Rules Navigator

Risk officers seek earlier influence on decisions, PwC survey reveals

Photo: Adobe Stock Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The 2023 US Risk Perspectives Survey from PwC shows that risk professionals are wielding increasing influence but need to be engaged earlier.

Research from PwC shows that corporate risk professionals are not getting brought in early enough in the planning of major projects.

The survey of 308 risk professionals from US companies with revenue exceeding $1bn found 54% seek to have stronger relationships with senior executives for greater influence. Only half of those surveyed reported being involved during the initial strategy or design stages for any given project. Only 9% are included from the start across all major initiatives, the rest report getting a seat at the table but arriving too late to influence strategy and design.

“Risk professionals are wielding increasing influence, though not consistently,” the report concluded.

The survey was conducted between March 9 and April 3, 2023.

Risk management

Risk professionals’ effectiveness across risk management activities is similarly uneven. A clear majority report “already demonstrating” that they bring risk insights to the CEO, the board, and senior leadership to shape key decisions. But that means a sizable minority are not (40%).

Interestingly 51% report they have more influence up the chain of command than they do in coordinating across all three of those lines of command. They report that they’re “not yet operating in a flexible way that facilitates collaboration across the three lines”.

PwC offers some advice on fostering greater collaboration. “Getting there requires establishing a single, shared view of risk across the three lines. That means establishing common risk standards and a single, integrated data model that can support those standards. Otherwise, you end up with reactive risk management silos often working at cross purposes, muddling the collective message.”

85% cite a quality versus efficiency result as their most significant data investment outcome.

Risktech

A majority of risk professionals (57%) reported seeing better decision-making based on risk insights as a result of tech applications. And 85% cite a quality versus efficiency result as their most significant data investment outcome.

These tech applications include advanced analytics, automated workflow solutions, AI/machine learning and governance, risk and compliance (GRC) platforms.

While the gains cited are a positive sign that tech tools are helping, it still means a large minority only report seeing a moderate improvement in risk management – or none at all – from these different applications.

The more significant positive outcomes from the use of such technology were in the areas of risk prioritization, new risk identification, and real-time identification of risk.

A clear majority of risk personnel said they have somewhat, little, or no involvement overseeing data risks with procurement, marketing and AI developer personnel.

Over half those surveyed report seeing significant improvement in how they manage risks as a result of their use of data in the areas of data security and privacy, cybersecurity, real-time fraud detection and prevention, and third-party risk management. But just under half of the respondents cite little to no improvement in areas like planning for regulatory change and supply-chain risk.

A clear majority of risk personnel said they have somewhat, little, or no involvement overseeing data risks with procurement, marketing and AI developer personnel. Fewer report seeing outcomes such as the lowering of compliance costs (30%) or personnel costs (25%).

A slim majority identify themselves as being either an “expert” or having “good theoretical knowledge and practical experience” in virtual reality, cryptocurrency, virtual environment tools and generative AI.

Although this is a great sign, a good number of risk personnel said they had some or little to no knowledge of the nine emerging technologies listed, which points to an area for skills development as these tech tools become more common and are steadily enhanced.

Best practices

PwC advises businesses to do the following to be more closely involved in these technologies going forward.

  1. Identify the emerging technologies most needed by the business and to implement practical, hands-on training on the tools and any risks associated with them.
  2. Identify areas of the business (like maybe procurement) that present the greatest challenges to overseeing data risks. Build relationships with senior leaders responsible for those teams and develop a mitigation plan.
  3. Take the lead in driving digital upskilling of the risk function and across the business, particularly in emerging technologies and related risks.
  4. Consider even supporting training on the most critical risk topics and risk technologies for the board.

, , , ,

You may also like