings, 42% report that their organization has an executive level person responsible for setting the organization’s ERM agenda.

More than half of the participants reported that their organization has established, or is in the process of implementing, a function for monitoring and reporting on the effectiveness of their ERM program to their board or executive committee.

Featured news

Sponsored

Don't miss