We've noted that the enterprise risk management [1] has become one of those often-heard, little-understood corporate buzzwords recently. A recent study by PricewaterhouseCoopers suggests that the concept is still largely an abstraction. Yes, there is a lot of interest in ERM. But very few companies update the internal risk assessment continuously. About 65 percent do little or nothing between annual assessments. This suggests that there is still a lot of dissatisfaction with the process. Too many assessments are undertaken piecemeal with the various parts not always acting in concert. The study suggests that audit committees are still vexed by multiple assessments that come to different conclusions. Everyone agrees that management needs to address this. But how? At smaller companies, this will be a huge issue as they finally have to start attestation. Companies that take a coordinated hyper-organized approach will likely fare better. But that's easier said than done. It means a lot of planning, and a lot of cross leveraging of work and assets, specialists and previous work. Good luck.  

For more:
- here's the release [2]
- access the report here [3]