For quite a few years, the people at the Enterprise Risk Management Initiative have researched and provided reports on The State of Risk Oversight: An Overview of Enterprise Risk Management Practices.
In February, they published the 8th edition of their report.
I have covered their reports in the past, highlighting:
- According to the authors, very few organizations have what they consider to be “mature” or “robust” risk management processes.
- They don’t provide detail on what they consider constitute “mature” or “robust” risk management processes. My educated guess is that they leave it to the respondents to form their own definition.
- It seems that their idea of risk management is maintaining an “inventory” of risks (i.e., a risk register), updating it every so often, and reviewing it at board and executive management meetings.
There is some useful information in the report.
But does it add value to continue…
View original post 241 more words