Risk management leader insights

Latest findings from PwC’s Pulse Survey

De-risking the upside

Most risk management leaders see the upside — assuming mass vaccinations reduce the pandemic to containable outbreaks. More than 60% are very optimistic or somewhat optimistic about the US economy and the global economy, according to our March US Pulse Survey. They’re more cautious than CEOs we interviewed for our 24th Global CEO Survey, 76% of whom expect global economic growth to improve in the next 12 months. 

With regard to the US policy and regulatory environment, risk leaders (59%) share favorable sentiments with COOs and CHROs. Optimism drops to 47% with regard to US social and economic disparities, although risk leaders remain more positive than others in the C-suite.   

A lot is riding on the recovery. In a study of the toll of the pandemic, economists David Cutler and Lawrence Summers tallied the total cost including mortality, morbidity, mental health conditions and direct economic losses at more than $16 trillion, or approximately 90% of the annual gross domestic product of the US — the greatest threat to prosperity and well-being the nation has endured since the Great Depression.

That’s why this question is important: How prepared are risk executives to facilitate the upside to mitigate the risks arising out of businesses’ ambitious moves to grow and to cut costs?

Risk executives: Ready for the upside


Risk executives: Ready for the upside

Q: For the balance of the year, how do you feel about the following macroeconomic factors?
Source: PwC Pulse Survey March 12, 2021: Risk management leader base of 106

Elevated risk profile in 2021  

Digitization, an important lifeline for businesses during the pandemic, will probably be the engine for a return to healthy growth. In our recent Global CEO Survey, 84% of US CEOs said they’re increasing long-term investments in digital transformation, with 43% increasing investments by 10% or more. 

But with tremendous opportunities come increased risks and accentuated risk profiles for many companies. Sixty-five percent of risk management leaders say that risks from transformation adoption and tech will increase in 2021. Because of the nature and scope of transformation, these risks can be encompassing and highly interconnected with other risks expected to increase this year: cyber and data protection risks (65%), data governance (63%), human capital and talent management (59%), third-party and supplier management (57%), regulatory compliance (55%) and enterprise resiliency (48%).

Take the risks associated with digitizing customer and supply chain interactions, for example: access to customer data by malicious actors, disruptions to the supply chain via cyber attack, speed of workforce adjustment to digitized processes and compliance with different data protection laws. 

Think of IoT deployment enlarging the attack surface. Or the risks related to AI-powered transformations. Or the lack of governance as a main reason for stalled cloud transformations. 

Also on the risk management radar are increasing ESG risks as more organizations enhance reviews of disclosures (e.g., disclosure committee approval, internal audit testing) and increase company-endorsed public statements on social and environmental issues.

Working in tandem with CHROs on health and safety risks will remain vital in 2021, especially with the focus on managing a hybrid workforce and addressing employee mental health and burnout.

2021: A year fraught with rising risks

Responses to 'Significantly increased' and 'Somewhat increased'

Transformation adoption and technology
%
Environmental, social and governance (ESG)
%
Cybersecurity and data protection
%
Health and safety
%
Data governance
%
Organizational culture, values and compliance
%
Human capital and talent management
%
Third-party and supplier management
%
Regulatory compliance
%
Brand management
%
Enterprise resiliency
%

Q: To what extent, if at all, have the following risks to your organization changed for 2021? (Responses to ‘Significantly increased’ and ‘Somewhat increased’)
Source: PwC Pulse Survey, March 12, 2020: Risk management leaders base of 106

Risk management has to catch up with the business

To manage the risks arising out of digital and business transformation, between 42% and 50% of risk executives have begun to make significant, enterprise-wide pivots. Here are the moves that can enable — even accelerate — business transformations:

  • Aligning with the business. Risk management leaders are interacting more frequently with the C-suite (50%) and with board members (42%). Risk management activities and capabilities are embedded in business functions that are driving the transformations (47%).
  • Updating the organization’s risk appetite. Forty-four percent have updated their organization’s risk appetite to reflect the changes in risks from transformation.
  • Adjusting risk management practices. Close to half report updating internal controls frameworks (47%), revising risk reporting (47%), applying new risk management principles (45%) and updating the risk-related activities of the three lines (43%).

Still, many risk leaders — 38% to 44% — have made only partial adjustments, and between 7% and 14% have yet to make any. Managing digital risks is a shared responsibility; businesses are just as secure as their partners and their ecosystems.

“Move fast and break things” was the mantra of tech firms, and it spread to businesses that embarked on digital transformations. Often the ones left behind were risk managers who had been thought of as hurdles, people who would stop a transformation initiative in its tracks. 

Not anymore. There’s been enough failed initiatives, bad investments, costly cyber breaches, disappointed workforces and disgruntled consumers to change the norm to “move fast and do not break things.” That’s being accomplished by having risk professionals embedded in business units and product development teams that lead the charge on transformation.

Risk executives have started to adjust, but there's still a lot to do

Top focus areas include:

Aligning with the business

More frequent interaction with C-suite
%
Embedding risk management into areas driving transformation
%
More frequent interaction with the board
%

Updating the risk appetite

To reflect changes in risk
%

Adjusting practices

Updating internal controls frameworks
%
Revising risk reporting for new risks
%
Applying new principles in risk mitigation, management, monitoring
%
Updating risk-related activities of the three lines
%

Q: To what extent have your risk management strategy, processes and people adjusted to digital and other business transformations in your organization? (Response to ‘Significant adjustments and throughout the enterprise’)
Source: PwC Pulse Survey, March 12, 2021: Risk management leaders base of 106

Risk executives’ priorities in 2021 

In our 2020 Risk Study, we asked: “What happens when organizations are moving and connecting faster than the risk functions chartered with providing the risk insight needed to protect, enable and enhance their value? What happens when business units are using data and technology more effectively than risk functions?”

A year hence, risk leaders are at work on advancing risk management capabilities and are focusing on two areas in 2021.

Human-led. Risk leaders are increasing coordination and collaboration with other risk functions (35%), strengthening the linkage between risk management and strategic planning (26%), and assessing and evaluating organizational risk cultures (25%). 

Specific to risk capabilities, they are focusing on generating more risk insight for the business (25%), facilitating a more formal risk appetite framework (21%) and moving beyond an annual risk assessment process (19%).

Tech-powered. Risk executives are taking advantage of tech solutions for real-time and automated processes, including dynamic risk monitoring (30%), new risk management tech solutions (25%), data analytics (24%), integrated risk management tools on a single platform (19%) and moving to zero trust architecture (8%).

Risk executives can capitalize on the energy behind digital transformation to become more agile through better coordination and tech solutions.

Risk executives are focused on these priorities in 2021

Human-led

Increasing coordination and collaboration with other risk functions
%
Strengthening the linkage between risk management and strategic planning
%
Assessing and evaluating organizational risk culture
%
Digitally upskilling risk management teams
%
Generating more risk insight for the business
%
Facilitating a more formal risk appetite framework
%
Moving beyond an annual risk assessment process
%

Tech-powered

Implementing a dynamic risk monitoring process (e.g., using leading and lagging key risk indicators)
%
Implementing new risk management technologies (e.g., autonomous fraud detection, automated workflows)
%
Employing more data analytics to predict soft spots in risk
%

Q: What are your top priorities in 2021 to improve risk management in your organization?
Source: PwC Pulse Survey, March 12, 2021: Risk management leaders base of 106

The intelligence-driven one risk office

A risk management team should aim to enable its organization’s digital and business transformations — at the pace and scale it needs.

Set a collaborative tone and fix the disconnects. Multiple executives and board committees are accountable for aspects of the same risks. Senior executives should have cohesive insights synthesized from the lens of the different risk functions, and the risk insights should be aligned with the organization’s business strategies and its risk appetite. Regulators and other stakeholders are increasingly insisting that companies have a cohesive point of view and undertake clear accountability for such responsibilities as protecting consumer privacy and demonstrating operational resilience.

Lay a common foundation. Risk functions should adopt clearer, more-comprehensive views on risk. Start by categorizing risks in a single way and aggregating risk across the enterprise. Revise the risk governance framework so it is an effective architecture for how risk management operates in a rapidly digitizing organization. Use technologies that work together, draw on common data sources, build enterprise-wide analytics and define common sets of metrics. Risk functions are finally at a juncture where technologies are available to help them monitor risk and provide insights in real time. Use of these technologies can be transformative for risk functions. 

Update the risk-related activities of the three lines. Define the operating model for the division of responsibilities among them. Risk functions have to be able to confidently take advantage of one another’s work to help build a holistic and complete view of risk so as to reduce gaps in risk coverage and increase efficiency. Move all risk functions toward more integrated approaches, which, in turn, can maximize risk coverage, minimize blind spots, reduce duplication, create efficiencies and produce greater risk insight for stakeholders and the board.

About the survey

106 risk management leaders from Fortune 1000 and private companies, along with other C-suite executives, weighed in on 2021 business priorities in our latest PwC US Pulse Survey, fielded March 8 to March 12, 2021. Find all of these insights in our PwC US Pulse Survey.

PwC Pulse Survey Webcast: March 25

Vaccine rollouts are bringing the end of the pandemic economy into view just as the Biden administration is looking to implement its agenda — fast. Is your company keeping up? Hear the results of our latest PwC Pulse Survey and learn what business leaders are saying about their growth prospects and investment priorities for 2021.

Register

PwC Pulse Survey Webcast: March 25

Past surveys

To view data and insights from previous PwC Pulse Surveys, please see below.

November 23, 2020 - October 13, 2020 - September 15, 2020

{{filterContent.facetedTitle}}

Contact us

John Sabatini

John Sabatini

Risk and Regulatory Leader, PwC US

Tom Snyder

Tom Snyder

Risk and Regulatory Operations Leader, PwC US

Brian Schwartz

Brian Schwartz

Partner, Risk and Regulatory, PwC US

Mike Maali

Mike Maali

Partner, Risk and Regulatory, PwC US

Abhinav Aggarwal

Abhinav Aggarwal

Partner, Risk and Regulatory, PwC US

Tiffany Gallagher

Tiffany Gallagher

Principal, Risk and Regulatory, PwC US

Follow us