Organisations should digitally upgrade their risk function to make smarter decisions
Organisations should focus on developing stronger digital skills and capacity in their risk function in order to make more informed decisions about risk in a technology-driven world, according to the eighth edition of PwC's Risk In Review study.
The 2019 study has found that while many organisations have already embraced new technology as part of their internal audit, risk and compliance functions, they are yet to fully realise the potential benefits of using the insights to inform decisions regarding investment in digital transformation.
PwC's study focuses on identifying what categories help top-performing, "digitally fit" risk functions to stand out, both in terms of their ability to strategically advise stakeholders on risk and assurance, as well as in terms of the risk function's own ability to adapt and embed new processes required by digital transformation.
The six habits of risk functions that fuel smarter risk-taking are:
1. Go all-in on the organisation's digital plan;
2. Upskill and inject new talent to move at the speed of the organisation;
3. Find the right fit for emerging technologies;
4. Enable the organisation to act on risks in real-time;
5. Actively engage decision makers of key digital initiatives; and
6. Collaborate and align to provide a consolidated view of risks.
PwC surveyed more than 2 000 CEOs, senior executives, board members and professionals in risk management, compliance and internal audit. PwC also interviewed dozens of executives and board members to explore what differentiates risk functions when it comes to digital transformation.
Shirley Machaba, PwC Africa governance, risk and internal audit leader, says: "Risk professionals are at a critical point in time. Organisations are rapidly rolling out new digital initiatives in an arena defined by more data, more automation, sophisticated cyber attacks and constantly evolving customer expectations.
"While many technology risks are not new, the stakes are now much higher as digital roll-outs heighten risks beyond the technology itself. Emerging technologies are not only affecting the pace of change and the risk landscape, but also the role that internal audit plays in the organisation."
Being more precise and predictive is important in an information-poor world. Only 22% of chief executives who responded to PwC's 22nd annual CEO Survey called the risk exposure data they receive comprehensive enough for long-term decision-making; this is the same figure as 10 years ago.
This should indicate that risk functions are not harnessing the power of the abundant data available.
Machaba says: "Our study shows that when risk functions are digitally fit, the benefits an organisation receives multiply in the form of faster progress and greater-than-anticipated payoffs on digital technology investments, as well as smarter risk taking."
The study identifies the key components of an organisation's 'digital fitness' as:
1. Having in place the skills and competencies to strategically advise stakeholders on risk and provide assurance over the organisation's digital initiatives.
2. Changing the risk function's own processes, tools and services so they're more data driven and digitally enabled to anticipate risk events and respond to them at the pace and scale that the organisation's digital transformation requires.
Machaba says: "Organisations with more digitally fit risk functions are seeing greater benefits from their digital initiatives, including more effective management of transformation risk and more payoff than expected against planned outcomes, such as improved customer experience and increased revenue growth.
"Risk professionals need to consider investing more in time and resources to become digitally fit. They will ultimately reap the rewards of such investments."