Most Global Organizations Lack Fully Integrated Enterprise Risk

December 2, 2007

Even as government regulators and corporate stakeholders demand companies do more to address and mitigate enterprise-wide risks, only one in 10 companies in the Americas and Europe has fully integrated an enterprise risk management (ERM) strategy, according to Aon Global Risk Consulting’s survey of global ERM practices. Aon Global Risk Consulting is a unit of Aon Corp.

At the heart of ERM is a comprehensive understanding of the global risks facing an organization, the design of strategies to mitigate those risks and the building of a corporate culture focused on risk management.

Fully 83 percent of respondents say they are reasonably familiar or very familiar with ERM and its implementation and purpose, but significant challenges still exist when organizations set out to execute an ERM strategy. Mean-while, while many companies are taking an enterprise-wide look at their risks, only one in four organizations say that developing ERM programs is part of their strategic planning process.

Aon Global Risk Consulting identified corporate culture, strategy and resources as the three key elements of successful ERM programs, based on feedback from chief risk officers, risk managers and other senior executives surveyed from among the world’s largest firms.

“Companies need clear and consistent ERM frameworks in place to appropriately assess and respond to the collective risks that may impact their organizations today,” said Stephen Cross, CEO of Aon Global Risk Consulting. “ERM provides the insight investors, management, ratings agencies and other stakeholders need to fully assess a company’s risk profile.”

Marrying corporate culture with ERM increases the likelihood programs will be effective. Those organizations with the most mature ERM programs say corporate culture was entirely or significantly taken into account in its development.

Performance-driven companies are more advanced in developing the strategy necessary to support ERM programs, and those that have a dedicated ERM function are also seeing greater results.

Currently, 50 percent of organizations have a formalized ERM team; an additional 20 percent say they are planning to establish one in the future.

In many companies, implementing an ERM program is at an early stage. One in four respondents said the organization is aware of risk but has not implemented a structured response.

“For businesses to appropriately deal with the risks they face, it is imperative that they communicate the ERM message through all levels of their organizations,” said Andrew Tunnicliffe, AGRC’s head of global business development. “Our survey suggests companies are behind: just one in seven say their ERM function is good at communicating that message.”

Geographic differences with regard to ERM also exist. There is slightly greater familiarity with ERM in North America; organizations based in the region are less likely than those in Europe to have a dedicated ERM function.

The full survey results are available at www.aon.com.