Future-proofing risk management during disruption

Five key takeaways and technology considerations to help future-proof risk management in an era of disruption

This might be the riskiest time to be in business in recent history. From supply chain and talent shortages to cybercrime and compliance, risk can have far-reaching implications — both positive and negative — across your enterprise. At the same time, businesses with an appetite for risk and the right guardrails in place can experience tremendous innovation and growth. 

The challenge for many businesses today is being able to strike the balance between the risk and growth and thrive simultaneously. 

These top areas are putting your revenue growth at risk:  

• Market: Inflation, talent shortages and supply chain bottlenecks have raised the risk bar for businesses.

• Business/operational model: Risks posed by a suddenly complex ecosystem of third-party suppliers and subcontractors are altering internal business models. 

• Cyber/information management: Third-party cyber risks may be just as troublesome as first party risks. 

• External change: The race to net zero has added another reputational and regulatory risk for businesses who are subject to ESG disclosures.

• Geopolitical: Domestic policy changes and international conflicts that can impact supply chains, cyber risk and business partnerships. 

PwC’s Global Risk Survey highlights five actions global organizations can take to reduce risk despite today’s challenging climate. When organizations embrace these five risk management recommendations strategically — together with PwC’s team experience and technology products — board and executive confidence can increase. 

In fact, respondents to our survey who are realizing benefits from their strategic risk management are five times more confident in their organizations’ ability to deliver all outcomes. And they’re nearly two times as likely to anticipate revenue growth by 11% or more. This confidence can ultimately translate to increased share prices, customer trust and improved organizational resilience. 

Here are the actions and technology considerations we recommend for organizations looking to drive their risk management capabilities forward…

1. Engage early and get risk insights at the point of decision

Understand your risk factors and plan for them by gathering the right team together  to make data-informed decisions early on. Risk analysis and modeling are key components of a successful and proactive risk management strategy. 

Increasing regulatory pressures, escalating risks and market demands are pushing organizations to ramp up risk management and strengthen trust among stakeholders. In fact, as many as 39% of business executives say they’re making better decisions and achieving sustained outcomes by consulting risk professionals early.

Technology considerations

The PwC Risk Management Portfolio can aid in engaging proactive risk management, with risk detection and analysis built into the process that helps manage governance and security across your risk and compliance lifecycle. PwC takes a holistic approach to solving risk and compliance challenges by building confidence and preparedness. It’s about proactivity and prevention. 

Our integrated tech-enabled solutions leverage products and accelerators that address six core steps of the risk management lifecycle, helping your business to assess, track, detect, control, solve and upskill across the following: 

• Financial and economic crime 

• Cyber defense 

• Third party risk 

• Privacy risk

• ERP and SOX compliance

• Financial services compliance 

• Pharmaceutical risk

2. Take a panoramic view of risk

Just as organizations use key performance indicators (KPIs) to quantify business objectives, so should businesses measure key risk indicators (KRIs) when assessing risk. Changes in KRIs can provide an early-warning signal that it’s time to reevaluate your strategy, management or mitigation of risk. 

You’re likely already leveraging some KRIs. A KRI that monitors cyber risk may include metrics on business email compromise occurrences, or the number of open portals on a business’ network. Supply chain risk KRIs may include supplier quality ratings,  compliance violations or ESG implications. 

To view risk holistically across their organization, as many as three-quarters of businesses plan to increase spend on data analytics, risk assessments, process automation and technology to support the detection and monitoring of risk in the near future.

Technology considerations

Model Edge and Risk Detect, both PwC products, can help deliver the risk analytics and testing needed for a proactive view of your business’ risk.                                                                                                                                               

Model Edge is a cloud-based solution that can manage, monitor and govern a portfolio of models across your organization. It enables you to take action with confidence by confirming whether models are designed and operated as intended and without bias. 

Risk Detect uses artificial intelligence to flag high-risk activity, potentially reducing both the frequency and impact of fraud, bribery and corruption.

3. Set risk appetite parameters to take advantage of the upside of risk 

Defining your business’ risk appetite and risk culture are important in helping business leaders understand where they can take more risk in pursuit of new opportunities and growth. 

Risk culture also plays a role in taking advantage of upside risk. An overly rigid compliance culture can stifle innovation, while too weak of a compliance focus can impact brand and reputation. Compliance needs to be fit for purpose and intentional.

An effective risk culture gives business leaders and risk managers a clear understanding of the organization’s risk appetite. At the same time, it can give the Board and senior executives confidence that risks will be identified and managed as desired across the organization. When strategy, risk appetite and risk culture are aligned, business leaders can take decisive action. 

Technology considerations

Ready Assess, Model Edge and ProEdge, all PwC products, were designed to help your business better define and support its risk appetite and culture.

Ready Assess brings your business’ total risk assessment onto a single platform. With a fully searchable audit trail and data-driven insights, you can take a proactive approach to understanding and managing your risk. 

Model Edge accelerates your model development capabilities, providing insights into potential risk embedded in new opportunities. This can be invaluable as you scope and assess new ventures. 

ProEdge is an upskilling platform that provides content and credentialing to equip your risk and cyber functions with practical experience so they can respond to incidents and handle risk management challenges.

4. Enable risk-based decision making through systems, processes and controls 

With the growing complexity and interdependency of business risks, more timely and relevant information is needed to make business decisions. Unfortunately, many organizations have disparate risk processes and systems, and they lack the controls needed to coordinate this effort successfully. This contributes to challenges in achieving a common and a consolidated view of risk across your organization. 

Creation of and investment in risk processes, frameworks, systems and controls can help an organization deploy a standardized and consistent approach to risk management. 

One of the greatest challenges to risk decision making is the lack of a unified technology platform. As many as 75% of organizations report that disparate technology systems are a significant roadblock to effective risk management. And yet, just 35% of these businesses are addressing that challenge in a formal, enterprise-wide manner. 

Technology considerations

Ready Assess can standardize the way risks and controls are evaluated across an organization, thereby enabling it to prioritize and address specific processes that would typically be the most problematic.

Enterprise Control can reduce business risk and lower compliance costs by automating the operations and testing of controls and systems monitoring. Enterprise Control can also help businesses: 

• Gain visibility and build trust in complex enterprise resource planning (ERP) systems

• Enhance transparency and predictability across your control environments

• See actions taken on any assessment by the use of searchable histories and auditable reviews

5. Double down efforts on top risks

High-priority risks like talent management, supply chain shortages, regulatory compliance, cyber threats and ESG, are all interconnected. One risk can amplify the impact of the other. What may start as a cyber breach, for example, can quickly snowball into a reputational risk that affects talent management and leads to regulatory fines.  

That’s why an evaluation of business risk should go beyond a traditional risk analysis, performing a deep dive effort that identifies both front line and third-party business risks and spells out the interdependencies between them. This is especially relevant for pharmaceutical and life sciences (PLS) organizations.

Technology considerations

The PwC Risk Management Portfolio can help your business assess both first- and third-party risks and conduct ongoing risk assessments to gain the data insights you need to help preserve brand integrity and compliance. 

PwC’s Third Party Tracker is another solution that helps identify risks from current and potential third-party partners, conducting due diligence and tracking relationships throughout the risk lifecycle. 

For PLS companies, whose interactions with third parties are highly regulated and in which transparency reporting is required, Interactions Hub and Transparency Hub can help manage the risks across the PLS network of providers, patients and others.

Winning risk management strategies

With more internal stakeholders across your organization responsible for risk than ever before, risk management and mitigation has to be a team sport. 

The turbulent business environment has led executives across industries to revise and adapt their risk strategies and operating models — and at a rapid pace. Digital transformation plays a key role in doing this successfully. While there are challenges to capturing opportunity and avoiding disruption, choosing the right technologies to help your organization execute on key risk strategies is a winning move for future-forward risk management.