How do you plan for something when you can’t see it coming?
It’s a familiar frustration for senior executives in a business world of ever-increasing unpredictability, with potential risks seemingly coming from all directions. And sure, there are plenty of advanced technologies and rich new data sources that promise to help stem the tide on risk. It’s just that, well, sometimes it feels like what you really need is a time machine.
But keep time travel on the back-burner for now. More and more leading companies are successfully finding ways to identify and plan for risks—often right as they emerge—by leaning into that advanced data and tech to more rapidly model scenarios and responses, and stay ahead of any potential “mission impossible.”
That matters more than ever today because the risk portfolio just continues to expand in an ever-more-interconnected business world. To respond and mitigate those risks, companies are using advances in areas such as artificial intelligence (AI), intelligent forecasting, and data modeling to establish an enhanced and more agile enterprise risk management (ERM) framework, as KPMG has outlined in several recent reports.
Here’s a closer look at the leading practices and successful approaches we have seen, in four key areas.
To stay on top of both risks and opportunities, leading companies are deploying sophisticated new approaches to their foundational data, layering on advanced analytics methodologies that provide multidimensional surveillance of their internal systems while also monitoring how those systems interact with the outside world. For example, and at a high level, an advanced ERM framework might look like:
1
2
3
Getting this foundation right can enable step-by-step advancement of ERM programs, as illustrated by a real-world example of a life sciences company that we outlined in one recent KPMG report. By establishing a robust risk data taxonomy, the company improved its visibility and understanding of risk through ready access to data at an enterprise, country, and business-line level. This ability to view risk data at both an aggregated and disaggregated level now allows the company to handle risk management—and the related decisions—across all levels of the enterprise.
The qualitative data in people’s minds can be valuable in identifying risks and opportunities, and can be extracted through surveys, interviews, or group workshops. Four different approaches can help:
1
2
3
4
#3: Align the organization
Data, technology, and human foresight work best together when the right organizational structures are in place. Structures that foster a nimble work culture allow quantitative and qualitative information to flow more seamlessly, in an organic feedback loop rather than a top-down hierarchy that can stymie information and ideas. This can be accomplished in two ways.
First is the idea of combining “command and control” with community. The command and control structure describes the official authority structure, rules, and hierarchy that shape interactions within an organization. The second approach is a focus on learning together as an organization. When viewed as a system and not a machine, an organization can be viewed as a “learning organization”—one in which people are responsible, curious, and working together to create results they all care about. Collectively, they stay in touch with emerging issues and problem-solve more quickly together than they would as individuals.
Managing risk these days means moving quickly and making sure your ERM approach is as sophisticated and agile as all those potential in-bound threats. But most companies today simply do not have all the internal expertise they need today, and especially with cybersecurity and advanced technology skills continuing to be at a premium.
Indeed, in one recent KPMG survey of 800 executives (CIOs, COOs, CFOs) and security leaders, cybersecurity and risk management were identified as the top concerns—but more than 75 percent of the respondents said their companies weren’t prepared to handle the challenge. The gap in capabilities has led to a vicious cycle of errors and a backlog of cleanup tasks that drains staff resources and leads to (you guessed) more errors and cleanup work. Who has time to identify new risks when they’re cleaning up problems from threats that have already materialized?
Against that backdrop, 8 in 10 of the executives in our survey said they are looking to get or expand help from trusted managed services partners who can rapidly deliver the advanced technologies, domain expertise, and tried-and-tested risk management frameworks.
Dynamic risk management
Turning risk into opportunity with data automation.
Cybersecurity considerations 2023
The golden thread
Implementing tech and data-driven compliance
Forward focus for ethics and compliance
Turn insight into opportunity with unique perspectives and actionable insights addressing the burning issues atop the C-suite agenda. Delivered monthly.