Most CEOs Say Enterprise Risk Management Programs are Ineffective

“The 2020 State of ERM: A View from the Top” report from LogicGate identifies impending risks and ERM maturity as rated by CEOs

CHICAGO - Dec. 10, 2019 - LogicGate, an agile process automation platform enabling organizations to operationalize governance, risk, and compliance programs, announced today the results of its “The 2020 State of ERM: A View from the Top” report. The report, which discusses the results of a survey of 100 CEOs across industries on their understanding of enterprise risk management (ERM) and their current ERM programs, found more than half of CEOs think their ERM program is not as effective as it should be.

With companies experiencing an increase in risks and data breaches, it’s no surprise the report uncovered that 88% of CEOs think ERM is very or extremely important. However, while most companies have an ERM program in place, there’s little agreement as to what a successful program really looks like in practice, beyond the baseline features. Fortunately, CEOs are beginning to understand the need for their involvement in their company’s ERM program with 66% wanting more involvement.

“It’s not a matter of if your company will face risk, it’s a matter of when, and which risks. Every business faces risks, and without a strategy in place, you are setting your company up for failure,” said Matt Kunkel, CEO, LogicGate. “For CEOs to become more involved with ERM, they must integrate ERM in their business decision-making process and create a culture of risk. The responsibility of ERM does not fall only on the IT or compliance departments, it involves every employee and every department.” 

The CEOs surveyed echo this sentiment, asserting a clear desire for increased visibility into risks and a quantifiable methodology for tracking and evaluating them. Several CEOs lamented the “labor-intensive” process in their organizations and voiced a need for a “better understanding of what it’s costing us to mitigate risk.” They also recognize a need for “regimented” and “streamlined” methods of factoring risk into their overall business strategies.   

Looking ahead to the rest of 2019 and 2020, CEOs are most concerned with risks in three categories: Strategic, Operational, and Macroeconomic risks. 

  • 1 in 3 CEOs see Strategic Risk as the “Biggest Potential Risk Concern.” Among Strategic Risks, risk arising from key business partners is most frequently ranked first. 
  • 1 in 3 CEOs are most concerned about Operational Risk. In this category, cybersecurity is the top concern due to the increase in cyber threats.
  • Finally, of the CEOs most worried about macroeconomic trends, 1 in 4 are most worried about the threat of a recession. Global political instability was close behind. 

Other key takeaways from the report include: 

  • CEOs at smaller firms are significantly less satisfied with their ERM programs, with 1 in 3 finding them not very or not at all effective.
  • CEOs are the least satisfied with the ongoing monitoring of ERM, particularly firms with <$250M in terms of having risk KRIs tracked by a central team.
  • About 3 in 4 CEOs rate their risk identification favorably, although fewer CEOs in the core industries of financial services, healthcare, and technology, media, and telecom report cross-functional team involvement.
  • Information security leads ERM for 3 out of 10 CEOs, followed by finance, risk, and the board of directors. 
  • Most CEOs meet with their ERM leader at least weekly, or daily in larger firms.

Data for this study was gathered by LogicGate through an online survey obtaining quantitative and qualitative responses. Survey respondents were screened for the type of business, annual revenue, and employee size. For more information on enterprise risk management, and to view the full results of the study, download the full report or visit



About LogicGate

Headquartered in Chicago, LogicGate is an agile GRC software solution that enables organizations to automate and centralize risk and compliance programs. LogicGate’s highly configurable platform assists organizations in transforming mission-critical governance, risk, and compliance processes without the support of consultants or corporate IT by enhancing controls and increasing flexibility. Dashboard-style reporting within the platform allows risk and compliance teams to analyze and remediate issues immediately. The company has made the Global RegTech 100 list two years in a row, and was recently named the #1 GRC Software on the G2 GRC Grid. For more information, visit and follow LogicGate on Twitter at @LogicGate.


Media Contact 

Katie Cessna

BLASTmedia for LogicGate

[email protected]

317-806-1900 x.142