The ever-increasing volatility is forcing risk managers to better prepare and evolve
The risks businesses face change all the time. Lately, however, the pace of change itself is accelerating, and this will only continue. This means that businesses need to be better prepared to deal with new types of risk.
Today, for example, businesses face supply chain disruptions, large-scale and sophisticated cyber attacks, significant geopolitical disruptions, and the multiple challenges posed by climate change. More and more frequently, we see risks that are both interconnected and complex. In our latest risk study, 77% of respondents said these risks are appearing at a faster rate than ever. And risk managers already have a difficult task in their â€œday-to-dayâ€ work of managing financial, market and regulatory risks.
Our research indicates that risk management teams have made incremental improvements – such as learning new skills and technologies to identify new threats – and have been successful in some areas, but the pace of change is so rapid that ‘they are not making the progress necessary to manage the growing complexity of risks and the emergence of new threats. Time and resources are limited and gaps are starting to appear. For example, less than half of the risk managers in the study took vital steps to strengthen their stress tests, such as expanding the range of scenarios covered or involving more stakeholders.
Likewise, less than a third (31%) of risk leaders are â€œvery satisfiedâ€ with their progress in building operational resilience over the past two years. Resilience is more important than ever, and while the frontline of the business is ultimately responsible for testing operational resilience, risk management teams should provide independent review of the frequency and robustness of these. tests. They should also ensure that the business tests its resilience against a wide range of serious but plausible scenarios.
Digital technologies are transforming businesses, but the risk function is not a heavy user of advanced technologies, again hampering its ability to keep pace with change. Digital transformation also presents its own risks. Most companies have accelerated their digital transformation plans over the past year, but the ability of risk managers to assess the risks associated with cloud, artificial intelligence (AI), blockchain, automation robotic processes and other new technologies is still not where it needs to be. For example, only 49% of our respondents said they were â€œquite ableâ€ to assess the risks associated with their organization’s adoption of the cloud. This makes it difficult for the risk management function to question or provide information to business / IT leaders about the risks of digital transformation.
Risk management teams need to act faster. The use of technology can both accelerate the pace of change and lead to faster execution. Technology can automate many activities now performed manually and allow risk management teams to spend more time on preparation, while data-driven technologies can provide insight into new and emerging risks. Teams can avoid some problems before they arise and manage others with minimal disruption to the course of business. For example, risk management teams can leverage AI to index, assess, and alert the organization to new regulatory requirements, while analytics can be leveraged to uncover compliance bottlenecks.
However, to cope with rapid change, risk management teams need a robust platform from which they can scale and operate with agility. The ultimate goal is to integrate innovation, readiness and, ultimately, execution, supported by data and knowledge. Concretely, this means: 1) adopting and effectively using new technologies within the risk function; 2) bring new skills in modeling, analysis and technology to the team; and 3) forge closer ties with the whole company while maintaining independence to challenge business assumptions and practices.
Risk managers have made progress over the past two years, whether it’s understanding new threats or participating in growth initiatives, but that’s not enough given the increasing complexity of risk. . Unfortunately, there is no quick fix; Risk management teams need to keep experimenting with new technologies, while improving their understanding of digital threats, adding new skills, and building stronger connections with the rest of the business along the way. Those who prioritize readiness, resilience, and the extra effort will give their businesses more confidence in future growth and transformation initiatives.