Search results

Since the mid-1990s, enterprise risk management (ERM) has proliferated in both the private and public sector as a holistic, enterprise-wide approach to risk management. In this chapter, we begin by exploring the economic, regulatory and professional context of ERM practices in Norway. To gain an understanding of the current state of ERM practices among Norwegian entities, we have conducted a survey among members of the Institute of Internal Auditors (IIA) Norway. Based on the survey data, we go on to analyse the perceived maturity of risk management practices of the surveyed organizations, as well as their integration of risk management with governance mechanisms and accounting practices. Four main findings emerged from the survey. We firstly observed that a majority of the respondents perceived that they had implemented ERM. Secondly, the average maturity of risk management practice is at a medium level, with ambitions to improve it further in the future. We further observed that a majority of the organizations have established risk management governance structures regarding the roles of risk management. However, there is still work to be done in relation to risk management functions in order for them to gain more attention and influence in the organizations. Finally, we find that risk management is more integrated with reporting processes than with strategic and performance planning processes, suggesting a more reactive than proactive approach to managing risks.