At its core, EHS/S (environmental, health, safety, and sustainability) management is a risk management endeavor and there are numerous ways these activities can be described and reported. Even though many companies have robust EHS/S risk management practices, it is sobering to hear risk professionals continue to report pessimism about their organization’s overall risk management efforts.
The February 2011 issue of Internal Auditor reports on three studies that indicate while there is continued focus on the importance of robust risk management, more times than not, it is not being done well. Research conducted by the Enterprise Risk Management (ERM) Institute at North Carolina State University found that only 28 percent of 460 ERM professionals surveyed described their current state of ERM implementation as “systematic, robust, and repeatable”; 42 percent described the process as immature; and 60 percent described the process as mostly informal and ad hoc.
Corporate board oversight of ERM is hit or miss. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) reports that while directors give their boards high marks for ERM, less than one-half of the boards have ERM accountability assigned to a board subcommittee. Further, a survey of directors, conducted by Protiviti Inc., showed that only 13 percent consider ERM robust and mature. Internal Auditor reports that both of these studies point to challenges with risk reporting to the board. Read More