U.S. Organizations Overlook Risk Management as a Strategic Priority Despite Ongoing Uncertainty and Growing Global Risks

News provided by

AICPA & CIMA

Sep 08, 2025, 09:30 ET

The AICPA and North Carolina State University Report highlights:

  • Only 11% believe risk management processes provide strategic advantage.
  • Sixty-one percent of volume and complexity of corporate risks have changed over last five years.
  • Less than half (32%) of organizations describe risk management oversight as mature or robust.

DURHAM, N.C., Sept. 8, 2025 /PRNewswire/ -- A new report from the American Institute of CPAs (AICPA) and North Carolina State University's Enterprise Risk Management (ERM) Initiative reveals that only 11% of senior finance leaders view their organization's risk management process as "mostly" or "extensively" a strategic tool that delivers competitive advantage, with 64% indicating it provides no or minimal advantage.

Meanwhile, 61% of finance leaders acknowledge that the volume and complexity of risks have changed "mostly" or "extensively" over the past five years. Despite this shift, just 35% report having comprehensive ERM processes in place, and only 32% rate their organization's overall risk oversight as "mature" or "robust." These figures remain largely unchanged from the previous year.

New and rapidly changing risk events, including concerns about the economy and inflation, geopolitical developments impacting trade and supply chains, disruptive technologies and AI, cyber and privacy threats and a host of other risk triggers are continuing to drive significant disruptions that impact an organization's business model and strategic planning. Despite these unfolding realities, most organizations continue to not have robust enterprise risk management (ERM) practices in place.

The 2025 State of Risk Oversight: An Overview of Enterprise Risk Management Practices report represents a 16-year partnership between the AICPA and North Carolina State University's ERM Initiative and includes insights from a survey of 273 U.S. organizations - CFOs and senior finance leaders - conducted in Spring 2025. The survey measured finance-related executives' assessments of the level of maturity in their organization's proactive management of these risks through adoption of ERM processes.

"Organizations with a robust, enterprise-wide and strategically focused approach to managing risks increase the odds that these risks can be managed proactively so that key strategic initiatives stay on track," according to Mark Beasley, Alan T. Dickson Distinguished Professor and Director of the ERM Initiative at NC State. "There has been a slow steady embrace of ERM as a formal risk management practice over the past 16 years of our study. However, the study finds that the majority of organizations of all types and sizes continue to completely overlook or are making slow progress in advancing their ERM processes."

To make meaningful progress in strengthening an organization's risk management approach, C-suite executives and boards must first identify cultural factors that may be hindering advancement. According to the report respondents, the most cited barriers include competing priorities and insufficient resources (both at 41%), as well as a lack of perceived value in risk management efforts (29%).

Additional key findings from the report include:

  • Almost half (45%) of organizations report having a Chief Risk Officer or senior risk executive equivalent.
  • However, the frequency at which management shares risk exposure with the board of directors varies, with 57% reporting top risks to the board.
  • Only 27% of executives note that their ERM process would assist in identifying and managing a significant risk event that would impact their organization's reputation and brand.

"In today's business landscape, defined by uncertainty, disruption, innovation, and constant change, organizations must move beyond reactive risk management and embrace a proactive, enterprise-wide approach," said Tom Hood, Executive Vice President of Business Growth & Engagement at AICPA and CIMA. "The pace of change demands resilience not just as a concept, but as a capability embedded throughout the organization."

The report also includes calls for action to help executives and boards identify actions they can take to enhance the strategic value of their risk oversight. These questions are just a sample of the kinds of issues senior executives and boards of directors should consider as they evaluate the robustness of their entity's approach to managing a rapidly evolving portfolio of risks:  

  • ­What are management's perceptions about the current approach to risk management?
  • ­Is there consensus about the most significant enterprise risks?
  • How is the output from risk management used in strategic planning?
  • Does management have access to robust key risk indicators?
  • Is our entity sufficiently prepared to manage a significant risk event?

NC State's ERM Initiative has a breadth of tools and resources to help executives through its searchable ERM Library and offers a number of executive learning opportunities and events.

About the American Institute of CPAs
The American Institute of CPAs® (AICPA®) is the world's largest member association representing the CPA profession, with 397,000 members and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education, and consulting. A founding member of the Association of International Certified Professional Accountants, the AICPA sets ethical standards for the profession, attestation standards, and U.S. auditing standards for private companies, not-for-profit organizations, and federal, state, and local governments. It develops and grades the Uniform CPA Examination, offers specialized credentials, partners across the profession to build future talent, and drives continuing education to advance the vitality, relevance, and quality of the profession.

About North Carolina State University's Enterprise Risk Management (ERM) Initiative
The Enterprise Risk Management (ERM) Initiative in the Poole College of Management at North Carolina State University provides thought leadership about ERM practices and their integration with strategy and corporate governance. Faculty in the ERM Initiative frequently work with boards of directors and senior management teams helping them link ERM to strategy and governance, host executive workshops and educational training sessions, and issue research and thought papers on practical approaches to implementing more effective risk oversight techniques (www.erm.ncsu.edu).

SOURCE AICPA & CIMA

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED

Also from this source

Business Executives' View of U.S. Economy Rebounds Somewhat but Deep Concerns Remain, AICPA and CIMA Survey Finds

Business executives have a slightly improved view of the economy but continue to be wary of inflation and tariff impacts, according to the...

Business Executives' Optimism About U.S. Economy Sinks as Recession Fears Loom, AICPA and CIMA Survey Finds

Business executives' view of the economy continued to sour amid recession fears and uncertainty about tariff impacts, according to the second-quarter ...
More Releases From This Source

Explore

Education

Education

Banking & Financial Services

Banking & Financial Services

Accounting News & Issues

Accounting News & Issues

Surveys, Polls and Research

Surveys, Polls and Research

News Releases in Similar Topics