IT Exposing Businesses to Gaps in Risk Management

When executives were asked what technological change puts organizations at risk, failure of new IT systems to deliver expected benefits ranked as the highest concern in a PwC survey.

Business risks are rising across the board, with 75 percent of executives reporting increased risks to their business, according to a survey of 1,940 business executives and risk managers worldwide by PricewaterhouseCoopers (PwC).

Internal business changes intended to address dynamic market shifts have created a more complex risk landscape for businesses around the globe, and traditional risk management systems have not evolved fast enough to monitor, track and manage today's intensified risk climate, further compounding the problem, the report revealed.

A majority of executives foresee continued significant market changes that will dramatically impact their companies, particularly in three key areas over the next 18 months—half of survey respondents pointed to rapidly changing customer needs, 56 percent noted increasing regulatory complexity, and 58 percent cited technological change and related IT risks.

While improving competencies is an important step in closing capability gaps, survey respondents have made or are planning to make broader changes in the next 18 months, including 84 percent who plan to create a risk-aware culture, making risk management a priority for people at all levels of the organization.

The survey found that 82 percent plan to develop processes to identify and monitor risks, including non-traditional risks, while 79 percent plan to conduct more non-financial audits to ensure that emerging threats like cyber-security are being addressed and 79 percent plan to integrate risk and business strategies, ensuring that risk is factored into all strategic decisions.

"Executives are working to close the capability gaps they've identified, and agree that close collaboration between risk-related functions is vital to ensure a shared view of business risks across the enterprise," Brian Schwartz, PwC's US Risk Assurance Governance Risk and Compliance leader, said in a statement. "However, they may be missing a key issue—a sharp disconnect between top management and the risk and compliance functions. Not only are they disagreeing on the type and degree of key risks facing a company, but also about the organization's capabilities."

Indeed, the survey indicated concerns remain that collaboration among the three lines of defense (business units, risk and compliance, and internal audit) in identifying, monitoring and effectively managing critical risks is still not deep enough, with 60 percent of survey respondents concerned that a lack of collaboration could be exposing their company to capability gaps.

When asked what technological change puts organizations at risk, failure of new IT systems to deliver expected benefits ranked as the highest concern, cited by 53 percent of respondents. Other concerns include cyber-attacks becoming more frequent and sophisticated (47 percent) followed by lack of technology skills to support new digital technologies (34 percent).

"In response to these dynamic shifts in the market, organizations across all sectors are undertaking dramatic business transformations, altering their strategies and driving radical internal change," Dean Simone, leader of PwC's US Risk Assurance practice, said in a statement. "The impact of transformation is especially important because of its capacity to create cascading risk effects across many business activities and open capability gaps in risk management, particularly around data management, business strategy and technology."