6 risk management capabilities that reduce complexity and foster trust and resilience

KPMG Risk and Resilience Survey

Despite growing threats to business resiliency, there is a gap between leaders recognizing the need for enhanced resilience and what organizations are actually implementing to handle disruptions.

Facing compounding risks, increasing regulation, widespread volatility, and an accelerating pace of change and disruption, leading companies recognize that trust is the ultimate business enabler. Growth, performance, efficiency, and innovation are all fueled and facilitated by the trust that customers, employees, partners, investors, regulators, and communities have in your enterprise. Having stakeholder trust gives organizations the freedom and flexibility to change speed and direction to seize opportunities as they emerge.

But before businesses can drive value from trust, most need to invest in modernizing how they manage risk and build resilience to become more productive and effective. According to the KPMG Future of Risk survey, 90 percent of senior executives say the pace of risk transformation activity has increased over the past year. Meanwhile, the KPMG Risk and Resilience Survey finds that at least two-thirds of organizations face moderate or strong barriers in trying to manage risk. These challenges stem from a lack of awareness and communication, lack of cross-functional collaboration and fragmented view of risks, leading to redundant tasks, cultural resistance, and skills gaps. In addition, only 17 percent have extended resiliency plans beyond critical processes.

At KPMG, we’ve been part of this momentum to elevate how organizations manage their diverse and complex risk environment. We’ve helped plan, develop, and embed enhanced capabilities across many client risk operations, from the risk function itself, to compliance and legal, to technology risk and cyber teams, to internal audit. And we know first-hand why nearly all business leaders are putting more time, money, and resources toward increasing quality of and confidence in risk-related activities. Like us, they understand that trust enables business growth, earned by taking a dynamic, proactive, and technology-enabled approach to risk management for long-term resilience.

The insight related to large-scale risk transformation activities revealed in our research and our own work raises the question: What risk management capabilities deliver the greatest impact in building a trusted, resilient organization?

As market-leading advisors to risk organizations of all kinds, we know first-hand that risk transformation can be complex, costly, and sometimes prone to failure. We also know that understanding where to focus your resources and efforts makes all the difference.

Based on our experience with clients and primary research with c-suite and risk leaders, the following 6 key investment areas stand out for their ability to strengthen stakeholder trust in your business today and harness its power tomorrow.

1. Centralized or integrated risk management and resilience structures

The KPMG Risk and Resilience Survey finds that organizations with centralized or integrated risk management and resiliency structures perform better across the board. They face fewer barriers to managing risk, have a greater focus on tracking emerging risks, achieve better integration, and report stronger confidence that their c-suite leaders understand business risks. Yet less than half (48 percent) of organizations in the survey have a centralized structure for managing risk and resilience. In addition, only 26 percent have cross-functional collaboration and view of risks. In an era of unprecedented volatility, how thoroughly organizations commit to putting resilience on equal footing—with strong alignment and integration across multiple risk disciplines, from overall enterprise risk management (ERM) to cybersecurity and tech risk to business continuity—is sure to separate winners from losers.

2. Advanced data and analytics

Leading-edge data and analytics capabilities are powerful tools for risk and compliance functions, supporting better risk identification and decision-making, which in turn increases trust. Our Future of Risk survey finds that 67 percent of senior executives say risk data brings an increased understanding of potential risks and their impact on the organization. However, in practice, there is significant room for improvement is how data is leveraged for risk management: While 94 percent of organizations responding to the KPMG Risk and Resilience Survey use advanced analytics to manage risks at least sometimes, only 15 percent heavily rely on it.

3. AI and ML

Artificial intelligence (AI), including generative artificial intelligence (GenAI) and machine learning (ML), are critical digital tools for organizations to adopt. As risk levels rise, deploying these innovations across risk and compliance operations can help accelerate and improve risk identification, monitoring, and mitigation. In our Future of Risk survey, AI and GenAI are by far the most popular type of technologies for managing additional risk responsibilities in the next three to five years. For example, a European bank is rolling out GenAI tools to help identify reporting gaps and respond to different regulatory assessments, making its manual processes faster and less resource heavy.

4. Cybersecurity

Using leading technology to enhance and modernize business operations is table stakes, including in the risk department. Yet the greater use of technology throughout the enterprise increases cyber risk. According to the KPMG Risk and Resilience Survey, cybersecurity is expected to be the biggest risk area for businesses over the next 5 years. In addition, the KPMG Future of Risk survey finds that the #1 focus of risk managers in the next one to three years will be proactively adapting to new risk types, including cyber risk. To achieve this, we expect to see many risk leaders prioritizing the modernization and optimization of cybersecurity measures to safeguard against potential threats and vulnerabilities.

5. Technology-driven risk management

Automation. Cloud. Data. Analytics. AI. Integrating digital technologies into risk operations is the key to enhancing risk identification, assessment, modeling, tracking, mitigation, and reporting. Replacing manual tasks with automated, data-driven workflows can put organizations on the path to radically transforming risk management efficiency and effectiveness and unleash smarter, faster decisions. Nearly all KPMG Future of Risk survey respondents (98 percent) say digital acceleration has improved their organization’s approach to risk. And though it is already ubiquitous, technology-driven risk management will continue to be top investment area, with 41 percent of KPMG Future of Risk respondents expecting to spend more than half of their risk management budget on technology in the next 12 months. However, opportunity for further modernization remains: While two-thirds of respondent KPMG Risk and Resilience survey respondent organizations have mostly automated their processes, only 11 percent have achieved full automation.

6. Digital literacy

The specialized skills and knowledge required for delivering risk services effectively and efficiently are continuously expanding. With data and technology at the heart of efforts to improve risk preparation, management, and efficiency, risk professionals must be increasingly well-versed in technical areas, like data analysis and AI, and understand how to use modern tools and solutions. Business leaders in our survey are looking for risk professionals with interdisciplinary skills, especially in technology, innovation, and industry-specific expertise. According to the KPMG Future of Risk survey, the top 3 areas where executives plan to supplement their risk management teams with expertise are IT risk, predictive modeling, and cybersecurity skills. Case in point: After implementing a new technology, one organization completely reassessed and refreshed its technology risk service offering, including developing new learning pathways to address skill gaps.

Learn more about the importance of stakeholder trust as the ultimate business enabler.

Learn more

At KPMG, we help clients enhance stakeholder trust by transforming risk management into an opportunity enabler that generates enterprise value and creates competitive advantage, ultimately positioning your business for responsible growth, bold innovation, and optimal performance.