Navigating risk and compliance

Expectations on risk managers continue to evolve as the risk and compliance environment becomes more complex.

Technology, the economy, ESG, cyber security, supply chains, and geo-political relations (to name a few) must be monitored and managed 24/7. Not to mention changing government regulations and the resourcing impact of international conflict.

Internal challenges

While the external issues are what they are, internal issues bring their own hurdles. Risk managers are needing to do more with less.

There is increased pressure to find a way to navigate legacy systems with finite staff and budget resources, while providing a deep level of knowledge across the breadth of an organisation’s risk areas. All this, using tools that struggle to deliver on growing business expectations and needs – more insights, deeper subject knowledge and real-time answers.

Ninety percent of ASX100 companies acknowledge social elements are a business risk in annual or integrated reporting.[1] And this is an example of internal and external expectations for risk functions to be all-encompassing across a vast range of topics.

Expanding risk management practices

It’s easy to see how risk teams on any level and in any organisation might feel overwhelmed and under pressure. Yet there is a reticence to outsource risk support, with a common belief that any external assistance will either cost too much or lack the level of internal knowledge required. 

But, as we’ve seen with internal audit in the past, business expectations on an in-house team to be subject matter experts across all operations, and then act effectively, can become an impossibility without external support.  

Accessing specialist knowledge that seamlessly fits with internal practices and systems can take the pressure off GRC management and reporting. It will also uplift an organisation’s maturity in risk management by bringing new layers of knowledge and skills to the mix.

Over the past 20 years, we have seen a transformation in internal audit and assurance. It no longer became sustainable and effective to have fully in-house teams meet the increasing demands of internal and external stakeholders. We are seeing the same shift come to the forefront of risk functions – it makes sense that organisations are now looking to external support in a 'Risk as a Service' model.

It can be a strain on resources to keep up with the constantly evolving GRC landscape. By tapping into the depth of knowledge from our subject matter experts as needed, you'll feel safe in the knowledge that you have what you need to make insightful, timely decisions with collaborative support..

Ebony Sanderson
Risk Hub Client Services, Risk Strategy & Technology
KPMG Australia

Risk management planning

Assessing risk types and making sure the business has the right knowledge and capacity to tackle new risk areas is key to planning ahead. 

Unfortunately, all too often, organisations fail to identify and focus on the genuinely significant threats that can bankrupt a business overnight. Instead, spending time mitigating the more obvious risk areas around financial or operational processes.  

What’s more, there might be 20 priority areas in a given year, so having the right tools in place could make all the difference – allowing risk managers to map out resourcing and focus areas with more confidence.

[1] KPMG Australia, Sustainability Reporting Survey 2022 | ASX100 & G250 [PDF], October 2022

How KPMG can help

Risk as a Service: easing the pressure

Having the right tools and support is critical to a risk team’s success.

KPMG Risk Hub

For a holistic view of your environment, KPMG Risk Hub is a GRC solution that can integrate information across all levels of an organisation through interactive, cloud-based technology allowing real-time risk, compliance and incident management and reporting.

In a global alliance with IBM®, this complete managed service leverages economies of scale and is flexible enough to meet your unique needs – you have complete control of the operational cost, without any capital investment.

Not only will KPMG Risk Hub ease the pressure on risk resources, but support is always on hand with our experienced team of full-time risk professionals.

Learn more about KPMG Risk Hub

KPMG support

Lean into deep subject matter knowledge that can be integrated into your business as a partnership. Our team of over 250 specialists’ sole focus is to support risk functions across all sectors and risk areas – cyber, ESG, social and data to name a few – no matter the size of your organisation.

Here, the control remains with your second line risk team, but information and support are always available to seamlessly bolster knowledge and provide collaborative reinforcement.

Learn more about KPMG risk consulting

Connect with us

We're here to help

Get in touch if you'd like to learn more about how we can partner with you to take the pressure off your risk teams and drive a greater level of confidence in your GRC responsibilities.