Start adding items to your reading lists:or
Save this item to:
This item has been saved to your reading list.
Latest findings from PwC’s Pulse Survey
Most risk management leaders see the upside — assuming mass vaccinations reduce the pandemic to containable outbreaks. More than 60% are very optimistic or somewhat optimistic about the US economy and the global economy, according to our March US Pulse Survey. They’re more cautious than CEOs we interviewed for our 24th Global CEO Survey, 76% of whom expect global economic growth to improve in the next 12 months.
With regard to the US policy and regulatory environment, risk leaders (59%) share favorable sentiments with COOs and CHROs. Optimism drops to 47% with regard to US social and economic disparities, although risk leaders remain more positive than others in the C-suite.
A lot is riding on the recovery. In a study of the toll of the pandemic, economists David Cutler and Lawrence Summers tallied the total cost including mortality, morbidity, mental health conditions and direct economic losses at more than $16 trillion, or approximately 90% of the annual gross domestic product of the US — the greatest threat to prosperity and well-being the nation has endured since the Great Depression.
That’s why this question is important: How prepared are risk executives to facilitate the upside to mitigate the risks arising out of businesses’ ambitious moves to grow and to cut costs?
Digitization, an important lifeline for businesses during the pandemic, will probably be the engine for a return to healthy growth. In our recent Global CEO Survey, 84% of US CEOs said they’re increasing long-term investments in digital transformation, with 43% increasing investments by 10% or more.
But with tremendous opportunities come increased risks and accentuated risk profiles for many companies. Sixty-five percent of risk management leaders say that risks from transformation adoption and tech will increase in 2021. Because of the nature and scope of transformation, these risks can be encompassing and highly interconnected with other risks expected to increase this year: cyber and data protection risks (65%), data governance (63%), human capital and talent management (59%), third-party and supplier management (57%), regulatory compliance (55%) and enterprise resiliency (48%).
Take the risks associated with digitizing customer and supply chain interactions, for example: access to customer data by malicious actors, disruptions to the supply chain via cyber attack, speed of workforce adjustment to digitized processes and compliance with different data protection laws.
Also on the risk management radar are increasing ESG risks as more organizations enhance reviews of disclosures (e.g., disclosure committee approval, internal audit testing) and increase company-endorsed public statements on social and environmental issues.
Working in tandem with CHROs on health and safety risks will remain vital in 2021, especially with the focus on managing a hybrid workforce and addressing employee mental health and burnout.
Responses to 'Significantly increased' and 'Somewhat increased'
To manage the risks arising out of digital and business transformation, between 42% and 50% of risk executives have begun to make significant, enterprise-wide pivots. Here are the moves that can enable — even accelerate — business transformations:
Still, many risk leaders — 38% to 44% — have made only partial adjustments, and between 7% and 14% have yet to make any. Managing digital risks is a shared responsibility; businesses are just as secure as their partners and their ecosystems.
“Move fast and break things” was the mantra of tech firms, and it spread to businesses that embarked on digital transformations. Often the ones left behind were risk managers who had been thought of as hurdles, people who would stop a transformation initiative in its tracks.
Not anymore. There’s been enough failed initiatives, bad investments, costly cyber breaches, disappointed workforces and disgruntled consumers to change the norm to “move fast and do not break things.” That’s being accomplished by having risk professionals embedded in business units and product development teams that lead the charge on transformation.
Top focus areas include:
In our 2020 Risk Study, we asked: “What happens when organizations are moving and connecting faster than the risk functions chartered with providing the risk insight needed to protect, enable and enhance their value? What happens when business units are using data and technology more effectively than risk functions?”
A year hence, risk leaders are at work on advancing risk management capabilities and are focusing on two areas in 2021.
Human-led. Risk leaders are increasing coordination and collaboration with other risk functions (35%), strengthening the linkage between risk management and strategic planning (26%), and assessing and evaluating organizational risk cultures (25%).
Specific to risk capabilities, they are focusing on generating more risk insight for the business (25%), facilitating a more formal risk appetite framework (21%) and moving beyond an annual risk assessment process (19%).
Tech-powered. Risk executives are taking advantage of tech solutions for real-time and automated processes, including dynamic risk monitoring (30%), new risk management tech solutions (25%), data analytics (24%), integrated risk management tools on a single platform (19%) and moving to zero trust architecture (8%).
Risk executives can capitalize on the energy behind digital transformation to become more agile through better coordination and tech solutions.
A risk management team should aim to enable its organization’s digital and business transformations — at the pace and scale it needs.
Set a collaborative tone and fix the disconnects. Multiple executives and board committees are accountable for aspects of the same risks. Senior executives should have cohesive insights synthesized from the lens of the different risk functions, and the risk insights should be aligned with the organization’s business strategies and its risk appetite. Regulators and other stakeholders are increasingly insisting that companies have a cohesive point of view and undertake clear accountability for such responsibilities as protecting consumer privacy and demonstrating operational resilience.
Lay a common foundation. Risk functions should adopt clearer, more-comprehensive views on risk. Start by categorizing risks in a single way and aggregating risk across the enterprise. Revise the risk governance framework so it is an effective architecture for how risk management operates in a rapidly digitizing organization. Use technologies that work together, draw on common data sources, build enterprise-wide analytics and define common sets of metrics. Risk functions are finally at a juncture where technologies are available to help them monitor risk and provide insights in real time. Use of these technologies can be transformative for risk functions.
Update the risk-related activities of the three lines. Define the operating model for the division of responsibilities among them. Risk functions have to be able to confidently take advantage of one another’s work to help build a holistic and complete view of risk so as to reduce gaps in risk coverage and increase efficiency. Move all risk functions toward more integrated approaches, which, in turn, can maximize risk coverage, minimize blind spots, reduce duplication, create efficiencies and produce greater risk insight for stakeholders and the board.
106 risk management leaders from Fortune 1000 and private companies, along with other C-suite executives, weighed in on 2021 business priorities in our latest PwC US Pulse Survey, fielded March 8 to March 12, 2021. Find all of these insights in our PwC US Pulse Survey.
Vaccine rollouts are bringing the end of the pandemic economy into view just as the Biden administration is looking to implement its agenda — fast. Is your company keeping up? Hear the results of our latest PwC Pulse Survey and learn what business leaders are saying about their growth prospects and investment priorities for 2021.
Partner, Risk and Regulatory, PwC US
Principal, Risk and Regulatory, PwC US