CRO and risk management leaders

Latest findings from PwC’s Pulse Survey

Risk leaders guide transformation with collaboration, insights and judgment

As businesses pursue strategies to reinvent themselves, risk leaders (including CROs, CISOs and CAEs) stand ready to help their company navigate the many, often unseen, hazards. External risks include cyber attacks, with 83% of risk leaders citing them as a moderate or serious risk, according to our August 2023 Pulse Survey. Other risks include the US regulatory environment (77%) and margin pressure affecting earnings (70%).

Risk leaders can help more if they're included early on, if their peers understand the value they bring, if they’ve built collaborative relationships and if they bring information on relevant risks to C-suite discussions.


Cautious to confident Cautious to confident Cautious to confident

Risk leaders shape transformation by engaging early, communicating value

31%

say forming stronger C-suite relationships is a top way for risk leaders to get engaged earlier


Business reinvention requires taking on more risk. As companies prioritize embedding new technologies in their business model and creating new revenue streams, they're gathering and using more data and, in turn, introducing more risks. To mitigate these threats, risk leaders should be included in the planning and design phases, before vulnerabilities get baked in.

But with only half of risk leaders included in these early decisions, how can more get a seat at the table? It starts by forming relationships with senior leaders and communicating the value of risk perspectives in strategic and design decisions. Managing the risks of generative AI, for example, requires a robust collaboration with all stakeholders that’s rooted in a strong foundation of risk governance.

Bottom line: Risk leaders can better influence transformation if they build relationships, engage early and bring the right perspectives to add value.

What you can do

  • Push to establish a risk governance process that’s tied to strategy. This can help you better address risks to that strategy early and often.

  • Demonstrate your team’s value by investing in technology tools and training to help deliver insights that can shape transformation initiatives.

  • Consider partnering with a trusted third-party to help bring the right perspectives. This is particularly useful when your team doesn’t have experience with the risks a business priority or initiative may introduce.


PwC Pulse Survey: Business reinvention PwC Pulse Survey: Business reinvention

Get more on this topic


Cautious to confident Cautious to confident Cautious to confident

Collaborating with those driving change is key for risk leaders

#1

Chief transformation officer is the most important executive for risk leaders to build a stronger relationship with


If collaborating with C-suite leaders is key to managing the risks of business reinvention, which relationships should risk leaders prioritize? The answer, say risk leaders, is those who are closest to the action — the executives who are driving transformation efforts and are thus better positioned to support risk mitigation efforts. Topping that list are the chief transformation officer and COO, followed by the CFO and CIO/CTO.

These C-suite peers can most help risk leaders succeed. While they may not be directly involved in managing risk, they can foster the conditions that risk leaders need. It’s these hands-on stakeholders who, if informed of the associated risks, can help set the tone, tempo, direction and budget for risk management priorities.

For example, the leaders driving transformation around embedding new technologies into the business model — the C-suite’s top-ranked strategic priority (27%) — have considerable influence over the funding, scope and cadence of risk management activities. It’s in risk leaders’ interests to help their peers understand the business imperative of trust-by-design, rather than speed alone.

What you can do

  • Know the organization, culture, incentives and performance measures that motivate each executive you engage with. Tailor your message and approach accordingly.

  • Start building trust and forming key relationships before a major transformation gets underway. This can help make sure you’re included early in the process when it matters most.


PwC Pulse Survey: Business reinvention PwC Pulse Survey: Business reinvention

Cautious to confident Cautious to confident Cautious to confident

Assessing risk requires many inputs, plus judgment

39%

apply mostly or purely qualitative measures to assess reputational risks


Assessing an organization’s exposure starts with a mix of qualitative and quantitative measures, depending on the type of risk. Risk leaders are applying predominantly quantitative measures to financial risks (64%) and operational risks (50%), while using mostly or purely qualitative measures for reputational threats (39%) and compliance and regulatory risks (36%). But, regardless of the type of measure, these inputs are just that — data points, not a final determination.

A trustworthy risk assessment requires the knowledge and judgment of an experienced risk professional. Consider what’s involved in assessing the materiality of a cyber incident, for example, which can require a high degree of judgment integrating both qualitative and quantitative factors, including inputs from the company's IT/security, finance and legal departments.

For transformation initiatives, project managers leading those efforts will often apply risk assessment tools to quantify the company’s exposure — and those numeric scores have value — but they don’t replace the considered opinion of a risk professional who’s consulted with key stakeholders. Risk quantification is necessary but not sufficient. Ultimately, it comes down to judgment.

What you can do

  • Educate stakeholders on the value of risk perspectives and on the need to go beyond the numbers and exercise judgment.
  • For assessing complex risks — especially those that require public disclosure — establish a process to gather inputs from the right people, confirm the information you need and document the basis for your assessment.

 


PwC Pulse Survey: Business reinvention PwC Pulse Survey: Business reinvention

About the survey

Our latest PwC Pulse Survey, fielded August 1 to August 8, 2023, surveyed 609 executives and board members from Fortune 1000 and private companies about the current business environment, the risks executives are facing and their company’s strategic plans and priorities. Of the respondent pool, 64 were risk leaders.

Contact us

Tiffany Gallagher

Tiffany Gallagher

Principal, Health Industries, Cyber, Risk & Regulatory Leader, PwC US

Vikas Agarwal

Vikas Agarwal

Financial Services Risk & Regulatory Leader, PwC US

Joseph Nocera

Joseph Nocera

Cyber, Risk and Regulatory Marketing Lead Partner, PwC US

Matt Gorham

Matt Gorham

Cyber & Privacy Innovation Institute Leader, PwC US

Follow us