
Most boards of large organizations (84%) and public companies (87%) review formal reports about top risks at least annually, but fewer than 60% consider the underlying risk management process systemic or repeatable, and 41% are “not at all” or only “minimally” satisfied with the internal reporting of key risk indicators.
External stakeholders are also driving greater executive involvement, with 65% of boards calling for increased management participation in risk oversight.
Formal assignment of risk management responsibilities has increased since the survey was first conducted 10 years ago, with 50% of companies now designating a CRO or equivalent, compared to 18% in 2009, and 65% maintaining a management-level risk committee, up from 22% in 2009.