{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
Faced with uncertainty, risk leaders struggle to prepare
Risk executives are accustomed to uncertainty but now find themselves in completely uncharted territory. About nine in 10 say managing new risks, complying with new regulations and attracting and retaining talent are barriers to achieving their priorities, according to our October 2024 Pulse Survey.
The November elections aren’t helping, and most risk leaders expect more business litigation, regulation and executive orders regardless of who’s president (82%, 78%, 75%). Further, nearly half strongly agree that a contested election would be a distraction for their company.
Preparing for the unknown requires agile risk management capabilities. Even so, only 11% say they’re spending significantly more on proactive risk management measures than on reactive measures. And within that group, they may be investing proactively but not in the right places or they may not be hedging their investments thoughtfully. How can they — or anyone, for that matter — adequately prepare for what’s unknown and unknowable?
Talent gap, other obstacles make a difficult job harder
The burden of managing an organization’s evolving risks is hard enough with the right people, resources and tools, and half of the risk executives in our survey (53%) say attracting and retaining talent within their function is a significant obstacle to achieving their priorities. About as many say the same about using technology and automation effectively, balancing in-house risk management with external consultants and day-to-day tasks that take time away from strategic planning.
53% of risk leaders say attracting and keeping talent is a significant obstacle to achieving their priorities
Other issues are equally daunting. Roughly half of risk executives cite as a significant challenge their efforts to comply with new legislation and regulations, manage new risks, and communicate to the C-suite and board how the election may affect their company’s risk profile.
How can risk leaders — stretched as thin as they are — escape this self-reinforcing cycle of playing catch-up? Transforming their function to overcome these gaps in people, bandwidth and capabilities will be essential.
What you can do
- Build risk-oriented scenario planning as a core competency. Practice scenario planning to assess the potential impacts of regulatory change and emerging risks. Identify capability weaknesses and work to proactively address gaps.
- Create a roster of subject matter specialists. Understand gaps in skill sets to address emerging risks and regulations. Hire or identify other sources to fill the gaps. Consider professionals in other areas of the organization that can lend knowledge and experience where needed, as well as outside specialists that can support in a “phone a friend” type capacity.
- Bring your resources together to free up budget for new risk areas. Recalibrate your mix of onshore and offshore models to limit the cost and downtime of keeping talent on the bench. You might, for example, scale up skilled control testers in low-cost locations with proper tools and oversight, then leverage this centralized control testing team across all three lines of defense. Budget saved can be reallocated to the agility and experience needed for the future.
- Reengineer and automate existing risk processes. Eliminate manual, disparate workstreams and terminology that often differ across the three lines. Actively explore and implement technology solutions that can streamline these processes and provide real-time insights for informed decision-making, freeing up capacity to focus on managing new and emerging risks and regulations.
Overspending on response versus readiness
Risk executives are wired for readiness. They know the value of planning ahead and investing in proactive risk management measures like frameworks, programs, technology and data insights — before a crisis happens. The alternative, resorting primarily to reactive measures (e.g., response, customer care, remediation, litigation and fines), is unsustainable and self-defeating.
Only 11% say their company spends significantly more on proactive risk management efforts than on reactive efforts
But aspirations and reality often diverge. The vast majority of risk leaders (84%) say their company’s spending is in the middle — spending about the same on reactive and proactive efforts or slightly more on either. Very few (11%) are in the sweet spot of investing significantly more on proactive steps. What’s more, those numbers likely underestimate the true cost of reacting. While proactive spending sits in the risk leader’s budget and is easy to track, reactive costs are dispersed across the business — legal, communications, operations, IT, product, marketing, government relations — and include harder-to-quantify costs such as lost opportunities and reputational damage.
For that matter, spending on proactive measures can be misleading, too. Investing in readiness won’t help if it’s focused on the wrong risks or isn’t nimble enough to adapt to new conditions. True readiness requires a deep understanding of the risk landscape, one that informs the company’s risk management strategy, the people it hires and the processes, systems and tools it adopts.
What you can do
- Confirm regulatory change management processes are in place and operating. To get ahead of what may come, make sure your organization has adequate regulatory change management capabilities and that there are open and frequent lines of communication with risk leaders.
- Align risk management with business strategy. Highlight to other executives the strategic value of resilience investments, including the link between resilience and innovation. Contrast that against the strategic cost of relying primarily on reactive measures.
- Foster risk-informed decisions. Get ahead in addressing external threats by using risk insights and scenario planning to shape management’s approach to resilience.
- Begin to track the cost of noncompliance. While challenging at best to account for all the money spent on fines (global, national, local), litigation, settlements, etc., understanding the cost of noncompliance is essential for your organization to properly allocate its compliance and risk management budget. Without this starting point, you can’t determine the ROI on these investments.
Election complicates risk outlook, planning — now what?
Election uncertainty is exacerbating an already daunting risk landscape. More than eight in 10 risk executives say the election’s outcome will affect their company’s business decisions around trade, regulatory compliance, strategic partnerships and M&A. Nearly as many expect more business litigation, regulation and executive orders regardless of who’s president, and half (49%) strongly agree a contested election would distract their company. As for specific policies, risk leaders say climate and technology, AI and data regulation are among the top 3 policy risks under a Harris administration. Under a Trump administration, risk leaders cite antitrust and tech, AI and data regulation.
75% expect more executive orders regardless of who’s president
To prepare, most risk executives (89%) say they have contingency plans for managing risks based on the election’s outcome. They’re also monitoring election-related risks to their company’s location strategy (89%) and supply chain (79%).
Yet this seems potentially at odds with the previously noted challenges to their ability to comply with new regulations, manage new risks and communicate how the election may affect their company’s risk profile. How can risk leaders effectively plan for and monitor election-related risks if they’re having significant trouble managing and communicating some of those same risks, not to mention attracting and retaining the talent they need?
What you can do
- Find your allies. Team with legal and government relations to help decode the regulatory uncertainty. Engage with business leaders to know what’s happening on the ground so you can translate events and give insights.
- Recruit and develop leaders from nontraditional backgrounds. The traditional CRO skill set may no longer be enough. Finding new talent may mean looking outside the risk world for business leaders who can become risk leaders. They may not know all the compliance requirements, but their leadership skills can potentially transform the role.
Get access to the complete survey responses and data
View the main Pulse survey
Executive takes on Election 2024
About the survey
Our latest PwC Pulse Survey, fielded September 12 to September 19, 2024, surveyed 709 executives and board members from Fortune 1000 and private companies about the current business environment, the risks executives are facing and their company’s strategic plans and priorities. Of the respondent pool, 72 were risk leaders.
Past surveys
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Follow us
