While the vast majority (80%) of large corporations surveyed in many parts of the world have a formal enterprise risk management (ERM) program, more than half (54%) have yet to adopt any external standard for implementing this process.

A new study of 149 large corporations by the Risk Consulting Practice of Marsh Inc., the world's leading insurance broker and risk advisor, and GovernanceMetrics International (GMI), the corporate governance research and ratings firm, found corporate governance to be the primary driver for three of four businesses that are implementing ERM programs. The Marsh-GMI study examined how public companies in various parts of the world are handling their approach to identify, prioritize, and manage risk, as well as communicating about these initiatives.

Notably, 75% of the survey participants do not regularly communicate about their ERM initiatives to investors.  Of these firms, 73% have no current plans to change their practices in this area.  Meanwhile, businesses that communicate externally about their ERM programs typically do so in their annual report and investor presentations.

Of all the firms surveyed, nearly half (46%) cite a lack of integration and overcoming corporate silos as the biggest challenges to their ERM programs.  According to the study, this may stem partly from a combination of insufficient or ineffective communication between a company’s risk function and the rest of its business, as well as a lack of influence by the risk function or a lack of risk expertise at the board level. 

Among firms adopting external standards for their ERM programs, 67% follow COSO and 16.2% use AS/NZS 4360, neither of which is mandatory.

"Despite the challenges associated with ERM, the effective implementation of these programs has become increasingly critical as businesses focus on ways to align strategy, process, governance, people, and technology to remain competitive," said Christy Kaufman, a vice president of Marsh's Enterprise Risk Services and Solutions Practice and report co-author.  "During the global economic crisis, a company's ability to identify and respond to significant exposures before they erupt can mean the difference between survival and failure."

"We believe there is a correlation between a company’s capacity to demonstrate an understanding of risk and both its credit and governance ratings," said Howard Sherman, president and CEO of GMI and a co-author of the report. "ERM has become a cutting edge governance issue. We hope this report will help widen attention for ERM and lead to more standardized disclosure of ERM best practices."

The Marsh-GMI study involved predominantly large-cap businesses that are headquartered in Australia, Eurozone, Japan, Norway, Singapore, South Africa, Sweden, Switzerland, Taiwan, the United Kingdom, and the U.S.   GMI is using the findings to develop a baseline to incorporate new ERM metrics into its rating model.