SAI360 announces its newest release. Learn More!
  • Home
  • Blog
  • SAI360 Report Highlights Critical Gaps in Large Firms’ Enterprise Risk Management Programs

SAI360 Report Highlights Critical Gaps in Large Firms’ Enterprise Risk Management Programs

SAI360’s GRC Benchmark Report conducted in collaboration with The Hague University of Applied Sciences, Peter Konings of Johnson Controls, and Thought Leader Global, examines the current state of Enterprise Risk Management (ERM) programs, particularly among larger firms with over 250 employees. 

The report revealed a significant variance in ERM budgets among these firms. Nearly 20% of larger firms allocated less than $10,000 annually for ERM activities. This could potentially expose them to heightened risks and undermine their risk management efforts. 

Enterprise Risk Management Programs

Furthermore, the report highlighted the importance of defining risk appetites, as 40% of large firms had not delineated precise risk thresholds. Failure to define risk appetites can critically hinder an organization’s ability to identify, evaluate, and strategically prioritize risks, leading to potential legal, financial, and reputational consequences. 

The report also sheds light on the length of time taken to complete enterprise-wide risk assessments. Notably, 28% of firms took six months to a year, and 3% took more than a year to complete these assessments. Given the rapidly evolving risk landscape and regulatory expectations for up-to-date risk monitoring, such prolonged assessment cycles could leave firms exposed and vulnerable to regulatory scrutiny. 

Final Thoughts on Enterprise Risk Management Programs

Our findings underscore the need for three things:  

  • Firms must reevaluate their ERM strategies 
  • Firms must invest in appropriate resources and technologies 
  • Firms must foster a proactive risk culture. 

By embracing automation, defining clear risk appetites, and streamlining risk assessment processes, organizations can enhance their resilience, decision-making, and ability to achieve strategic objectives while navigating the complexities of modern enterprise risk. 

Let’s Start a Conversation 

Schedule a virtual coffee with a team member: 

Keep Reading