Three actions to bolster your organization’s risk insights

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Brian Schwartz Partner, Risk and Regulatory, PwC US

Artificial intelligence, IoT and other fourth industrial revolution (4IR) technologies are helping companies to move more quickly and to become highly connected. And, as they do, risks become more complex and interconnected—and more challenging for risk function (internal audit, compliance, risk management, etc) professionals to identify and monitor.

PwC’s 2020 Global Risk Study, an annual research project which I have led for the past seven years, showed that many companies feel they have blind spots to risk. Just 50% of participants said their company has the right data, today, to anticipate and manage existing and emerging risk. Only 33% said they have the right technology and tools to do so.

It’s not surprising that companies feel unprepared for the risks of the 4IR. In a connected world, it takes comprehensive risk intelligence to provide the strongest and most timely risk insights to those who are running strategic initiatives and day-to-day operations. Studying business risks only in silos, such as by risk function or business unit, can lead to less than full visibility to business risk and a lack of understanding of risk inter-relationships. It is now more critical than ever for risk management, compliance, internal audit and other risk-related teams across the organization—which PwC refers to as risk functions—to closely collaborate.

What does close collaboration mean? Far more than keeping each other informed, or even communicating on a regular cadence. It means risk functions are constantly coordinating using a common risk language, a common data source, a consolidated view of risks and a shared technology platform. With this common base, risk functions can work together to provide sophisticated risk insights to support quick actions that protect value, keep programs on track and enable strategies.

Granted, few, if any, risk functions are truly collaborating by this definition, but the more than 120 interviews we conducted as part of our 2020 Global Risk Study found that some are well along in the journey. For example, in response to board and senior executive pressure to do so, all of a global bank’s second line risk functions, including compliance, now present one integrated view of risks to stakeholders. And, a pharmaceutical company now has a single data repository available to all risk functions and a growing portfolio of advanced analytics to provide the business with the insights needed to get ahead of risk.

Collaboration can be hard to achieve—and it takes new approaches and smart technology-enabled mechanisms to make it happen—but every organization can progress in the journey. Here are three actions to improve risk function collaboration and, simultaneously, improve the risk insights influencing the organization’s decision making.

  1. Set a collaborative tone: When the board and executives expect risk functions to collaborate, it naturally drives greater interaction among them. Some executives we interviewed attributed their collaboration to a change in company leadership. Others cited the pressure around a strategic risk—such as operational resilience, data privacy or third-party risk—as the impetus driving greater risk function collaboration.
  2. Lay a common foundation: Some elements of a common foundation, such as working from a shared technology platform and common data, are necessary for true collaboration but they can take time. Prerequisites that can be tackled immediately, and add tremendous value on their own, include establishing a common risk taxonomy and a common controls framework and measuring key risk indicators in the same way as one another. How can risk functions collaborate on risk assessment, rely on each other’s testing or share analytical models if they are not speaking the same language?
  3. Optimize the parts: Risk functions need to be able to take advantage of one another’s work so as to eliminate gaps in risk coverage and increase efficiency. A focus on the optimization of each function will build the levels of confidence in one another—and on the parts of stakeholders— that will move all risk functions toward more integrated approaches. Process digitization and talent upgrades are two optimization steps that will help all risk functions work more seamlessly to maximize risk coverage, successfully create efficiencies, and confidently rely on one another’s work.

Getting risk functions to truly collaborate may be challenging for some organizations and require risk functions to step out of their comfort zone. But, in this business environment, it’s no longer sufficient to go it alone. When risk functions across the company work in lock step supported by shared data, analytics and technology, they can bring stronger risk insights and more strategic assurance to stakeholders.

Look for subsequent blogs in this series to learn more about how risk functions are collaborating for stronger risk insights.


Contact us

Brian Schwartz

Brian Schwartz

Partner, Risk and Regulatory, PwC US

Mike Maali

Mike Maali

Partner, Risk and Regulatory, PwC US

Follow us