Taking risk is part of running a business, but in today’s environment it may seem like every move comes with a certain amount of unexpected risk. The level of emerging risks, both predictable and unpredictable, is high, so it’s no surprise that boards are having to spend more time than ever on this issue.
More than three-quarters (77 percent) of the directors we polled as part of our Director Confidence Index survey in July, conducted in collaboration with Diligent Institute, say their full board is having regular conversation around new risks and what they mean for the company, with nearly half saying they’re discussing ERM more frequently today than in years past.
So much so that 56 percent say they have formalized enterprise risk oversight in governing documents (including charters)—a trend that aligns with other research out of the Diligent Institute. “This is a growing trend, even when it comes to matters such as ESG for instance,” says Dottie Schindlinger, executive director of the Diligent Institute. “In our recent Sustainability in the Spotlight report, we found that of the directors who had changed their company’s ESG oversight in the last year, about a third (30 percent) had formalized oversight in governing documents.”
Meanwhile, only about a quarter (27 percent) of our respondents said they had created a dedicated risk committee outside of audit despite increased activity around risk in the boardroom—and despite the fact that the audit committee’s remit has been expanding significantly in recent years.
For now, ERM remains anchored in the audit committee for most boards, though 42 percent of those we surveyed said if they could improve their board’s oversight of risk, they would bring the ERM conversation out of the committee to the full board more frequently.
The desire to involve the full board in deeper-dive conversations isn’t entirely new. In our 2024 What Directors Think survey, conducted in partnership with Diligent Institute and BDO USA, we found only 17 percent of directors who believe the delegation of such issues to a committee or working group could improve a board’s ability to oversee company risk. As one director noted, “Is committee feedback adequate to inform all directors of committee deliberations?”
Nevertheless, directors in general feel confident in their organization’s enterprise risk management plan, rating it a 6.6 out of 10 in terms of maturity level—slightly above average, inching toward “Mature” according to our 10-point scale.
To get higher up on the scale, directors say there’s one element they need: better benchmarking data (45 percent). This is not all that surprising considering that only a quarter of respondents said their board had incorporated new data or solutions into the enterprise risk oversight in recent years.
“The risk oversight landscape has changed drastically in the past few years, and companies’ ERM programs have matured as a result,” said Schindlinger. “As that happens, the data and insights available to the board needs to reflect this evolution. Directors are voicing an acute need: they need the right technology to surface information about enterprise risk to help them make informed decisions.”