Some see risk. We see opportunity

In a rapidly changing global landscape, emerging risks are affecting businesses more than ever before. Organisations need to get on the front foot of risk, with a risk management framework that is embraced from the Board to the front line.

A holistic approach to managing risk can help create sustainable growth. It can help management achieve its business goals, enhance innovation, build credibility and achieve business resilience.

To accomplish this, organisations need to reimagine their approach to risk – and evolve the way risks are managed from ‘reactive’ to ‘offensive’. Risk connectivity needs to be considered. Leveraging technology and data to align and bring risk to the front line decision-making processes is key.

From culture to governance, technology to data insights, KPMG takes a robust approach to help organisations reimagine risk. KPMG’s approach brings risk back to the front line and helps organisations be proactive or on the offensive - spotting potential risks early, having useful and relevant data, gaining early insights and making good strategic decisions to achieve better business outcomes.


Organisations need to seize the opportunity in every risk and find value in each risk decision, to create sustainable businesses that ultimately maintain stakeholder trust.

In an Australian Financial Review special report, along with the KPMG article series, we explore how organisations can evolve risk management and turn challenges into positive outcomes for their business, stakeholders and customers.

Risk functions need to be reimagined

With the breakdown of public trust across many industries, politicians and regulators are increasing oversight, regulations and compliance. This has a real impact on businesses in the form of increasing costs and the divide between the risk management process and business operations.

To regain trust, the board, management and operations need to align on risk – in a cost effective manner. And to do this, it’s vital to evolve the way organisations identify, manage and report on risk. The key is to seize the opportunity in risk, and find value in each risk decision to create sustainable businesses that maintain or regain community trust.

In reimagining the risk business function and processes, organisations need to utilise emerging technology and its use of data so there is one single source of truth used for business information, second line of defence compliance and reporting, and for internal and external assurance.

To achieve the right outcomes, organisations should be considering these key questions: 

  • What is the organisation’s risk appetite and the longer term view?
  • Who is responsible for risk management?
  • What is the best technology platform and how can data play a role?

Find out how an organisation can reimagine their approach to risk.

Risk in the real world

It nearly always takes a significant risk event to occur before the status quo is challenged and people realise that risk should be done better. Risk management often fails because it’s removed from the front line, is operating in an increasingly complex compliance and regulatory environment and an inability to correctly interpret the huge amount of data.

Moving from ‘theory’ to ‘reality’ so that risk appetite, culture and operational risk resonate at all levels from the board to the front line requires understanding risk in the context of ‘real world’ tangible scenarios. To bring a risk appetite document to life and make it real and applied within a business, the use of scenario planning and technology is required.

Scenario planning workshops can help across risk at three levels: emerging/strategic; corporate or tactical; and operational. A board may focus on strategic risk such as trade relationships, while management focuses on corporate reputational issues, and sales staff focus on risk in customer service activities.

If organisations embrace scenario planning and technology to make risk ‘real’ and bring it to the front line, everyone across the business can contribute to, and access the same data. Staff of all levels can see how risk and reward work together, and make better risk-aware decisions as a result.

Explore how risk technologies can close the gap between board strategy, corporate decisions and operations risk.

Data for a proactive approach to risk

Organisations can empower decision making, regulatory reporting and customer relationships by embracing the power of data and analytics and get on the ‘offensive’ with risk. Being on the offensive means having useful, reliable data that shows up known and potential risks early, and can be used to help make decisions that protect the organisation. Data can provide early insights to help drive better decision-making resulting in superior outcomes for all. But quality data is key.

Data can add an element of risk. Data is fast becoming an intangible asset and organisations need to take technical measures to safeguard data, raise awareness across all levels of the organisation and ensure a data strategy is adaptable to the privacy challenges ahead. The volume and speed at which data is moved also adds risk elements.

To utilise data as an offensive risk management tool, organisations need to assess their current level of data sophistication and map out steps to data maturity. As a starting point this could mean identification of disparate sources of data and truth or systems that are not ‘talking to each other’ to provide any real value or insights.

We can help progress the business to develop robust, ethical, and integrated data that can be used to get on the offensive with risk.

Discover how being on the offensive can improve customer outcomes and has benefits for employees.

Evolving your Governance, Risk and Compliance processes

Organisations can’t exist without accepting the risk in chasing the market opportunity. In order to attract capital investment, debt or Government funding a return, financial or otherwise, is required at the same time, to operate within an acceptable risk appetite entities need to identify, assess, manage and monitor the risks.

Some form of technology enabled process and system to help the board and management keep their finger on the pulse of what’s happening across the business is becoming essential. Governance risk and compliance (GRC) technology helps businesses obtain insights and trends over what is happening in their business thus enabling better business decisions.

There are three ages of GRC solutions, the first being on-premise licence solutions with some of the bigger GRC systems where the starting point for this process is easily into the millions. The second option is software-as-a-service (SaaS) which requires a degree of configuring and set up for each business. Thirdly there is a managed service – SaaS plus maintenance, upgrades and support.

For organisations with specific demands or requirements for their GRC system we have developed Powered Risk. Powered Risk is KPMG’s flagship offering for risk transformation, integrating our forward-looking approach to risk management with deep industry knowledge, leading cloud technology and global delivery capabilities.

Explore GRC, and the benefits of a managed service.

Emerging technology risk

New and disruptive technologies such as artificial intelligence, machine learning, Internet of Things and automation are helping to deliver better outcomes and experiences for employees and customers, and at lower costs. The flipside however is that these emerging technologies are changing the risk profile.

This is front of mind for many CEOs yet risk managers are rarely in a position where they can effectively prepare the organisation. They need the right capabilities and understanding of the underlying algorithms to properly assess and manage the risks.

Five key questions every board and C-suite should be asking about its approach to emerging technology risk: Is our risk framework up-to-date and fit for purpose? Does our risk team have the appropriate skills? How do we ensure risk management allows maximum returns? What data points do we have to provide oversight? Have we assessed the risk exposure from our third parties?

The benefits and value of emerging technology to customer, supplier, employee, financial and risk outcomes are clear and undisputable – but taking a pragmatic risk lens to using emerging technology from the outset is a must.

Learn how organisations can embrace the benefits of emerging technologies while managing the inherent risks.

AFR roundtable discussions – October 2019

AFR Special Report: Risk reimagined

Organisations need to continue to transform the way risks are managed – leveraging technology and data insights. This topic, along with emerging technology risk, was explored during a recent Australian Financial Review and KPMG roundtable on reimagining risk moderated by AFR Contributor James Dunn. Participants included:

  • Robb Eadie, Global Chief Risk Officer, BHP
  • Anne O'Driscoll, Non-Executive Director, Steadfast Group Ltd
  • Jason Smith, Board Director, Risk Management Institute of Australasia
  • Kevin Smout, Global Lead Partner, Governance, Risk & Assurance, and Risk Strategy & Technology Partner, KPMG
  • Zoe Willis, Former KPMG Partner.

Organisations are starting to understand the ability of the risk function to add value to the business, to enable them to make smarter business decisions, and to contribute to sustainable business growth.

Key highlights

Organisations are starting to see the opportunity that risk can offer, not just the threat.
  • Human intelligence will power machine earning – Technology is playing a major part in the evolving nature of organisational risk, but the real value lies in its ability to empower people.
  • Opportunity evolves in the digital age – The velocity of technology will change and represents one of the biggest threats to today’s businesses.
  • Data's big grey line – In the race to harness emerging technologies, leverage data and innovate, it is easier to forget about associated digital governance and the new emerging risks this information explosion brings.

How KPMG can help

Organisations need to continue to transform the way risks are managed – leveraging technology and data to help align and bring risk alongside the front line decision making processes.

Reimagining and repositioning risk helps align strategy and risk appetite set at top levels of a business. Then through embracing technology and the use of quality data a business establishes the foundations for risk management to become a real value add and opportunity. This holistic, proactive and technology driven approach has vast benefits for the organisation, customers, staff, shareholders and the community in which it operates.

KPMG’s Risk teams bring together risk specialists with specific industry and technology expertise, working with clients to: link strategy to corporate level and operational risks; evolve governance and risk frameworks; utilise the best technology solutions to increase the efficiency and effectiveness of the enterprise risk management approach; and embed the chosen risk appetite and culture with in the business.

Meet our experts