Becoming a smarter risk taker in the digital era - pwccn.com · companies entered the Global...

Becoming a smarter risk taker in the digital era

2019 Risk in Review Asia Pacific Report

2019 Risk in Review Asia Pacific Report | PwC 3

Contents

Acknowledgements

Editorial and writing Sanjukta Mukherjee Terrance LuiMonica Uttam

Project ManagementTerrance LuiMonica Uttam

DesignerDelney Chua

Introduction 4

Executive Summary 6

Section 1: Evolution of the risk landscape amidst macroeconomic uncertainty

8

Section 2: Managing risks along the digital journey

10

Section 3: Activities and implementation of digital technologies among risk executives

16

Section 4: Conclusion 22

Respondents’ profile 24

Contacts 26

Endnotes 27

4 PwC | 2019 Risk in Review Asia Pacific Report

Risk management is of paramount importance to organisations. Whether it be strategic, technology or operational risk, leaders can hardly predict where the next threat will come from. Rising trade tensions, financial market volatility and the threat from slowing global economic growth are only a fraction of the external risks that have cropped up in Asia Pacific over the past year. On top of this, the pace of digital transformation in the region is giving rise to a whole host of new concerns such as digital disruption, cybersecurity and data privacy issues.

By 2021, it is estimated that 60% of Asia Pacific’s GDP will be derived from digital products or services created through digital transformation.1 In this context, it is critical for risk executives to become “digitally fit” in order to withstand the risks that arise from the adoption of technology. This means being able to give advice on the digital risk landscape on behalf of their stakeholders, and ensuring that their own risk function is digitally adept enough to predict risk events that can occur.

Introduction

PwC’s 2019 Risk in Review Asia Pacific Report sheds light on the opportunities and threats emerging from digital transformation as outlined by risk leaders in the region. The report delves into the strategies that risk leaders in Asia Pacific can use to manage risk arising from digital initiatives and broader market forces, and how they can become smarter risk takers in the long run.

This report mainly draws on the findings of PwC’s 2019 Global Risk, Internal Audit and Compliance Survey which surveyed 2,073 leaders in risk management, compliance and internal audit globally from 99 territories and 27 industries. It presents the views of the 435 risk leaders based in Asia Pacific. The survey was conducted between October and November 2018.


Executive Summary

• The majority of Asia Pacific risk leaders are on track with their digital journey Asia Pacific business leaders are as digitally motivated as their global counterparts, and the majority are on track with their digital roadmap. Most Asia Pacific risk executives are identifying the capabilities needed to become a more digital function, developing and managing against an aspirational digital operating model and creating a talent management programme to hire digital talent or to digitally upskill internally.

• Asia Pacific leaders have a greater risk appetite than their global peers as a consequence of their digital roadmap Executives in the region are willing to take more risks than in the past as a result of the improvement in their digital capabilities, compared to the global average. Within the Asia Pacific sample, Chinese leaders in particular have a greater risk appetite in light of their digital roadmap.

• Risk professionals face cybersecurity and data governance risks from digital initiatives In terms of the top three acute risks stemming from their digital initiatives, Asia Pacific and global risk leaders are most concerned about cybersecurity, data governance or privacy and operational risk.

• Risk executives are only somewhat effective at managing risks on their digital journey Most Asia Pacific executives consider themselves only somewhat effective at managing risks. This can be attributed to the underdeveloped risk management landscape for executives in the region. Asia Pacific businesses tend to lack a consistent risk management culture and a common understanding of risk terminology and methodology. There is also a blurring of responsibilities across the three lines of defence for risk executives in the region due to the lack of a unified “risk language”.


• Executives are expanding their risk coverage based on the availability of digital technologies The most popular service-related activity for Asia Pacific risk leaders based on digital technology availability is the expansion of their risk coverage. Within the next two years, the majority of Asia Pacific risk leaders will incorporate emerging technologies into their risk management framework in order to anticipate and screen risks before they materialise.

• Asia Pacific risk leaders see more potential in deploying emerging technologies in their risk management practices Looking at their use of digital technologies, Asia Pacific risk leaders are currently making use of compliance-specific technology applications as well as governance, risk and compliance tools to a greater degree than emerging technologies such as artificial intelligence, robotics process automation or Internet of Things (IoT).

• Risk leaders are adopting baseline behaviours to engage with stakeholders Asia Pacific risk leaders are more likely to adopt baseline behaviours to engage with stakeholders such as regularly participating in board or senior management digital-initiative discussions. They are less likely to adopt standout behaviours such as influencing strategic executive and board decisions about digital initiatives, or using digital dashboards or visualisation tools for more-comprehensive and strategic risk reporting to the board.


Section 1: Evolution of

the risk landscape amidst

macroeconomic uncertainty


The external environment is in a constant state of flux and companies in the region are having to deal with risks that transcend borders. This year, 50% of Asia Pacific CEOs thought the global growth outlook would improve in the next 12 months, down from 60% the year before. The proportion of Asia Pacific executives that were very confident about their company’s revenue growth prospects over the next 12 months also dropped by 8 percentage points compared to 2018.i

The pessimism among Asia Pacific executives is related to the rising external risks that are threatening their growth prospects. In terms of the top macro threats to growth opportunities, trade conflicts, policy uncertainty and uncertain economic growth kept Asia Pacific executives awake at night. Rising economic nationalism, with policies such as “America First” has brought increasing geopolitical pressure on businesses, social institutions and economies.

Apart from these exogenous risk factors, from a business operations perspective, the availability of key skills, speed of technological change and cyber threats were cited by Asia Pacific executives as the top three threats to growth. These risks are inextricably linked to the pace of digital transformation occurring in the region.

Asia Pacific represents the world’s largest e-commerce market and more than half the world’s mobile subscribers are based here (mainly in China and India). By 2025 it is estimated there will be 3.9 billion smartphone connections and 11 billion IoT connections in Asia Pacific (up from 2.5 billion and 2.8 billion in 2017 respectively).2 Many Asia Pacific territories have launched smart city initiatives and the tech start-up ecosystem is growing with nearly US$208 billion having been invested across over 8,500 equity deals regionally since 2012.3

At the same time territories in the region vary considerably in terms of their level of digital maturity. Economies such as Japan, South Korea, China (including Hong Kong), Singapore and Australia are more digitally advanced and stand out in terms of their usage of e-wallets, mobile payments, robotics and FinTech. These economies are also spending on R&D to further enhance their digital capabilities. PwC’s Innovation 1000 Study found that the R&D spending of Chinese companies increased by 34.4% to reach US$60.08 billion in 2018 (marking largest growth among the regions studied globally). As a consequence of China’s strategic priorities to develop into a technology and innovation-driven economy, twenty additional companies entered the Global Innovation 1000 list as compared to 2017.4 A separate report by Tsinghua University has also found that China is the largest owner of AI patents in globally, followed by the US and Japan.5

Other developing economies in the region fall behind the digital curve, particularly in terms of the enforcement of government policies supporting digital strategy as well as the adequacy of digital infrastructure including fibre deployment and mobile network coverage.

Digital transformation among companies in Asia Pacific is impacting the evolution of their risk function. Risk leaders need to be agile in order to manage risks along their company’s digital journey.

i These findings were extracted from the 22nd Annual Global CEO Survey


Section 2: Managing risks

along the digital journey


Majority of Asia Pacific risk leaders are on track with their digital journeyThe findings of the 2019 Global Risk, Internal Audit and Compliance Survey suggest that Asia Pacific risk leaders are as digitally motivated as their global counterparts and the majority are on track with their digital roadmap. 97% of Asia Pacific risk executives have digital initiatives (Global: 97%) and 76% have a digital roadmap (the organisation’s plan for improving their digital capabilities) (Global: 77%). For those that have a digital roadmap, most believe they are on track with it (Asia Pacific: 62%; Global: 63%). 29% of Asia Pacific executives consider themselves behind in meeting many objectives and timelines in their digital roadmap, a slightly higher percentage than the global average of 24%.

Figure 1:

Organisation’s progress on its digital journey

We are ahead of our digital

roadmap

We are on track with our

digital roadmap

We are behind in meeting many objectives and timelines in our digital roadmap

Asia Pacific Global

5%8%

62%63%

29%24%

Within the Asia Pacific sample, as much as 40% of Chinese risk leaders state they are falling behind in terms of implementing their digital roadmap. This is likely a consequence of the pace of digitalisation in the country that is being driven by privately-owned enterprises. As of March 2018, the private sector contributed to more than 60% of China’s GDP growth and brought in over half of China’s fiscal revenue.6 In particular, tech conglomerates Baidu, Alibaba Group Holding and Tencent Holdings (BAT) are leading China’s digital revolution and are disrupting industries such as financial services, retail and tourism. These Internet giants are putting pressure on traditional companies by moving the technological goalposts thus causing these incumbents to fall behind. For example, Alibaba’s financial services arm Ant Financial and Tencent are offering consumers personal financial and banking services, using their wealth of data to evaluate and store customers’ access to credit.7

As two-thirds of Chinese survey respondents are from non-technology sectors such as financial services or the consumer and industrial products and services sector, it is apparent that some of these organisations cannot keep up with the speed of disruption impacting their industries from these BAT titans, and find themselves trailing behind in meeting their digital objectives.

Ways to advance: • Asia Pacific risk leaders should devise a

digital strategy for their function and ensure they are on track or ahead in meeting their specified objectives and timelines.

• This will involve identifying how to become a more digital function, what the desired outcomes are for their function’s digital investments and technologies, and how risk leaders should change department or performance metrics to reinforce preferred behaviours.


ii This finding aligns with the 22nd Annual Global CEO Survey which found that the majority of Chinese CEOs see the main lever to narrow or close the skills gap is by significant retraining or upskilling of the existing workforce or by hiring from competitors.

Ways to advance: • In order to combat the talent gap, it is

recommended that organisations’ talent upskills to stay in lockstep with its digital transformation while also hiring externally to enhance the digital fitness of their risk functions.ii

• Asia Pacific risk executives should hire talent that can match their digital needs particularly in the areas of critical thinking, technology, data and analytics and change management.

Figure 2:

Activities related to building and managing organisations’ digital roadmap

Identify the capabilities needed to become a more digital function

Asia Pacific Global

Doing now Will do within two years

52%25% 53% 27%

Develop and manage against an aspirational digital operating model

Create a talent management programme to hire digital talent or to digitally upskill internally

Change department or individual performance metrics to reinforce desired behaviours

Set desired outcomes for the function’s digital investments and technologies

37%

34%

33%

34%

29%

32%

32%

37%

36%

37%

33%

32%

37% 30%

36% 32%

A greater proportion of Chinese risk leaders (46%) are currently creating a talent management programme to hire digital talent or to digitally upskill internally than the global average (37%). Given the pace of digital transformation and industrial upgrading of private businesses in the country, there is a lack of talent to keep up. Different skills are required to integrate emerging technologies into everyday operations.

Asia Pacific leaders have a greater risk appetite than their global peers as a consequence of their digital roadmapAsia Pacific leaders are slightly more likely to be risk takers than their global peers as a consequence of their digital roadmap. 45% of Asia Pacific executives are willing to take more risks than in the past as a result of the improvement in their digital capabilities, compared to the global average of 40%. Chinese leaders in particular have a greater risk appetite as 43% are willing to take more risks than in the past in light of their digital roadmap.

Figure 3:

Impact of organisation’s digital roadmap on its risk appetite

45%40%

We are willing to take more risks than in

the past

27%31%

No impact

11%12%

We are willing to take less risks than in

the past

Asia Pacific Global

Risk executives are still in the initial stages of building their digital roadmapIn building and managing their digital roadmap, risk leaders need to first understand how their risk function needs to become more digitally fit. They should set desired outcomes for the risk function’s digital investments and technologies, and change department or performance metrics to reinforce desired behaviours.

The majority of Asia Pacific (and global) risk executives are still in the initial stages of building their digital roadmap. 52% of Asia Pacific risk executives are currently identifying the capabilities needed to become a more digital function (Global: 53%). Some are more ahead in the game: 37% are developing and managing against an aspirational digital operating model (Global: 36%) and the same percentage are creating a talent management programme to hire digital talent or to digitally upskill internally (Global: 37%).


iii The Asia Pacific Economic Cooperation (APEC) is an inter-governmental forum for 21 member economies that promotes free trade throughout the Asia Pacific region.iv The General Data Protection Regulation (GDPR) is a regulation in EU law concerning data protection and privacy for individuals within the European Union and the European Economic Area.

While the increased risk appetite is a positive sign arising from business optimism and digital innovation, it is critical that risk boundaries are set up and a risk-weighted decision making process is well designed and followed. For example, a major TMT player in China with increased risk appetite designed their bonus scheme in order to motivate their salesforce. They allowed the sales team the chance to earn as much as senior management (should they meet their targets). However, they also set up clear boundaries that all the sales transactions should strictly comply with regulations and corporate policies and that no misconduct was allowed.

According to the latest Enterprise Risk Management (ERM) framework8, the organisation should consider risks both in terms of the strategy-setting process and in driving performance. At the same time their strategy and business objectives should align with the organisation’s stated mission, vision, core values and culture. A risk appetite should be established that is aligned with the organisation’s strategy, while the firm’s business objectives should serve as a basis to identify, assess and respond to risk.

Ways to advance: • Risk leaders in the region should ensure a

risk-weighted decision making process is set up to ensure the organisation has the appropriate level of risk appetite.

• This means making sure risks are considered in both the strategy-setting process and in driving performance, while at the same time aligning the strategy and business objectives with the entity’s stated mission, vision, core values and culture.

Risk executives are only somewhat effective at managing risks on their digital journeyWhile digital advancement offers vast opportunities for organisations to improve on efficiency, grow their revenue and save on costs, it is often coupled with a rise in risks. Asia Pacific and global risk leaders were most concerned about cybersecurity (Asia Pacific: 50%; Global: 51%), data governance or privacy (Asia Pacific: 39%; Global: 36%) and operational risks (Asia Pacific: 30%; Global: 29%) stemming from their digital initiatives.

Asia Pacific accounted for roughly 36% of the cybersecurity events globally in the first half of 2018 according to digital security company Gemalto, second only to the US which accounted for 59% and behind Europe which stood at 4%.9 The rise in cybersecurity threats in the region is also having a knock-on effect on data governance and privacy with an increasingly complex set of country-specific laws governing these areas that companies need to comply with. The Asia Pacific Economic Cooperation (APEC)iii last released an APEC Privacy Framework in 2015 as a tool to ensure the free flow of information in the Asia Pacific region. However, territories in Asia Pacific have not as yet implemented a General Data Protection Regulation (GDPR)iv-style upgrade of their data protection legislation in a similar fashion to the European Union.

Figure 4: Most acute risks stemming from organisation’s digital initiatives

20%18%

22%19%

23%25%26%27%

30%29%39%

36%

51%50%

Asia Pacific Global

Cybersecurity Data governance or privacy

Operational Technology Regulatory or compliance

Strategic Talent


For example with regards to strategic integration, while 79% of Asia Pacific risk leaders (Global: 84%) state that their governance of risk management is integrated with other lines of defence, only 5% state it is fully integrated (Global: 10%). Amongst Asia Pacific risk executives, the least integrated areas between the three lines of defence are their digital vision or roadmap (Asia Pacific: 60%; Global: 62%) and their risk appetite or tolerance parameters (Asia Pacific: 69%; Global: 77%).

This finding can explain the fact that Asia Pacific risk executives have a higher risk appetite as mentioned earlier, despite being only somewhat effective in managing risks. Given the lack of a consistent risk management culture, there is a disconnect in mind-set between the amount of risk executives in the region wish to take on, and their ability to cope with it.

Within the Asia Pacific sample, only 6% of Chinese risk leaders felt their organisation is very effective at managing risks on its digital journey. In China, risk management culture is still under development and the perception that the risk function has the ability to add value to the corporate decision making process does not resonate with company executives.

Additionally there are several complicated and dynamic external factors that are challenging organisations in China and impacting the ability of executives to effectively manage their risks. For example, PwC’s 2018 survey on Chinese unicorns found that 57% of executives say the constant emergence of new technologies is the most influential external factor that will impact their company in the next one to three years, followed by policy guidance (55%), uncertainty of the regulatory environment (47%) and the emergence of a disruptive new business model (45%).10

v It is important to note that the maturity of the risk management landscape among developed economies such as Australia, Singapore and Japan will be more advanced than developing economies such as Indonesia, Malaysia or Thailand.

Given the variety of risks they face on their digital journey, the majority of risk executives in the region consider themselves only somewhat effective at managing them (Asia Pacific: 59%; Global: 54%). 11% of Asia Pacific risk leaders think their organisation is very effective at managing risks on its digital journey, lower than the global average of 18%. This can be attributed to the underdeveloped risk management landscape for executives in the region. Asia Pacific businesses tend to lack a consistent risk management culture and a common understanding of risk terminology and methodology.v This is particularly amplified given the diversity of languages and cultures among the different countries in the region.

Figure 5:

Organisation’s effectiveness at managing risks on its digital journey

11%

59%

13%

10%

1%

18%

54%

12%

9%

1% Asia Pacific Global

Very effective

Somewhat effective

Neither effective nor ineffective

Not very effective

Not at all effective

Additionally for many organisations in Asia Pacific, there is an asymmetry between the understanding of risk from the front line of defence (senior management and business units) and the second and third lines (risk management/compliance and internal audit) due to a lack of suitable talent or talent readiness of the existing staff. This leads to a blurring of responsibilities across the risk functions and three lines of defence for the executives in question due to a lack of a unified “risk language”.


China’s regulatory environment in particular is constantly in flux with new laws frequently being enacted or amended. For example while China’s updated cybersecurity law was enforced in June 2017, as of October 2018 many provisions of the law still needed to be detailed and clarified through implementation rules and regulations.11 Another example is the regulation of “cross-border data transfer” has not been released in China, but law enforcement has been executed. In 2018, a famous multinational pharmaceutical company transferred samples of human genetic resources to a local biotech company and a local medical research company without permission and conducted research beyond what was approved. These three companies were warned and the illegally used human genetic resource materials were confiscated and destroyed. The applications for international cooperation activities on genetic resources would not be accepted until the rectification was accepted.

As a consequence of the ever-changing external environment, risk leaders need to operate by trial and error in order to navigate complexities such as this.

Ways to advance: • Asia Pacific risk executives should

integrate their digital vision and their risk appetite among the three lines of defence.

• They should work towards creating a common “risk language” by promoting data sharing and fostering collaboration on how to define, identify and track risks in an optimal way.

Figure 6:

Function’s level of strategic integration with other lines of defence

Fully integrated

Well integrated

Integrated

Somewhat integrated

Asia Pacific Global

Governance of risk management

Policy framework

Reporting to board

Risk or issue trending

Reporting to stakeholders other than board

Risk metrics or key performance indicators

Risk appetite or tolerance parameters

Digital vision or roadmap

30% 32% 12% 5%

6%10%30%31%

7%12%29%28%

4%8%29%34%

4%10%28%32%

4%8%30%31%

3%10%26%30%

3%4%16%37%

10% 17% 30% 27%

10% 17% 28% 26%

11% 18% 29% 23%

7% 17% 26% 31%

8% 17% 24% 27%

8% 15% 25% 30%

7% 13% 28% 29%

4% 9% 16% 33%


Section 3: Activities and

digital technologies among

implementation of

risk executives

Professionals in the region are using data and analytics to inform decision makingAsia Pacific risk leaders acknowledge the importance of using data and analytics to inform decision making in their organisations, as stated by 80% of Asia Pacific risk leaders compared to 76% of their global counterparts. Asia Pacific CEOs are also experiencing an information gap between the importance and adequacy of the data they use particularly in terms of risks to which the business is exposed. The primary reasons for the gap are the lack of analytical talent, poor data reliability and data silos.vi Together these findings suggest that while data and analytics are being relied upon more heavily than in the past for risk management, currently the value from such data is not being sufficiently extracted.

75% of Asia Pacific risk leaders agree that their risk function is changing its methodologies or processes to work faster or connect more often with stakeholders (Global: 74%). 66% also agree that the risk function performs more frequent risk assessments than it used to (Global: 63%).

Figure 7:

Organisations’ level of agreement with the following statements on their function’s resources and ways of working

52%

60%

54%

49%

50%

Asia Pacific

Strongly agree Agree

Uses data and analytics to inform decision making more than it used to

Is changing its methodologies or processes to work faster or connect more often with stakeholders

Performs more frequest risk assessments than it used to

Use agile collaboration tools, approaches, or methodologies with others at the organisation

Is shifting its talent mix toward more digital & data skills and away from accounting skills

28%

15%

12%

15%

13%

Global

25%

17% 57%

16% 47%

16% 45%

17% 44%

51%

Ways to advance: • Given the importance of extracting value

from data, risk executives in the region should recruit more data specialists and cultivate analytical skills to interpret data and understand the trends and its implications.


vi These findings were extracted from the 22nd Annual Global CEO Survey


Asia Pacific Global


Expand risk coverage

Other changes in what or how your function delivers services based on the availability of new technologies

Implement continuous monitoring of critical controls

Rethink or redesign current processes or procedures to deliver services to stakeholders such as automated data retrieval or testing

Develop new services for the organisation or its stakeholders such as real-time dashboards

Use outsourcing or cosourcing to deliver new, digital products or services

Use intelligent automation or machine learning to prioritise risks

Figure 8:

Function’s service-related activities based on the availability of digital technologies

47%

47%

40%

36%

33%

25%

15%

46%

35%

40%

40%

33%

29%

18%

30%

9%

37%

36%

35%

24%

37%

26%

6%

36%

34%

32%

29%

37%

Executives are expanding their risk coverage based on the availability of digital technologiesIn terms of the most popular service-related activities based on digital technology availability, currently 47% of Asia Pacific risk leaders are expanding their risk coverage (Global: 46%). Asia Pacific CEOs are facing new and unexpected threats in the macro landscape such as trade conflicts and policy uncertainty as well as in their business operationsvii and consequently 55% of Chinese risk leaders are widening their coverage of risks to include these unforeseen macro factors.

Within the next two years, the majority of Asia Pacific as well as global risk leaders will incorporate emerging technologies into their risk management framework in order to anticipate and screen risks before they materialise. For example, 37% plan to use intelligent automation or machine learning to prioritise risks (Global: 37%) and 36% plan to implement continuous monitoring of critical controls (Global: 37%).

vii These findings were extracted from the 22nd Annual Global CEO Survey


Looking at their use of digital technologies, Asia Pacific (and global) risk leaders are currently making use of compliance-specific technology applications to support legal and regulatory requirements, monitoring and/or alert notifications (Asia Pacific: 29%; Global: 34%) as well as governance, risk and compliance tools to better coordinate risk tracking, reporting, assessment and testing (Asia Pacific: 28%; Global: 38%).

Risk leaders in the region and executives at a global level are using these baseline capabilities to a greater degree than emerging technologies such as artificial intelligence, robotics process automation or Internet of Things (IoT). However, as they progress in their digital journey, risk leaders will be urged to recognise, measure and appraise risk through the use of emerging technologies.

16%

16%

13%

10%

10%

32%

33%

23%

10%

19%

38% 32%

Figure 9:

Function’s use of digital technologies

Asia Pacific Global


Compliance-specific technology applications to support legal and regulatory requirements, monitoring and/or alert notifications

Governance, risk and compliance tools to better coordinate risk tracking, reporting, assessment, and testing

Artificial intelligence for tasks such as full population testing, controls, or risk modeling

Robotic process automation (RPA) or intelligent automation for monitoring or routine tasks such as data retrieval & audit testing

Internet of Things sensors to assess and respond to risks in critical processes

Drones to assist with aerial observations of critical processes such as inventory verifications

Blockchain in compliance to track and improve the transparency of interorganisational transactions

29%

28%

12%

10%

7%

7%

6%

33%

31%

27%

28%

20%

8%

14%

34% 33%

viii Testing a full population of data rather than just a sampleix Setting up base parameters for past risks the enterprise has faced accounting for scenarios such as limited resources and competing priorities

Ways to advance: • Asia Pacific executives should better assess how to recognise, measure and appraise risk

through the use of emerging technologies such as artificial intelligence, robotic process automation, Internet of Things (IoT), Blockchain and drones.

• They should incorporate emerging technologies into their risk management framework in order to anticipate and screen risks before they materialise. Such solutions could involve implementing risk controls, risk modelling or critical process monitoring for example.

Within the Asia Pacific sample, Chinese risk leaders’ adoption of specific emerging technologies is more aggressive than their global counterparts. 24% are currently using artificial intelligence for such tasks as full population testingviii, controlsix, or risk modelling (Global: 16%). The rate of AI adoption among Chinese companies has increased in recent years strengthened by supportive national policies as part of the government’s goal for China to be the global AI leader by 2030. According to another PwC report, AI and related technologies could displace around 26% of existing jobs in China over the next two decades.12 Aside from AI, 18% of Chinese risk executives are using robotic process automation (RPA) or intelligent automation for monitoring or routine tasks such as data retrieval and audit testing (Global: 16%).


Risk leaders are adopting baseline behaviours to engage with stakeholdersIt is critical for risk leaders to integrate the board or senior management into discussions on digital strategy and how the risk function fits in to this strategy. In terms of stakeholder engagement, Asia Pacific risk leaders are currently adopting baseline behaviours: 58% of Asia Pacific risk executives regularly participate in board or senior management digital-initiative discussions (Global: 60%) and 51% are regularly consulted by the board or senior management on digital initiative risks (Global: 50%).

They are less likely to adopt standout behaviours: 40% are using digital dashboards or visualisation tools for more-comprehensive and strategic risk reporting to the board (Global: 42%), and 43% are influencing strategic executive and board decisions about digital initiatives (Global: 43%).

Figure 10:

Organisations’ level of agreement with the following statements on their function’s stakeholder engagement and influence

Asia Pacific Global

Strongly Agree Agree

Regularly participates in board or senior management digital-initiative discussions

Is regularly consulted by the board or senior management on digital-initiative risks

Works with senior executives & the board to adjust riskappetites & tolerances to increase levels of risk in digital initiatives

Is active on core digital teams by contributing to &shaping digital strategies or plans

Influences strategic executive & board decisions about digital initiatives

Uses digital dashboards or visualisation tools for more-comprehensive & strategic risk reporting to the board

11%

7%

8%

5%

7%

8%

16%

12%

11%

10%

10%

10%

44%

38%

38%

34%

33%

32%

47%

44%

41%

38%

36%

32%

Ways to advance: • Risk executives in the region should

engage the board and senior management on digital strategy decisions and use advanced visualisation tools such digital dashboards for reporting on key risk indicators (KRIs).

• Promoting stakeholder engagement will also help to address the asymmetry in understanding of risk across the three lines of defence.


Section 4: Conclusion


Now more than ever, organisations are using digital capabilities and technologies to create new products or services, improve customer or employee experiences and streamline operations. The ubiquitous nature of the Internet and prevalence of cloud computing among businesses as well as the integration of advanced technologies into their operations is impacting their exposure to risk.

Based on the findings of the 2019 Global Risk, Internal Audit and Compliance Survey, there are several key business implications for Asia Pacific risk leaders on what they can do to make their function more digitally fit. These are as follows:

• Devise a digital strategy and stick to it

• Upskill and hire talent to ensure a digitally adept workforce

• Develop a risk-weighted decision making process with specific risk boundaries

• Offer a unified view of the risk landscape among the three lines of defence

• Integrate emerging technologies into the risk management process

• Promote stakeholder engagement on digital strategy decisions and reporting of KRIs

While companies in Asia Pacific are fast undergoing digital transformation and becoming more sophisticated in their approach to managing risk, there is still a disparity among the territories in terms of the level of digital maturity and how developed the risk management culture is. By following the best practices outlined in the report, risk leaders can tackle this disparity and ensure that the risk function moves in tandem with the organisation’s digital transformation.

Figure 11: Distribution of Asia Pacific sample by organisation’s headquarters

(*Other includes New Zealand, Japan, India, Malaysia and Thailand among others)

Indonesia22%

Singapore10%

Other*22%

China (including Hong Kong)

12%

Australia34%


Respondents’ profileThe respondents’ profile is represented by the following charts in terms of country composition, industry, annual revenue and respondents’ title.

[Note: Not all figures add up to 100%, as a result of rounding percentages and exclusion of ‘Does not apply’ and ‘Unsure’ responses.]

Figure 12: Distribution of Asia Pacific sample by industry

Financial services

Consumer and Industrial Products and Services

Technology, Information, Communications and Entertainment

Government and public sector

Healthcare

38%

33%

11%

8%

4%

Figure 13:

Distribution of Asia Pacific sample by organisation’s global revenue (US $)

$499 million or less

$500 million to $999 million

$1 billion to $4.9 billion

$5 billion to $9.9 billion

$10 billion or more

41%

15%

20%

8%

16%


Figure 14: Distribution of Asia Pacific sample by respondents’ role

Chief Audit Executive (CAE)/General Auditor (overall responsibility

for internal audit function)

Chief Financial Officer (CFO)

Chief Risk Officer/Head of Risk Management

Audit Committee/Risk Committee Chair

Chief Executive Officer/Chief Operations Officer (COO)

Other – Board Member

Internal Audit Director (reports directly or indirectly to CAE/General Auditor)

Audit Committee/Risk Committee Member

Other – Risk Function

Chief Information Officer/Chief Technology Officer

Chief Compliance Officer/Head of Compliance/Chief Ethics and Compliance Officer

Other – Compliance Function

Director of Risk

20%

19%

12%

11%

11%

7%

5%

4%

3%

3%

3%

2%

1%


Contacts

Jennifer HoPwC Asia Pacific Risk Assurance Leader+852 2289 [email protected]

Jasper XuPwC Asia Pacific Governance and Internal Audit Service Leader +86 (21) 2323 [email protected]

Central China

South China

North China

Jim WoodsPwC Mainland China & Hong Kong Chief Digital Officer+852 2289 [email protected]

Claire QianPwC China Risk Assurance Partner+86 (21) 2323 [email protected]

Eric YeungPwC Hong Kong Risk Assurance Partner +852 2289 [email protected]

Stephen DuckerPwC China Risk Assurance Partner +86 (21) 6533 [email protected]

Cimi LeungPwC Risk Assurance China and Hong Kong Markets & Growth Leader +86 (20) 3819 [email protected]


Endnotes1 Unlocking the Economic Impact of Digital Transformation in Asia Pacific, November 2018, https://3er1viui9wo30pkxh1v2nh4w-wpengine.netdna-ssl.com/wp-content/uploads/prod/sites/43/2018/11/Unlocking-the-economic-impact-of-digital-transformation.pdf

2 The mobile economy, Asia Pacific 2018, https://www.gsmaintelligence.com/ research/?file=28401018963d766ca37d014fa9cbffb1&download

3 Startup Continent: The Most Well-Funded Tech Startups In Asia & The Pacific, March 2019, https://www.cbinsights.com/research/asia-startups-most-well-funded/

4 Chinese companies’ R&D spending growth leads the world, November 2018, https://www.strategyand.pwc.com/cn/press-release/2018-innovation1000-cne

5 China AI Development Report 2018, July 2018, http://www.sppm.tsinghua.edu.cn/eWebEditor/UploadFile/China_AI_development_report_2018.pdf

6 China’s private sector contributes greatly to economic growth: federation leader, March 2018, http://www.xinhuanet.com/english/2018-03/06/c_137020127.htm

7 Alibaba and Tencent: Disrupting China, Dozens of Industries at a Time, August 2018, https://worldview.stratfor.com/article/alibaba-and-tencent-disrupting-china-dozens-industries-time

8 Enterprise Risk Management - Integrating with Strategy and Performance, June 2017, https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and- Performance-Executive-Summary.pdf

9 Data Breaches Compromised 3.3 Billion Records in First Half of 2018*, October 2018, https://safenet.gemalto.com/resources/infographics/data-protection/breach-level-index-h1- 2018-infographic/

10 PwC’s Unicorn CEO Survey 2018, June 2018, https://www.pwccn.com/zh/research-and-insights/pwc-unicorn-ceo-survey-2018/unicorn-ceo-survey-2018.pdf

11 Ministry of Public Security Issued Rules on Supervision and Inspection internet Security, October 2018, https://www.bakermckenzie.com/en/insight/publications/2018/10/ministry-of-public- security-issued-rules

12 What will be the net impact of AI and related technologies on jobs in China, September 2018, https://www.pwc.com/gx/en/issues/artificial-intelligence/impact-of-ai-on-jobs-in-china.pdf

www.pwccn.com www.pwchk.com© 2019 PricewaterhouseCoopers Limited. All rights reserved. PwC refers to the Hong Kong member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

Becoming a smarter risk taker in the digital era - pwccn.com · companies entered the Global...

Documents

Transcript of Becoming a smarter risk taker in the digital era - pwccn.com · companies entered the Global...