5 actions to drive risk management capabilities forward

Talent management, supply chain, regulatory compliance, cyberthreats — the risk environment in which organisations operate is constantly changing.

In this unstable business climate, executives are revising and adapting their strategies and operating models at a fast pace. They are trying to manage disruptions and deal with internal digital transformation challenges simultaneously.

The 2022 Global Risk Survey from PwC, which collected data from 3,584 business, risk, audit, and compliance executives in February and March, details how strong risk and resilience capabilities can provide an edge and how business leaders can make confident decisions that are informed by a panoramic view of risk.

Here are five sets of actions recommended by PwC that organisations should consider to drive their risk management capabilities forward:

1. Engage early and get risk insights at the point of decision.

• Make risk management part of strategic planning, business decision-making processes, and large-scale transformation initiatives.
• Collect diverse risk insights by forming a risk community of solvers to keep up to date on key risks and related analysis.
• Conduct strong scenario planning and modelling capabilities to address key business risks.

2. Take a panoramic view of risk.

• Mine key risk indicators (KRIs) from internal and external data for real-time risk intelligence.
• Take advantage of data availability and risk tools for a broader view of the rapidly evolving risk landscape across all three lines. PwC defines the three lines as data analytics, process automation, and technology.
• Establish risk-monitoring capabilities and escalation procedures to respond to rapidly increasing risks.

3. Set and employ risk appetite to take advantage of the upside of risk.

• Establish a clean and simple risk appetite statement to clearly articulate how much risk the company is willing to take in pursuit of strategy.
• Educate risk owners on how to leverage risk appetite as they make business decisions.
• Invest in risk culture training and awareness for all employees.

4. Enable risk-based decision-making through systems and processes.

• Employ a governance, risk, and compliance (GRC) technology platform to enable a consistent approach to risk management across the three lines and be the single source of truth.
• Leverage a singular risk assessment approach to drive consistency in the identification and prioritisation of key business risks.
• Establish strong relationships across the three lines to clearly define roles and responsibilities related to risk activities.
• Establish reporting and data requirements defined by both business and risk leaders.

5. Double down efforts on top risks.

• Perform an interconnectivity assessment over key business risks.
• Facilitate deep dives into mitigating activities over key risks.
• Develop and exercise robust business continuity and crisis response plans.

According to the PwC survey, when organisations embrace risk management capabilities as a strategic organisational capability, board and executive confidence in achieving sustainable outcomes is high. "[Boards and executives] are five times more likely to be very confident in delivering stakeholder confidence, a growth-minded risk culture, increased resilience, and business outcomes," the report said. It added: "They're almost twice as likely to project revenue growth of 11% or more over the next 12 months."

— To comment on this article or to suggest an idea for another article, contact Kevin Brewer at Kevin.Brewer@aicpa-cima.com.