In a time of uncertainty, an effective integrated risk management function can allow businesses to drive faster – safely; rapidly innovating, growing and developing the business to meet the challenges of the market, but doing so in a managed, controlled manner.

Yet some organisations still rely on fragmented and siloed processes to manage their risk and compliance functions. Outdated modes of managing risk and compliance may not be able to keep up, and mistakes can begin to slip through the cracks. And in the era of a new reality of working, such mistakes may prove disastrous.

As part of an organisation's digital transformation agenda, cloud-based technology platforms are being increasingly leveraged by a variety of risk and compliance functions. This includes functions specialising in technology risk, cyber, enterprise, legal risk, and corporate compliance, amongst others. While this is generally aimed at increasing efficiency and effectiveness of these functions, one of key drivers is to improve the capabilities related to risk intelligence to build greater trust with both internal and external stakeholders. More than two-thirds (67 percent)of CEOs believe that acting with agility is the new currency of business and that if they are too slow they will become irrelevant. So what’s holding so many people back?

We’ve found 5 common reservations that executives hold about embracing risk and compliance transformation.

1. Fear

This function is already complex enough. We don’t need to make it more difficult to understand.


Management is better positioned to make informed business decisions when they have ready access to meaningful risk and compliance data. A clear view of risk and compliance information across the enterprise, combined with the potential to integrate your data with that of other business functions, can actually reduce complexity and enhance transparency. Organisations are automating manual processes, leveraging GRC technologies and interactive chatbots. These innovative ideas allow organisations to more efficiently deploy resources and enhance their control environment.

2. Fear

Technology-enabled risk and compliance transformations will be costly and time-consuming to implement.


In our experience, you’re more likely to lower costs in the long run. Plus, the increased competitive advantage you gain by modernising your risk and compliance functions may account for the initial investment in the program and technology enhancements. With the right target operating model you can focus efforts on validating not designing from scratch. Time to value is quicker with potential benefits including reduced headcount, real time risk information to make better decisions, improved customer trust and reduced exposure to fines. The powerful use of industry tested accelerators can be leveraged to drive impactful and sustainable transformation.

3. Fear

People will struggle to adapt to new ways of working.


Professionals want to work with the same generation of technology in the workplace that they’re used to having at home. New technologies enable the business to adapt, not hinder it. Living in an age of unexpected challenges may force organisations to rethink how they do business, and a technology-enabled solution grounded in leading practices can create flexibility in the face of such disruption and can be the foundation for continuous adaptation.

4. Fear

Automation will render my role irrelevant.


Actually, automating risk management can significantly improve your ability to be effective. Automating labour intensive, manual tasks can free up resource for the risk and compliance department to advise dynamically, constructively challenge, and conduct analysis more effectively. Rather than estimating what problems the company might face, you’ll have the data and insights with real-time risk reporting and more informed decision making. For example, trying to identify and manage insider threat risk at an enterprise scale requires significant resources and broad focus on seemingly disparate scenarios, including fraud, data theft, sabotage, and privilege misuse. By automating use case collection, an insider threat analyst can leverage data to identify those processes that have the most inherent risk and automatically recommend countermeasures that if deployed will result in acceptable residual risk. This in turn can grant you with a better ability to identify threats that could result in fines, and you can control the rising costs of risk and compliance, controls, and audit.

5. Fear

Out-of-the-box solutions won’t accommodate the specific requirements of our company.


People come to firms like KPMG because of our years of experience helping clients improve their risk and compliance functions. The technology and target operating models that KPMG member firms recommend have been designed by our professionals, leveraging decades of professional experience and leading practice insights, but we also take a consultative approach towards working with our clients – meaning we can tailor the solutions according to individual organisation’s needs. At a healthcare client, we worked with the stakeholders to leverage out of-the-box GRC platform capabilities and KPMG's Powered Risk framework to design a minimum viable product (MVP) to help enable the client’s management of policies, controls, risks, issues and audits. Our professionals can assist your organisation with the implementation of solutions that best fit its needs, providing you with the benefit of our experience and our full support throughout the transformation journey.

Considering the next steps in an increasingly competitive world filled with uncertainty and new ways of working, risk and compliance needs to be managed efficiently and effectively. It’s important to get things right the first time, rather than paying the price for mistakes. The question is, can you afford not to modernise? The task shouldn’t be underestimated, but as a global organisation, with risk practices in 29 countries throughout the world, we’ve learned how to provide advanced risk and compliance processes and technologies that meet our individual clients’ needs.

Transforming risk and compliance with KPMG Powered Enterprise | Risk

Powered Risk integrates our forward-looking view of risk management and deep industry knowledge with leading cloud technology. Powered Risk can enhance your risk and compliance functions by delivering better insights for business decisions, mitigating exposures, and providing quicker risk and compliance implementation than traditional approaches. Powered Risk is not just about putting the risk function in the cloud; it is a holistic risk transformation program that addresses every aspect of the risk operating model – across all lines of defence.


* Source: 2019 Global CEO Outlook, KPMG International

Key contacts

If you'd like to talk about how Powered Risk can support your Risk transformation or how you can mitigate risks facing your business, please contact us.