"Although the majority of risk managers say their boards of directors accept the validity of enterprise risk management in theory, the results of the study suggest that directors engage the issue only at a very high level, rather than becoming actively involved in establishing ERM in the company's day-to-day operational practices," said Greenwich Associates consultant David Fox.
Most people would find this remarkable, to say the least, considering the tough times of today's corporate environment. But even more remarkable is the most obvious sign that boards of directors are failing to elevate risk management: 70% of respondents say their firms do not have a chief risk officer with ERM as a primary focus. A whopping 78% of nonfinancial corporations do not even have such a position within the company. That's right -- more than three quarters of the large U.S. firms participating in the survey see no need for a chief risk officer within their organization.
If there is a silver lining in this study, it's that almost three-quarters of financial companies have chief risk officers or chief risk management officers. But the report suggest that there is still much to be done in terms of ERM implementation. Boards should take advantage of risk management expertise from external industry sources, instead of relying solely on company reports and CFO briefings. Boards should also include their company's insurance risk professional in all aspects of ERM formation and implementation. Lastly, including a qualified risk expert on the board will help directors make informed decisions on managing risks.
It seems, finally, that financial firms are truly embracing ERM and the role of the CRO and letting go of the feeling of invincibility—thanks in part to Dodd-Frank. Now if other industries would do the same.