Bumps in the road | KPMG | CA
image of dots for business transformation

Bumps in the road

Bumps in the road

The race to disrupt is on; yet as organizations rally to keep pace with new technologies, they must remember to manage the risks of transformation.

And that transformation can take many forms. For some, it is a shift towards digital labour by leveraging advances in automation and artificial intelligence (AI) to replace human workers in more routine or entry-level functions. For others, it is embracing data analytics, mobile technologies, voice and image recognition, and natural language processing to connect with their customers on a deeper level and through innovative channels.

True, many of these tools have existed in some form for years, but now that they have become more accessible and understood, they are driving transformations across organizations large and small.

Transformation speed-bumps

​For better or worse, disruption is unavoidable. To remain competitive, organizations must recognize and adapt to market innovations and technological trends.

Adaptation, however, requires new approaches; and in the pursuit of transformation, there are several risks to consider:

  • Cyber exposure: As more companies invest in the tools to gather and enrich sensitive data (e.g., operational data, customer names, credit cards, personal information), they are increasing their exposure to data leakage and theft due to both internal error and malicious cyber threat agents.
  • Regulatory / compliance: Doing business in the digital age means collecting, storing, and analyzing an increasing volume of data. Organizations must balance the need to manage that growing volume of data against the critical need to remain in compliance with evolving data and privacy regulations. Failure to adequately protect that data introduces the risk of legal penalties and reputational damage.
  • Scalability: It can be tempting to invest in the latest technology. Unless an organization is equipped to scale it up and control that new technology responsibly, however, they risk business disruptions and customer blow-back.
  • Taking shortcuts: Larger companies can be tempted to take shortcuts in order to out-innovate their competition, but checks and balances are typically in place for a reason. Being nimble and fast is one thing, but one must be mindful of the risks they are inviting by side-stepping traditional controls. After all, a fintech's failure in the financial sector may only affect a handful of stakeholders, but a transformative misstep by a larger bank could send ripples through the economy.
  • Inadequate controls: While machines can collect and read data with greater speed and accuracy, they lack the human ability to judge that data within the context of the organization (for now). Left unchecked, and without adequate controls and human oversight in the equation, mismanaged AI tools can produce errors and gaps that negatively impact an organization.

Innovating risk management

Chasing innovation means more than exploring new products and market models; it also means innovating the risk management framework in which new ideas are designed, implemented, and controlled.

​Traditionally, organizations have delegated risk management to internal auditors and risk management departments who would evaluate controls, assess potential risks, and take the lead in embedding enterprise risk management strategies across the front, middle, and back-office domains.

Today, the front office is beginning to take more ownership of the risk management process. No longer waiting for an internal audit to reveal potential issues, front-line functions like IT Infrastructure Management are designing their own risk management functions to proactively manage the risks of disruptive technologies. They are also receiving stronger support from internal auditors and other lines of defense, which are instilling new risk management processes and controls to support and fortify front-line defenses.

To facilitate faster innovation, organizations are also embracing integrated risk management frameworks wherein all major risks, controls, and compliance activities are tracked and managed through one Governance, Risk and Compliance (GRC) system. As such, when a disruptive element is introduced – be it blockchain technology, cloud-based services, or a shift to digital labour – it is measured and monitored with a unified strategy.

Enterprise-wide approach

While the front office has an important role to play in managing transformational risk, it's important to remember that the organization as a whole must integrate their attitudes towards risk governance across all three lines of its defense. That requires setting clear and mutual objectives around risk management and working as one team to establish a foundation upon which all stakeholders have a say and are doing their part to support an organization's ability to leverage emerging technologies to help enable the achievement of their business objectives.

In the race to disrupt, organizations must look beyond the finish line. It's not enough to beat the competition by adopting the shiniest technology. To be sustainable, organizations must empower front office talent and unite all departments to help ensure disruption is done right.

 

Staying Agile: ​Once upon a time, companies approached transformation by designing a strategy, gaining stakeholder approval, sending it to be programmed, and releasing a new system at the end of a long journey. Today, however, the speed of business has given rise to the concept of Agile Development, an innovation methodology in which companies design, develop, and implement new technologies lightning fast, filling gaps and managing customer expectations that evolve just as quickly. Agile development is a methodology worth embracing. It is also one which relies on an integrated risk framework and a front office with the capability and controls to manage risks proactively from the front-line.