Latest findings from PwC’s Pulse Survey
are most concerned about cybersecurity
plan to manage third-party engagements through increased leverage of data and automation
are most concerned about the degradation of process, control or compliance activities
Risk managers have dealt with the perils of rapidly moving their companies to fully remote, even as the pandemic accelerated technological transformations. Now, risk professionals are seeing the upside that can come with a reimagined hybrid workforce.
The most recent iteration of PwC’s US Pulse Survey further confirms what PwC has been seeing in the marketplace — chief risk officers (CROs) have now largely managed the risks associated with having employees in many locations and are ready to capitalize on it. Driven by vaccination efforts, that optimism has been taking shape all year. More than 60% of risk executives said in March that they were very or somewhat optimistic about the US economy.
More than half of CROs see cybersecurity as a major or moderate challenge to the success of hybrid work models, with just under half saying that having the right technological tools in place is a major or moderate challenge. Yet, more so than other executives, risk professionals are concerned about the impact hybrid work could have on innovation opportunities. The rapid adoption of remote work at the start of the pandemic drove companies to speed up technological innovations and has left many risk professionals working through the kinks over the last 17 months. Now that many of those challenges have become more manageable, business and risk leaders are capitalizing on new technologies to drive growth at their businesses. Still, as many companies embrace a hybrid work model for the future, risk leaders will want to make sure other executive teams are fully aligned about the potential risks. Together, risk leaders and CIOs can work to help close the gap between perception and reality.
Coinciding with the technological transformations and shifts in the workforce, CROs are more broadly most concerned about cybersecurity (45%), degradation of process, control or compliance activities (34%), customer fraud (30%), and data privacy for both customers and employees (28%) as the highly digital work environment continues to evolve. Interestingly, as employees move back into offices, few CROs (16%) are concerned with the manageability of health safety plans.
A third of all respondents say they are moving to some combination of fully on-site, hybrid and fully remote workers. And while there will likely be challenges to this model (especially as the delta variant becomes the predominant strain in the US), only 19% of CROs are worried about becoming 100% remote again.
Risk leaders see the chance to turn risk into opportunity. Half of risk executives see this as an ideal time to change or upgrade their technology offerings for virtual teams. The pandemic accelerated technology transformations as companies shifted to remote work, and many are embracing cloud in a number of forms, including data and infrastructure services, enterprise software as a service, development platforms, analytics, artificial intelligence and other emerging technologies.
Remote work also means greater access to employees with the right capabilities, and nearly half of CROs see this as the greatest potential benefit. Forty-six percent also see this as an opportunity to upskill their existing workforce. At a time when 93% of CROs are seeing a higher employee turnover generally, removing geographic boundaries and providing reskilling opportunities means companies can compete at a new level due to an expanded talent pool. Risk leaders say employees are leaving for greater flexibility elsewhere (41%), better advancement opportunities (36%) or higher wages elsewhere (36%).
One of the biggest shifts of the pandemic has been the cessation of business travel. Meetings with third parties almost entirely became remote over the last year, and many businesses hope to maintain the cost benefits from the shift. An overwhelming majority (63%) of risk leaders plan to manage third-party engagements like audits by leveraging data and automation at increased levels. Only 11% said they expect third-party interactions to go back to pre-pandemic levels, while 27% said they will increase on-site visits but not as frequently as before.
Executives are now trying to reimagine what third-party relationships look like, and using data in the right ways can help.
Evaluate the data. A part of reducing on-site visits could mean looking at what external data you have available from your third parties and how you are collecting that information. Are different parts of your organization collecting the same data? Different data? Is it all analyzed in the same place?
Automation is your friend. Automated workflows can allow third parties to provide evidence remotely, also cutting down on site visits. Being able to leverage this data may allow a company to make risk-informed decisions around how frequently those high touch onsite visits need to occur. Risk leaders said in March that they are embracing tech solutions, including dynamic risk monitoring (30%), new risk management tech solutions (25%) and data analytics (24%).
Go beyond vetting. Third-party risk doesn’t end after the contract is signed. Third-party relationships should be constantly monitored for risks and compliance. For example, car manufacturers need to monitor where their suppliers are getting components in order to comply with certain trade agreements.
Our latest PwC US Pulse Survey, fielded August 2 to August 6, 2021, surveyed 92 risk leaders from Fortune 1000 and private companies, along with other C-suite executives, about business priorities and decisions they’re making around the future of work. Find all of these insights in our PwC US Pulse Survey.