The benefits of a digitally fit risk function

Risk functions that are up to speed with organisations’ digital initiatives are better able to manage risks in a transformative time.

If people ignore their body’s signals and regularly fail to get proper rest, nutrition, and activity, they can become sluggish, get sick — or worse.

If risk management functions at companies fail to maintain digital fitness, they can become obsolete, especially in a digitally transformative business environment. The differences between companies with digitally advanced risk management functions and those that lack digital fitness are stark, according to an annual global report by PwC.

Companies with high-performing risk functions from a digital perspective — labelled in the survey report as Dynamics — have a distinct advantage over those classified as Actives or Beginners. Dynamics ranked in the top quartile across several dimensions, Actives in the next quartile, and Beginners in the lower half.

Brian Schwartz, a PwC partner who oversees the firm’s US governance, risk, and compliance enablement solutions, said that Dynamics were characterised by having risk functions in lockstep with their organisation’s digital transformation. Actives are taking steps to become more digitally fit, and Beginners are using digital means to manage risk on an ad-hoc basis.

A year ago, PwC’s Risk in Review Study focused on how leading companies embedded risk management into their innovation processes. This year, the focus was on how the digital fitness of a company’s risk function could produce a multiplier effect. Companies with Dynamic risk functions separate themselves in the following ways:

  • Their digital transformation efforts can move faster. This occurs “because of the connectivity they have with the risk function”, Schwartz, the Risk in Review Study’s primary author, said.
  • They are more confident in taking risks. Dynamic risk functions feed in more appropriate data that aids in decision-making, Schwartz said.
  • They more effectively manage transformation-related risks. Examples of these types of risks include cybersecurity and data governance. If you’re going to create a new app for customers, you have to have a clear view of how that customer data is being managed and secured.
  • They achieve a higher return on investment from digital initiatives. A digitally fit risk function can help companies “quickly evaluate whether the digital initiatives are paying off and ultimately give the company better ROI”, Schwartz said.

What does the digitally fit risk function look like? Dynamic risk functions exhibit several distinct habits, according to the report. One key trait: being up to speed with the rest of the organisation’s digital plan. “Dynamics make sure they understand the organisation’s digital strategy and then align their own function’s digital strategy accordingly,” the report said. “The organisation’s pace of innovation sets the pace for the risk functions.”

John Merino, the chief accounting officer at FedEx Corp., said in the report that being more digital helps a risk function be more responsive and engaged. “It allows comparison and correlation of things that traditionally didn’t connect in a way that is very provocative and powerful,” Merino said. “You can see through the haze with much more clarity to identify things of relevance.”

Schwartz offered an example of a way that a digitally fit risk function can help cut through that haze Merino mentioned. A company that uses software specifically for governance, risk, and compliance (GRC) can have all functions of a company entering findings into a GRC portal, where data can be turned into risk insight and analysis. “Using digital tools helps you to see the full picture of what’s going on,” Schwartz said. “Those tools help drive clarity.”

Companies with digitally fit risk functions not only have tools in place to collect information; they’re taking steps to share that information with stakeholders such as their board of directors in easy-to-understand ways. The report showed that 82% of Dynamics use digital dashboard or visualisation tools for comprehensive and strategic risk reporting to the board, compared with 43% of Actives and 23% of Beginners. Additionally, 79% of Dynamics influence strategic decisions about digital initiatives, compared with 48% of Actives and 24% of Beginners.

“Risk functions that don’t increase their digital fitness will quickly lose their relevance with their stakeholders, with their board, and with the company as a whole,” Schwartz said. “Risk functions that aren’t taking action to become digitally fit have a limit on the value they can create for their companies.”

The PwC report also found a correlation between revenue growth expectations and digitally fit risk functions. Among Dynamics, 66% said their organisations met or exceeded expectations of revenue growth, compared with 43% of Actives and 26% of Beginners.

Digitally fit risk functions are also more attuned to talent needs, whether it be through training current workers or seeking new talent. Companies in the Dynamic category are far ahead of peers in areas such as application of performance metrics and talent management programmes. On the talent front, the PwC report recommends that companies:

  • Assess the risk function’s current talent to identify gaps.
  • Invest in data science skills.
  • Consider outsourcing talent to accelerate digital fitness.
  • Upskill or recruit resources to serve as data analytics citizen developers while training the broader team as citizen users.

The report used responses from more than 2,000 executives in 99 countries.

— Neil Amato ( is an FM magazine senior editor.