Lay a common foundation

Pushing from communicating to collaborating requires a common foundation

It’s hard, if not impossible, for risk functions to share risk insight and adopt clearer, more-comprehensive views on risk when each risk function is categorizing risks in its own individual way, leveraging stand-alone technology, drawing on different data sources, building its own analytics, and defining its own metrics. Yet, at the majority of organizations, that is the norm.  

Data and technology vary by risk function and are typically disconnected from the broader IT strategy and from other risk functions.  Just half (51%) of organizations in our study say they have the right data today to manage risk.

“Our single enterprise system, in combination with our common risk taxonomy and other foundational elements, provides a good base for greater collaboration. Enterprise risk management, compliance, vendor risk management and other second line teams rely on the technology and internal audit uses insights from it to support audit plan development. Drawing data and insight from a common foundation is extremely helpful to us in connecting the dots across our activities.”

Tricia Bartylla, Vice President and Chief Audit Executive, Target Corporation

Does each risk function have its own set of tools and its own set of insights?

Consider these steps to make more powerful risk insight possible.

Come to consensus on a common risk language and measurements.

A common risk taxonomy is the dictionary that helps everyone think about, prioritize and communicate risks in the same way as one another.

You can use key risk indicators to monitor enterprise risks, but if all functions don’t use the same language – or risk taxonomy – it’s very challenging to align on risks, insight and issues.

Ian Overton, Managing Director, Co-Deputy Head Group Audit, Deutsche Bank AG

Bring disparate technologies together through a common platform.

Risk functions use many different tools and technologies, and it is time-consuming and inefficient to consolidate risk insight and reporting if risk functions do not connect into a single platform. Technology investments can be difficult for any one risk function to swallow, but when functions consolidate their business case for investment, the value proposition gets much stronger.

Our single GRC platform will help us get to a single source of truth that can be leveraged by the board, senior executives and other stakeholders as they make business risk decisions.

John Forlines, Senior Vice President and Chief Risk Officer, Fannie Mae

Embed within the organization’s data strategy.

More than ever before, there exists an abundance of data both inside and outside organizations from which to draw more-intelligent risk insight. Now is the time to collaborate across risk functions with a view to determine how that volume of data can best be used by all lines. Risk functions should embed themselves in their organization’s enterprisewide data strategies and data asset development efforts to make their collective data and functional requirements known.

Three actions to consider to move risk functions along the collaboration journey

Contact us

Brian Schwartz

Brian Schwartz

Partner, Risk and Regulatory, PwC US

Mike Maali

Mike Maali

Partner, Risk and Regulatory, PwC US

Tom Snyder

Tom Snyder

Risk and Regulatory Operations Leader, PwC US

John Sabatini

John Sabatini

Risk and Regulatory Leader, PwC US

Follow us

Required fields are marked with an asterisk(*)

How can we help? (check all that apply)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.