One of the biggest surprises of the pandemic has been the remarkable resilience of certain businesses as they dealt with risk, including supply chain shocks, transitioning their workforces to remote seemingly overnight, pivoting to meet new customer needs, and navigating a host of other unexpected changes. Equally impressive has been the speed at which companies have implemented their digital transformation strategies.
COVID-19 has spurred companies to accelerate their moves to the cloud, rapidly adopt new tools for remote collaboration and embrace the potential of emerging technologies like 5G. Whether they had been pursuing these shifts for years or were still entirely paper- and spreadsheet- based, research shows that businesses are increasingly prioritizing digital infrastructure and allocating spending accordingly. Prepared or not, the new operating environment is forcing companies to evolve.
Risk professionals may see the need for their work to evolve as well. An organization’s risk functions (i.e., risk management, compliance and internal audit) have never been more important. As companies continue to undertake digital initiatives, boards, customers, and other stakeholders still reeling from the pandemic must be able to trust that businesses can confidently manage the associated risks. Risk professionals have an opportunity to be seen as enablers of trust—a function that allows for businesses to nimbly adapt preexisting tools and adopt new technologies to produce greater efficiencies, meet new customer needs and ultimately help deliver revenue growth.
As companies continue to pursue technological innovation to mitigate their risks, risk professionals can take a leading role in overhauling standard operating procedures to be more resilient, optimizing processes and technology within the risk functions, and accelerating the company’s digital transformation strategy.
Building More Resilient Operating Models
Resilient operating models, helping to adequately monitor for risks, allow a business to be prepared for the next unforeseen disruptive event. Even companies that felt they were advanced in this approach, such as those in regulated industries like financial services, are pivoting quickly. Companies that have not yet done the hard work to advance their risk management program and capabilities—perhaps those in manufacturing or the energy and utilities sectors—are especially struggling to be agile during COVID-19. These companies should consider:
- Conducting a fresh risk assessment. Companies should renew their risk profiles and risk appetites. They should reprioritize and build plans for strategic risks that, prior to the pandemic, seemed unlikely, and deprioritize risks that no longer seem pertinent in the digital-forward environment.
- Automating compliance and risk monitoring where possible. Functions such as compliance and risk management deliver the most value when they are able to continuously test and monitor. Automating those, as well as their processes, using robotic process automation or other means, can help save resources and build resilience in the risk function.
While risk professionals do their best to prepare for all possible scenarios, few expected a “black swan” event that would shutter the global economy with such speed and ferocity. Operating models today need to account for ferocious and unexpected shifts in operating environments, brought on by the need for quick technological adoption or in response to new exogenous threats. As we catch our breath from the pandemic’s immediate effects, risk professionals must push their stakeholders to start preparing for the next “unforeseen” risk.
Optimizing Risk Function Processes and Controls
Throughout the pandemic, remote workforces, the migration to the cloud, and other aspects of digital transformation have intensified. These are vulnerable digital surface areas for which risk professionals need to account in the following ways:
- Upskill and further specialize the risk functions. Many risk professionals can speak to the difficulties in finding digitally-minded talent in the field. So, they must be as smart as possible with the talent at hand, which requires efficient governance processes, controls, and close collaboration. Specifically, internal processes and controls must be modified to streamline and ensure that business units are accurately and consistently sharing risk metrics and related insights.
- Ensure risk, compliance, and internal audit functions are collaborating. This is the cornerstone of a strong risk management program. Sharing resources, reporting, testing, monitoring and tracking issues can all be done more efficiently using a central GRC platform. According to PwC's recent Global Risk Study, pre-COVID, only 27% of risk functions set an integrated tone for risk management through well-defined governance. Risk management, compliance, and internal audit functions must move forward in concert to ensure that separate and disconnected efforts do not result in unnecessary duplications, business fatigue and inadvertently introduce new vulnerabilities in the business.
Accelerators of Digital Transformation
According to PwC’s CFO Pulse survey, nearly one-third of CFOs are looking to tech-driven products and services as they reinvent their businesses. Digital transformation happening and risk professionals have a pivotal role to play in enabling businesses to fully realize the advantages of their digital journeys, ranging from more agility and resiliency to lower costs. Businesses that cut corners in their risk management efforts will lose. Even as the COVID-19 pandemic has thrust the business world into a crisis, it has also given companies across industries the opportunity to reassess and revamp their risk management programs and the risk function’s role in enabling a safe and secure digital transformation.