Most organizations are modernizing their critical information technology — to help improve the customer experience, replace aging software, shift work to the cloud or adopt artificial intelligence systems. Adding to the challenges are evolving regulations, changing customer behaviors, the concept of data as an asset and employee expectations for flexible technology tools to use in a more virtual workplace. Technology risk and compliance need to adjust to this new reality. 

The future of risk is shifting away from a regulatory-driven ‘protect agenda’ to one where businesses leverage risk to enable organization-wide growth and optimization. Boards and shareholders are looking for technology risk teams to be strong partners with the business, utilizing regulatory-focused investments to drive business results. This presents an opportunity for technology risk teams to work more closely with the business and help drive toward an environment with more proactive monitoring and automated controls to address risk events as close to real-time as possible.

This report identifies the key areas technology risk leaders should prioritize to help shape their organizations for the business challenges of today — and tomorrow.

maintaining cyber vigilance pdf image

Transforming Technology Risk

Managing technology risk to help build stakeholder trust





Download PDF (1.02 MB) ⤓



Seven steps toward technology risk transformation

Due to emerging technology risk and regulatory and governmental compliance mandates, large organizations require a holistic risk approach that accelerates strategic value realization and competitive advantage. The goal is an operational risk model built for the accelerated rate of technology change that addresses an organization’s appetite for risk while offering increased opportunities for value creation.

96 percent of digital leaders in the Global tech report 2023 say their technology function can help the enterprise to confidently explore the potential of emerging technologies.

Successful technology risk transformation can enable organizations to increase trust by enhancing risk management—simultaneously reducing the likelihood and severity of adverse outcomes more commercially and transparently.

By gaining these capabilities, the role of the risk function will move beyond a defense-only, reporting-centric activity to a trusted partner that delivers proper safeguards and improves the likelihood of successful implementation and execution of a strategy in line with investor risk appetite.

The Global tech report 2023 found 9 in 10 digital leaders believe they must be more proactive about integrating trust, security, privacy and resilience into technology roll-outs

Digital applications are now providing businesses with a tremendous amount of data, which is used as an asset, to create business value to differentiate product offerings.

The benefit of having structured data is that you can pivot from monitoring controls once or twice a year to monitoring them continuously to uncover those anomalies and events that need attention much faster. Then on the more technical side, there are advanced monitoring solutions around firewall rules and network access controls that can alert risk when there is a policy violation, and risk professionals need to act.

According to the KPMG Global Tech Report 2023, 68 percent of organizations report that their work with data and analytics has gone beyond the experimental phase, while only 17 percent describe their approach to data and analytics as ‘embedded’ — fully integrated into daily operations and is generating returns.

ESG transformation is not without risks, as it requires a paradigm shift involving regulatory obligations, new business models, consideration of new environmental and social performance metrics in decision-making and increased systemic risks to resources.

To effectively manage risks on your sustainability journey, consider these four key elements.

  • Internal control: Beyond the statutory obligations, internal control is a way to leverage your ESG transformation. The assurance you can provide is critical for your activity and business partners.
  • Process and Governance: Governance body and operational processes required.
  • for your ESG reporting are to be defined at the early stages of your ESG project.
  • Tools and data: Data is the foundation of ESG reporting. It should be the first element to secure before starting any transformation program. ESG tools support data collection, internal control monitoring and ESG reporting.
  • Third parties: Many IT third parties are involved in the production process and in the monitoring of non-financial reporting elements (data collection, analysis, production of KPIs). Obtain and provide assurance on the internal control of these technological third parties.
According to the Global Tech Report 2023, nearly half of the respondents (48 percent) said that advancing their ESG priorities will be a primary innovation goal for their technology functions over the next two years.

Leaders should determine what skills reside on their teams, build a plan to fill in the gaps, and provide training to encourage professional growth and advancement that can include rotations in and out of the risk department.

Equally important is making sure employees are cared for so they don’t burn out. Technology risk can look to a trusted co-source provider that can supply the right subject matter expert with the right skill set when the organization needs it.

Finally, intelligent automation is an option that is gaining traction in risk functions. The technology has advanced tremendously, and digital or virtual agents can carry out increasingly sophisticated tasks.

The 2023 Global tech report says that more than a third (36 percent) of organizations are concerned about the lack of skills within the organization.

Adoption of new technologies can be an opportunity for the risk function to take a step back and reassess controls and environments to ensure their knowledge of emerging technology is keeping up. Do you have the right controls to mitigate these new risks, and are you taking advantage of pervasive controls across these new technologies?

More than half (57 percent) of respondents in the Global Tech Report 2023 believe that AI and machine learning, including genAI, will be important in helping them achieve their business objectives over the next three years. In addition, 68 percent say these technologies will be vital in helping them to achieve their short-term business goals.

Technology risk must adapt quickly and effectively to keep up with the organization’s evolving strategy, business and operating models. To help with this journey, here are some recommendations to consider.

  • Clearly understand the business strategy purpose and values and how a change would address those issues: Try not to force the technology requirements before understanding the business requirements. Understand your vision and business objectives before vision and business objectives before designing new operating models and adopting new risk technologies.
  • Start small: Launch a pilot with limited scope to get a quick win and gain internal support.
  • Leverage agile approaches: Complete work in sprints to provide flexibility in scope coverage and allow for more real-time reporting and response.
  • Engage with key stakeholders up front and throughout the rollout of your program: Understand which customers and partners are prioritizing digital trust and transparency. Do some campaigning at the start. Make sure people are on the same page with you and get their feedback and recommendations. Then, when you get the entire stakeholder group together, have the benefit of the insights from that whole team.
The Global Tech Report 2023 found almost half of organizations (46 percent) say their technology function lacks the governance and coordination it needs to effectively support transformation initiatives.

Transforming for a future of value

Connected. Powered. Trusted. Elevate. KPMG firms' suite of business transformation technology solutions can help you engineer a different future – of new opportunities that are designed to create and protect value.

Get in touch

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today