The speed and scale of digital rollouts are putting risk and internal audit professionals in a difficult spot, and the smarter risk managers are making more use of data and digital capabilities to inform their decisions, according to a new study from consulting firm PwC.
Also: What is digital transformation? Everything you need to know
The firm's Risk in Review study said when risk management is at the top of its game, "leaders have a clear line of sight into threats for informed decision making." The report is based on a global survey of 2,073 CEOs, board members, and professionals in risk management, internal audit, and compliance, conducted in October and November 2018, and described six habits risk functions follow that help their companies set a course for sustainable growth.
Digital transformations don't work well in isolation, the report said, because of the many connection points that can be exploited without proper controls. A well-thought-out and communicated digital strategy with growth targets and values anchors a risk culture.
As organizations go all-in with transformations, the entire organization should prioritize items such as new technology, while risk functions set controls that map back to the strategy. In another survey recently conducted by the firm, CEOs globally said they expect the artificial intelligence (AI) "revolution to be bigger than the Internet revolution."
But the risks from AI, ranging from bad to biased data, are now well-known, and many executives are boosting AI security by monitoring, validating, and verifying to ensure that the technology is being used responsibly.
Organizations need to continuously add digital skills, and risk management, compliance, and internal audit functions are no different. Those functions become stronger once they can deploy digital tools to spot and address risks, the report said.
Some organizations are seeding coding and data analytics talent in innovative ways, partnering with engineering schools the way PwC does with Carnegie Mellon University to develop relevant curricula. Whatever the strategy, organizations need to inject new skills into the risk management function in order to keep pace.
It's difficult to tackle risks from new technologies when the data itself might be of poor quality or siloed in various storage configurations, the firm said. One of the distinguishing characteristics of successful digital enterprises is how smartly they've used data to create value for their customers and their organizations.
Those companies that prioritize the cleanup, consolidation, and integration of management of data as an asset, do so to unlock the possibilities of emerging technologies.
Also: 4 risk management areas you need to pay attention to TechRepublic
Tools that harness data as automated governance, risk, and compliance (GRC) dashboards help internal audit functions quickly flag critical concerns for senior risk leaders so they can take rapid action.
Many of the risks related to digital initiatives have high risk velocity, the report said, and being able to monitor in real time in order to act in real time is characteristic of risk functions that enable smarter risk taking.
Risk management leaders who don't understand the risks from new technologies and data will struggle in overseeing digital transformations, the report said. Risk and internal audit professionals can educate business leaders on the risks of digital technologies and data.
There's still work to be done in this area, the report said. For example, few risk executives said they think boards are receiving adequate reporting on metrics for cyber and privacy risk management.
Also: How smart cities are quietly changing the world CNET
By working from one source of data on a common technology platform, risk functions can provide their organizations with one view of risk, which is what CEOs and stakeholders want for more-informed and agile decision making.
Many digital transformations fail, the report said. As business leaders try to understand why, the experience of risk and internal audit professionals during broad IT implementations and cultural change will be helpful to those leaders.