The challenge is to discover, in a time of considerable uncertainty, the confidence to make decisions about the best strategic moves. Because there are risks that you need to take – the upside risks that, if embraced, can actually enable you to reach your goals. These are the transformative opportunities at the heart of the transformative age.
The biggest risk organizations face today is the risk of being too slow or doing nothing at all. To understand which risks can be turned into opportunities, organizations need to understand how disruptive forces could impact every part of their value chain.
Chapter 1
Creating value in the transformative age
Moving from avoiding to embracing risk.
At the start of any value chain is an idea — a concept for a business, a product or a service. To exploit this idea and turn it into a value-generating reality takes a combination of the right assets, talent and culture. The strategic direction of any organization can be shaped by changes to any of these, and digital is increasingly a core enabler to unlocking their value — no matter which part of the organization they inhabit.
The benefits facilitated by new digital technologies are being unlocked in two primary ways:
- By optimizing your existing business processes to improve efficiency
- Through innovations that can create entirely new business models
The challenge for established organizations is to get the balance right between the two: optimizing what should be optimized, and innovating intelligently and aggressively by identifying the right ideas to drive long-term value. Leading organizations are working to solve this conundrum and enter a state EY likes to call innovator’s duality (pdf) — successfully maintaining current lines of business and revenue while simultaneously developing new ones.
To achieve this, organizations should look to embed risk management throughout their value chains, from strategy and ideation to execution and value delivery. Through this approach, digitally-powered agile risk management becomes the ultimate enabler for supporting a flexible and responsive organization. If an organization truly understands its risk, it can seize opportunities with confidence, maintain stakeholder trust and deliver strategic value.
From avoiding to embracing risk
Today, risk management is often focused largely on risk avoidance — looking to the past to stop what has gone wrong and preventing that from happening again.
Risk functions of the future will need to be purpose-led, helping organizations and leadership calibrate their risk appetite by using strategic objectives to focus on opportunities for long-term value creation. To enable this, companies should shift risk monitoring from individual processes to focusing across the value chain — ensuring they understand the impact of each decision in its strategic context. And by predicting and responding to events in real time, they can be more agile in their decision-making.
Organizations who succeed will have developed a dual strategy that helps them build the confidence to seize upside opportunities while also better protecting themselves from downside risks. It is about understanding risk in context of both the potential loss and the potential value creation.
Through a deeper, stronger understanding of their risks and opportunities considered alongside their strategy, organizations can have the confidence to make the right strategic decisions. And basing these decisions on robust analysis means they can take stakeholders — throughout their value chains — on the journey to turn ideas into competitor advantage.
Chapter 2
Delivering value in the transformative age
Focusing on the right risks.
Digital is allowing stakeholders unprecedented transparency and insight into how businesses operate and who they depend on for success. In the transformative age, trust is the bedrock on which value is created.
But trust cannot be built in isolation — it is a team effort that requires every part of the value chain to work in harmony. This means it must be designed, built and protected with purpose.
The definition of value has shifted. Convenience, predictability, availability, performance and connectivity — and the potential for each of these in isolation or combination to affect other parts of the value chain — can now be more important than price.
For example, the availability of real-time data on shifting patterns of risk can see ships be re-routed to avoid storms, helping provide more secure and certain just-in-time delivery of key components. These changes can both drive trust and create tangible savings, creating new opportunities for other stakeholders in the wider value chain.
Players across the value chain must embrace this new definition of value if they want to fully benefit from the upsides of disruption. But they also need to be aware of the potential downside risks.
If an incident impacts any part of your business ecosystem, trust can be lost — up and down the length of your value chain, as a domino effect kicks in. A minor cybersecurity event at a third-party IT services firm in one part of the world can quickly become a major risk for a consumer services provider in their home country. Risk is no longer siloed, so the response can’t be either (pdf).
Related article
How to focus on the right risks
With this constantly changing risk landscape, internal priorities must also change to place greater emphasis on emerging risks and vulnerabilities. While better technology can lead to more efficient operations, it can also open up companies to heightened levels of risk exposure (pdf).
We have already seen front page news about misuse of data — because as ever, opportunities go hand-in-hand with risk. As customers and stakeholders become more aware of the ways their data is being handled and used by corporations, and more aware of their rights around it, mismanagement (real or perceived) will be heavily punished through the erosion of trust, leading to lost sales, reputational damage and a loss of market value.
This is why today, risk investments are often focused largely on designing controls, compliance efforts, risk mitigation or avoidance activities. But with the right analytics, tools and risk analysts in place, the unprecedented and constantly growing amount of data can enable organizations to better balance efforts to react and mitigate risks with efforts to enhance and grow trust.
Companies that can predict and address potential concerns about emerging risks are building a whole new way of working built on trust, feedback, services and product provision. Rather than reacting to risks when they happen, they predict them in advance and build in digital trust by design (pdf).
Chapter 3
Building in trust by design
Managing regulation, technology and talent.
No matter how sophisticated new digital technologies become, assuming they can help address every challenge and mitigate every risk is still an attitude for the realms of science fiction.
In EY’s global corporate reporting survey, 72% of respondents indicated that the need to align reporting with a continually shifting framework of reporting standards and regulations was a challenge.
In the face of a tightening regulatory landscape, from the arrival of macro-level regulatory frameworks (like the EU’s incoming GDPR or the China Cybersecurity Law) to a wider array of function-specific regulatory changes (like the digital transformation of tax reporting), knowing where your data is, who has access to it and how it’s being used will be critical for remaining compliant with the laws of every jurisdiction in which you operate.
But there is also an upside risk — that smart data governance can ensure smooth, efficient business processes and accurate reporting of insights to the board and other strategic decision-makers.
To make the most of this opportunity and ensure compliance is a benefit rather than a chore, many organizations are turning to more digitally enabled approaches. These run from internal audits and digital due diligence on M&A deals to the emergence of new, digitally enabled forms of anti-fraud processes, like Forensic Data Analytics (FDA).
Additionally, more sophisticated visualization platforms are helping executives and boards establish the whats, wheres and hows of governance and audit procedures, enabling them to unlock the strategic value of what were previously sometimes seen as routine assessments.
Developing sophisticated systems of risk management and internal audit will also, at their core, increase confidence in the organization. Clearer visibility of potential risks will enable them to be rapidly addressed. This in turn can promote a relationship of trust with customers, internal stakeholders and the broader public alike.
The limits of technology
Technology alone cannot provide the full solution: it needs skilled and diverse users (pdf) if real value is to be generated. Indeed, digital tools can pose their own risks if improperly used, amplifying biases and reproducing outcomes that will reinforce existing patterns of discrimination. To derive true insight requires a human layer of expertise, experience and skepticism.
Companies must stop thinking about digital as an optional extra that can be bolted on to the existing business structure. It’s no longer good enough to do digital. Companies who want to make digital central to their purpose have to be digital.
Just as you need to know how digital transformation is impacting your entire value chain to truly understand how to respond in ways that can unlock maximum value, so too you need to consider your organization and its business ecosystem in a holistic way to ensure you’re optimizing for growth. This may mean reskilling or bringing in new talent. It may mean rethinking organizational structures and partnering with a broader ecosystem to maximize the benefits of new opportunities. It will probably mean identifying the best technologies to help you — but it will never be a matter of technology alone.
And, most importantly, every business is different. There is no one-size-fits-all solution.
While the waves of change of the transformative age are impacting every business in every industry, different organizations are being affected in different ways, depending on their own unique circumstances. And those circumstances are constantly shifting.
Every business should ask itself these questions:
- How is our risk function engaging with the board and C-suite to provide strategic insights to maximize value?
- Is our risk culture evolving from complete risk avoidance to making confident strategic moves?
- Do we have a good understanding and management strategy across risk categories — downside, upside and outside?
- Are we continuously scanning the risk landscape and responding? Is our risk mitigation approach shifting from reactive to predictive response strategies?
- Is our risk function disrupting itself along with the organization’s digital transformation? Do we have the right culture, skill sets, technologies, data, structures and ecosystem partners for the future?
Thriving in the transformative age
The most successful organizations of this era of rapid change will have a relentless focus and fundamental belief in their purpose, culture, values and principles. They will have the ability to identify, incorporate and utilize best practices from both internal and external sources to facilitate the development and delivery of the highest-value products and services. To do so, they need to understand the need to manage emerging downside risks to sustain trust while balancing the need to embrace upside risks with confidence and continuously evaluating outside risks.
The mindset of digital disruption is not one of threat, but of opportunity, one of embracing volatility with confidence. This is why ensuring your risk function is fit for the future is such a vital part of thriving and delivering value in the transformative age.
Maintain stakeholder trust by understanding your risks and seizing opportunities with confidence. Discover more insights about digital trust.
Summary
Digital disruption is an opportunity, but only if your risk function is fit for the future.