Though the challenges facing risk leaders today may seem daunting, they also represent opportunities to make specific changes that can improve risk management efficiency, collaboration between risk functions, and overall risk data quality.
The bevy of reports conducted around the current and future state of risk presents an opportunity for risk leaders to study the risks their organizations are facing in the present as well as those on the horizon. Present risk events will color much of the next few years, while looking ahead to 2030 is a way to prepare for the risks to come in the latter half of the decade.
1. Study the Risks of Today
As a result of the pandemic, which served as a real-life stress test, many businesses learned the value of stress-testing organizational resiliency plans. PwC’s 2020 Pulse Survey notes that in anticipation of increased scrutiny of resilience programs from customers, business partners and regulators, 63% of risk leaders are conducting stress tests more frequently in their organizations, as well as within their third party ecosystems (64%) and supply chains (59%).
Source: PwC 2020 Pulse Survey
According to a recent risk study conducted by Protiviti and NC State University’s ERM Initiative, the six overlapping risks for 2021 and 2030 are:
- Upgrading skills to keep up with adoption of digital technologies.
- Regulatory concerns.
- Talent and succession risk.
- Cybersecurity risk.
- Privacy/identity management and information security risk.
- The ability to compete with “born digital” players.
The overlap between 2021 and 2030 risks highlights the importance of building resilience throughout the enterprise as a longer-term risk management strategy. An opportunity to address this overlap is to strengthen your ERM program alongside your resiliency program — and look for any opportunity where it makes sense to align the activities, data, and insights. Because resiliency is as much about preparing the organization for disruption as it is enabling new possibilities, it is easy to see the tie between resilience programs and ERM programs. PwC advises:
“Develop a harmonized view of the risks with high impact on your organization’s resilience. Apply a strategic lens to tie these resilience risks to everyday risk management and monitoring activities to help identify emerging micro risks that could have a significant impact on business and IT operations. Use current reporting mechanisms to show accountability for resilience to the Board.”
Moreover, now is an optimal time to accomplish this, as organizations focus on strengthening both ERM and resiliency programs. PwC reveals 87% percent of risk leaders are investing to improve their resilience programs this year, while Deloitte notes 73% of risk leaders say their institutions have either completed a risk management renewal/update, have one in progress, or are planning to undertake one this year. According to PwC’s 2020 Pulse Survey, companies can take an expanded view of enterprise resilience by asking themselves the following questions:
- Is the resiliency program connected to the risk management activities and strategy?
- Is there a clear owner of the enterprise resilience responsibility?
- Is there governance around how functions responsible for business continuity, disaster recovery and crisis management should work together?
- Is there a system for communicating status and responses to all the stakeholders, from the boards to CEOs to suppliers and customers, about the organization’s ability to weather oncoming disruptions?
- Is the enterprise resilience program enabled through technology and truly sustainable with transparency around ongoing maintenance?
2. Study the Risks of the Future
Per Protiviti/NC State, the top risk for 2030 is “adoption of digital technologies requiring reskilling/upskilling of talent” and the third highest risk is “rapid speed of disruptive innovation that may outpace organizations’ ability to compete in the marketplace.” The majority of the remaining risks represent issues related to innovations in the next decade that could significantly impact customer demand for existing products and services.
The major takeaway is clear: organizations cannot ignore the strategic risks related to the speed of rapid innovation anticipated between now and 2030. The cost is too high to focus solely on operational risks — remember: strategic risks represented 86% of the largest company loss events (40% or more decline in share price in one year) from 2003-2012, while operational risks only represented 9% of the largest loss events.
What the top 10 risks for 2030 reveals is the importance of recognizing and acting on megatrends, particularly keeping pace with technological innovation. The key to identifying the risks related to these trends lies in visibility, which is directly connected to the state of your enterprise risk management program.
3. Digital Risk Capabilities Can Boost Overall ERM Maturity
The potential for cloud-based software for risk functions is clear: 85% of respondents in Deloitte’s Global Risk Study said they either currently use or plan to use cloud computing technologies in their risk management function in the next two years. Moreover, Gartner’s 2020 Magic Quadrant for IT Risk Management Report states: “By 2025, 50% of global midmarket and large enterprises will depend on risk management solutions to aggregate digital risks in their business’s ecosystem.”
Source: Deloitte Global Risk Management Survey, 12th ed.
Furthermore, while emerging technologies can reduce operating costs by automating manual processes such as KRI data collection, their benefits extend beyond mere cost reduction. According to Deloitte, cloud computing, RPA, cognitive intelligence, and AI/machine learning can be leveraged to:
“Build controls directly into processes, prioritize areas for testing and monitoring, allow all transactions to be reviewed rather than relying on sample testing, and identify potential risk events in real time to allow preventive action to be taken.”
Ultimately, investing in emerging digital risk management technologies is a viable option for making substantial improvements to risk data quality and effectiveness, while preparing the organization for better strategic risk management in the long run.
Download the full report, The State of Risk Management: A Tipping Point for Digitization, to learn how risk leaders can improve their visibility into risks by investing in emerging risk management technologies, as well as how digital risk management can help improve the overall effectiveness, efficiency, and strategic potency of ERM programs.