Page 532 - COSO Guidance
P. 532
Thought Leadership in ERM | COSO’s 2010 Report on ERM | 1
Overview of Research Approach Description of Respondents
This study was conducted by research faculty who lead the Respondents completed an online survey with questions that
Enterprise Risk Management Initiative (the ERM Initiative) address many of the factors and conditions related to the
in the College of Management at North Carolina State entity for which the individual is a member of management.
University (for more information about the ERM Initiative They were asked over 24 questions in online surveys that
please see http://www.erm.ncsu.edu). The research was addressed both the risk management practices of the entity
conducted in conjunction with the member organizations of for which the individual is a member of management, as
the Committee of Sponsoring Organizations (COSO). Data well as that individual’s perceptions about the strengths and
was collected during the months of June and July 2010 weaknesses of COSO’s ERM Framework.
through an online survey instrument electronically sent to
members of each of COSO’s member organizations. In total, The largest category of respondents (37 percent) held the
we received 460 partially or fully completed surveys. 1 position of head of internal audit, followed by those with the
title of chief financial officer (CFO) at 23% of respondents.
Because the completion of the survey was voluntary, there Other respondents included the head of risk management
is some potential for bias if those choosing to respond differ or chief risk officer (12%), controller (10%), and member of
significantly from those who did not respond. Our study’s the board of directors (6%), with the remainder representing
results may be limited to the extent that such a possibility numerous other executive positions. The respondents
exists. Also, some respondents provided an answer to claim to be familiar with their organization’s approach to
selected questions while they omitted others. Furthermore, enterprise level risk management. Using 5 point scale where
just over one-third of respondents represent individuals in 1 = not at all familiar and 5 = very familiar, over 64 percent
internal audit roles. Possibly there are others leading the risk selected “5 = very familiar” and an additional 23 percent
management effort within their organizations whose views selected a value = 4. Thus, almost all survey participants
are not captured in the responses we received. Despite appear to be knowledgeable about the state of ERM within
these limitations, the results reported herein provide needed their organizations.
insight about the current level of risk oversight maturity
and sophistication and Over three-fourths of respondents represent for-profit
highlight the strengths Results are based enterprises. Forty-one percent of respondents represented
and limitations of the on responses from publicly traded companies with an additional 35 percent
COSO ERM Framework 460 executives representing privately-held, for profit companies. Almost
as a tool for improving representing a variety all respondents represented U.S. based organizations, with
an organization’s risk of industries and 52 percent (not shown in table) representing organizations
oversight processes. firm sizes. headquartered in the U.S. with operations only in the U.S.
and an additional 39 percent representing organizations in
the U.S. with operations in and outside the U.S.
Type of Organization Represented Percentages
Publicly traded, for-profit company 41%
Privately-held, for-profit company 35%
1 Not all questions were completed by all 460 respondents. In some cases, the questions were not
applicable based on their responses to other questions. In other cases, the respondents chose to skip a w w w . c o s o . o r g
particular question.
