One of the biggest surprises of the
pandemic has been the remarkable resilience of certain businesses as they dealt
with risk, including supply chain shocks, transitioning their workforces to
remote seemingly overnight, pivoting to meet new customer needs, and navigating
a host of other unexpected changes. Equally impressive has been the speed at
which companies have implemented their digital transformation strategies.
COVID-19 has spurred companies to
accelerate their moves to the cloud, rapidly adopt new tools for remote
collaboration and embrace the potential of emerging technologies like 5G.
Whether they had been pursuing these shifts for years or were still entirely
paper- and spreadsheet- based, research shows that businesses are increasingly prioritizing digital
infrastructure and allocating spending accordingly. Prepared or not, the new
operating environment is forcing companies to evolve.
Risk professionals may see the need
for their work to evolve as well. An organization’s risk functions (i.e., risk
management, compliance and internal audit) have never been more important. As
companies continue to undertake digital initiatives, boards, customers, and
other stakeholders still reeling from the pandemic must be able to trust that
businesses can confidently manage the associated risks. Risk professionals have
an opportunity to be seen as enablers of trust—a function that allows for
businesses to nimbly adapt preexisting tools and adopt new technologies to
produce greater efficiencies, meet new customer needs and ultimately help
deliver revenue growth.
As companies continue to pursue
technological innovation to mitigate their risks, risk professionals can take a
leading role in overhauling standard operating procedures to be more resilient,
optimizing processes and technology within the risk functions, and accelerating
the company’s digital transformation strategy.
Building More Resilient Operating Models
Resilient operating models, helping
to adequately monitor for risks, allow a business to be prepared for the next
unforeseen disruptive event. Even companies that felt they were advanced in
this approach, such as those in regulated industries like financial services,
are pivoting quickly. Companies that have not yet done the hard work to advance
their risk management program and capabilities—perhaps those in manufacturing
or the energy and utilities sectors—are especially struggling to be agile during
COVID-19. These companies should consider:
- Conducting a
fresh risk assessment. Companies should renew their risk profiles and risk
appetites. They should reprioritize and build plans for strategic risks that, prior
to the pandemic, seemed unlikely, and deprioritize risks that no longer seem
pertinent in the digital-forward environment.
compliance and risk monitoring where possible. Functions such as compliance
and risk management deliver the most value when they are able to continuously
test and monitor. Automating those, as well as their processes, using robotic
process automation or other means, can help save resources and build resilience
in the risk function.
While risk professionals do their
best to prepare for all possible scenarios, few expected a “black swan” event
that would shutter the global economy with such speed and ferocity. Operating
models today need to account for ferocious and unexpected shifts in operating
environments, brought on by the need for quick technological adoption or in
response to new exogenous threats. As we catch our breath from the pandemic’s immediate
effects, risk professionals must push their stakeholders to start preparing for
the next “unforeseen” risk.
Optimizing Risk Function Processes and Controls
Throughout the pandemic, remote
workforces, the migration to the cloud, and other aspects of digital
transformation have intensified. These are vulnerable digital surface areas for
which risk professionals need to account in the following ways:
- Upskill and further specialize the risk functions. Many risk professionals can speak to the difficulties in finding digitally-minded talent in the field. So, they must be as smart as possible with the talent at hand, which requires efficient governance processes, controls, and close collaboration. Specifically, internal processes and controls must be modified to streamline and ensure that business units are accurately and consistently sharing risk metrics and related insights.
- Ensure risk, compliance, and internal audit functions are collaborating. This is the cornerstone of a strong risk management program. Sharing resources, reporting, testing, monitoring and tracking issues can all be done more efficiently using a central GRC platform. According to PwC’s recent Global Risk Study, pre-COVID, only 27% of risk functions set an integrated tone for risk management through well-defined governance. Risk management, compliance, and internal audit functions must move forward in concert to ensure that separate and disconnected efforts do not result in unnecessary duplications, business fatigue and inadvertently introduce new vulnerabilities in the business.
Accelerators of Digital Transformation
According to PwC’s CFO Pulse survey, nearly one-third of
CFOs are looking to tech-driven products and services as they reinvent their
businesses. Digital transformation happening and risk professionals have a
pivotal role to play in enabling businesses to fully realize the advantages of
their digital journeys, ranging from more agility and resiliency to lower
costs. Businesses that cut corners in their risk management efforts will lose.
Even as the COVID-19 pandemic has thrust the business world into a crisis, it
has also given companies across industries the opportunity to reassess and
revamp their risk management programs and the risk function’s role in enabling
a safe and secure digital transformation.