Navigating risk and compliance
Expectations on risk managers continue to evolve as the risk and compliance environment becomes more complex.
Technology, the economy, ESG, cyber security, supply chains, and geo-political relations (to name a few) must be monitored and managed 24/7. Not to mention changing government regulations and the resourcing impact of international conflict.
Internal risk management challenges
While the external issues are what they are, internal issues bring their own hurdles. Risk managers are needing to do more with less.
There is increased pressure to find a way to navigate legacy systems with finite staff and budget resources, while providing a deep level of knowledge across the breadth of an organisation’s risk areas. All this, using tools that struggle to deliver on growing business expectations and needs – more insights, deeper subject knowledge and real-time answers.
Of the 97 ASX 100 companies that report sustainability performance, 90% acknowledge climate change as a risk to the business in annual or integrated reporting (as compared with 80% in 2023). In annual or integrated reporting, the percentage of companies that describe social risks has dropped since 2023 (from 84% to 79%), while the percentage that describes governance risks has risen (77% to 81%)1.
Expanding risk management practices
It’s easy to see how risk teams on any level and in any organisation might feel overwhelmed and under pressure. Yet there is a reticence to outsource risk support, with a common belief that any external assistance will either cost too much or lack the level of internal knowledge required.
But, as we’ve seen with internal audit in the past, business expectations on an in-house team to be subject matter experts across all operations, and then act effectively, can become an impossibility without external support.
Accessing specialist knowledge that seamlessly fits with internal practices and systems can take the pressure off GRC management and reporting. It will also uplift an organisation’s maturity in risk management by bringing new layers of knowledge and skills to the mix.
Over the past 20 years, we have seen a transformation in internal audit and assurance. It no longer became sustainable and effective to have fully in-house teams meet the increasing demands of internal and external stakeholders. We are seeing the same shift come to the forefront of risk functions – it makes sense that organisations are now looking to external support in a 'Risk as a Service' model.
It can be a strain on resources to keep up with the constantly evolving GRC landscape. By tapping into the depth of knowledge from our subject matter experts as needed, you'll feel safe in the knowledge that you have what you need to make insightful, timely decisions with collaborative support..
Ebony Sanderson
Risk Hub Client Services, Risk Strategy & Technology
KPMG Australia
Risk management planning
Assessing risk types and making sure the business has the right knowledge and capacity to tackle new risk areas is key to planning ahead.
Unfortunately, all too often, organisations fail to identify and focus on the genuinely significant threats that can bankrupt a business overnight. Instead, spending time mitigating the more obvious risk areas around financial or operational processes.
What’s more, there might be 20 priority areas in a given year, so having the right tools in place could make all the difference – allowing risk managers to map out resourcing and focus areas with more confidence.
- Sustainability Reporting Survey 2024 | ASX100 & N100 companies, KPMG Australia, 28 November 2024.
How KPMG can help
Risk as a Service: easing the pressure
Having the right tools and support is critical to a risk team’s success.
KPMG Risk Hub
For a holistic view of your environment, KPMG Risk Hub is a GRC solution that can integrate information across all levels of an organisation through interactive, cloud-based technology allowing real-time risk, compliance and incident management and reporting.
In a global alliance with IBM®, this complete managed service leverages economies of scale and is flexible enough to meet your unique needs – you have complete control of the operational cost, without any capital investment.
Not only will KPMG Risk Hub ease the pressure on risk resources, but support is always on hand with our experienced team of full-time risk professionals.
KPMG support
Lean into deep subject matter knowledge that can be integrated into your business as a partnership. Our team of over 250 specialists’ sole focus is to support risk functions across all sectors and risk areas – cyber, ESG, social and data to name a few – no matter the size of your organisation.
Here, the control remains with your second line risk team, but information and support are always available to seamlessly bolster knowledge and provide collaborative reinforcement.
Connect with us
We're here to help
Get in touch if you'd like to learn more about how we can partner with you to take the pressure off your risk teams and drive a greater level of confidence in your GRC responsibilities.