Transforming Technology Risk

Managing technology risk to help build stakeholder trust

curvy-shape-cobalt-window.jpg

Most organizations are modernizing their critical information technology — to help improve the customer experience, replace aging software, shift work to the cloud or adopt artificial intelligence systems. Adding to the challenges are evolving regulations, changing customer behaviors, the concept of data as an asset and employee expectations for flexible technology tools to use in a more virtual workplace. Technology risk and compliance need to adjust to this new reality. 

The future of risk is shifting away from a regulatory-driven ‘protect agenda’ to one where businesses leverage risk to enable organization-wide growth and optimization. Boards and shareholders are looking for technology risk teams to be strong partners with the business, utilizing regulatory-focused investments to drive business results. This presents an opportunity for technology risk teams to work more closely with the business and help drive toward an environment with more proactive monitoring and automated controls to address risk events as close to real-time as possible.

This report identifies the key areas technology risk leaders should prioritize to help shape their organizations for the business challenges of today — and tomorrow.

PDF

Transforming technology risk

Managing technology risk to help build stakeholder trust

Seven steps toward technology risk transformation

Due to emerging technology risk and regulatory and governmental compliance mandates, large organizations require a holistic risk approach that accelerates strategic value realization and competitive advantage. The goal is an operational risk model built for the accelerated rate of technology change that addresses an organization’s appetite for risk while offering increased opportunities for value creation.

96 percent of digital leaders in the Global tech report 2023 say their technology function can help the enterprise to confidently explore the potential of emerging technologies.

Successful technology risk transformation can enable organizations to increase trust by enhancing risk management—simultaneously reducing the likelihood and severity of adverse outcomes more commercially and transparently.

By gaining these capabilities, the role of the risk function will move beyond a defense-only, reporting-centric activity to a trusted partner that delivers proper safeguards and improves the likelihood of successful implementation and execution of a strategy in line with investor risk appetite.

The Global tech report 2023 found 9 in 10 digital leaders believe they must be more proactive about integrating trust, security, privacy and resilience into technology roll-outs

Digital applications are now providing businesses with a tremendous amount of data, which is used as an asset, to create business value to differentiate product offerings.

The benefit of having structured data is that you can pivot from monitoring controls once or twice a year to monitoring them continuously to uncover those anomalies and events that need attention much faster. Then on the more technical side, there are advanced monitoring solutions around firewall rules and network access controls that can alert risk when there is a policy violation, and risk professionals need to act.

According to the KPMG Global Tech Report 2023, 68 percent of organizations report that their work with data and analytics has gone beyond the experimental phase, while only 17 percent describe their approach to data and analytics as ‘embedded’ — fully integrated into daily operations and is generating returns.

ESG transformation is not without risks, as it requires a paradigm shift involving regulatory obligations, new business models, consideration of new environmental and social performance metrics in decision-making and increased systemic risks to resources.

To effectively manage risks on your sustainability journey, consider these four key elements.

  • Internal control: Beyond the statutory obligations, internal control is a way to leverage your ESG transformation. The assurance you can provide is critical for your activity and business partners.
  • Process and Governance: Governance body and operational processes required for your ESG reporting are to be defined at the early stages of your ESG project.
  • Tools and data: Data is the foundation of ESG reporting. It should be the first element to secure before starting any transformation program. ESG tools support data collection, internal control monitoring and ESG reporting.
  • Third parties: Many IT third parties are involved in the production process and in the monitoring of non-financial reporting elements (data collection, analysis, production of KPIs). Obtain and provide assurance on the internal control of these technological third parties.
According to the Global Tech Report 2023, nearly half of the respondents (48 percent) said that advancing their ESG priorities will be a primary innovation goal for their technology functions over the next two years.

Leaders should determine what skills reside on their teams, build a plan to fill in the gaps, and provide training to encourage professional growth and advancement that can include rotations in and out of the risk department.

Equally important is making sure employees are cared for so they don’t burn out. Technology risk can look to a trusted co-source provider that can supply the right subject matter expert with the right skill set when the organization needs it.

Finally, intelligent automation is an option that is gaining traction in risk functions. The technology has advanced tremendously, and digital or virtual agents can carry out increasingly sophisticated tasks.

The 2023 Global tech report says that more than a third (36 percent) of organizations are concerned about the lack of skills within the organization.

 

Adoption of new technologies can be an opportunity for the risk function to take a step back and reassess controls and environments to ensure their knowledge of emerging technology is keeping up. Do you have the right controls to mitigate these new risks, and are you taking advantage of pervasive controls across these new technologies?

More than half (57 percent) of respondents in the Global Tech Report 2023 believe that AI and machine learning, including genAI, will be important in helping them achieve their business objectives over the next three years. In addition, 68 percent say these technologies will be vital in helping them to achieve their short-term business goals.

Technology risk must adapt quickly and effectively to keep up with the organization’s evolving strategy, business and operating models. To help with this journey, here are some recommendations to consider.

  • Clearly understand the business strategy purpose and values and how a change would address those issues: Try not to force the technology requirements before understanding the business requirements. Understand your vision and business objectives before vision and business objectives before designing new operating models and adopting new risk technologies.
  • Start small: Launch a pilot with limited scope to get a quick win and gain internal support.
  • Leverage agile approaches: Complete work in sprints to provide flexibility in scope coverage and allow for more real-time reporting and response.
  • Engage with key stakeholders up front and throughout the rollout of your program: Understand which customers and partners are prioritizing digital trust and transparency. Do some campaigning at the start. Make sure people are on the same page with you and get their feedback and recommendations. Then, when you get the entire stakeholder group together, have the benefit of the insights from that whole team.
The Global Tech Report 2023 found almost half of organizations (46 percent) say their technology function lacks the governance and coordination it needs to effectively support transformation initiatives.

Related Content

The evolution of non-financial risk

Adapting risk management practices to prepare for future non-financial risks.

Risk consulting

The complexities of today's business landscape requires careful navigation with a trusted guide. The expert insights and innovative solutions of KPMG's Risk services can help organizations to anticipate, manage and mitigate risks, helping you stay ahead of emerging threats and sustaining resilience.

Building trust in cloud environments

2023 KPMG Cloud Transformation Survey


Transforming for a future of value

Connected. Powered. Trusted. Elevate. KPMG firms' suite of business transformation technology solutions can help you engineer a different future – of new opportunities that are designed to create and protect value.

KPMG Connected Enterprise

Align your business around your customers to help create a seamless, agile, digitally enabled organization that can deliver leading experiences and new levels of performance and value.

KPMG Powered Enterprise

KPMG firms' suite of services to help transform their back-office functions, leveraging target operating models that are designed with the future in mind.

The Trusted Imperative

Our Trust Impertive brings together risk and regulatory services that build trust and confidence in the organization and its digital transformation journey. It helps ensure that businesses can navigate risk and regulation with greater predictabilty – and deliver on the promise to keep customer data trusted, safe and reliable.

KPMG Elevate

KPMG Elevate is our methodolgy to helps businesses identify and capture value using a data-driven approach. We focus on what an organization needs to change to achieve measurable improvements to revenue, margin expansion, cost management and capital structures . It is value quantified and delivered.


Our People

Laurent Gobbi

Global Trusted AI & Tech Risk Leader

KPMG en France


Time to chat

Connect with KPMG International: Your bridge to unparalleled expertise and global insights. Reach out today to transform your business strategy and drive sustainable growth worldwide.

Two colleagues having a chat