Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:50 PM
Dark Reading
Dark Reading
Products and Releases

Uncertainty Brings Heightened Risk Awareness In New Era, Says PwC US

First annual report, titled Risk in Review, examines the state of global risk and discusses risk management approaches

NEW YORK, March 19, 2012 –Economic turmoil, political upheavals and natural disasters, all combined with advancing globalization and rapid technology progress, are creating a new era of risk for businesses, according to a new PwC US annual report titled Risk in Review. Based on a survey of more than 1,000 executives and risk management leaders, the report examines the state of global risk, and discusses risk management approaches companies may take to better cope with the ever-widening risk landscape.

Separately, PwC today launched a new on-line benchmarking tool to enable companies to benchmark their risk profile in comparison to their peers and the industry.

“2011 marked a year of reckoning, and many companies are still struggling to create an effective approach to managing the ever-widening risk landscape. Businesses are scrambling to fix weak links in their systems stemming from non-traditional risks such as social media and digital technology, to dealing with the realities of operating in today’s global marketplace,” said Dean Simone, leader of PwC’s U.S. Risk Assurance practice. “In this new risk era, corporate boards and senior management have a crucial role to play to ensure they set the right culture and align their strategy to risk imperatives.”

According to the report, forward-looking companies are responding by shifting their risk management focus in several fundamental ways: from internal to external, from operational to strategic and from bottom-up to top-down. To better prepare themselves to deal with unexpected events for the upcoming year and beyond, companies installed new risk management organizational structures, have put in place a new breed of risk management leadership and have adopted innovative techniques such as scenario analysis and predictive indicators.

PwC’s Risk in Review identified the risks ahead for 2012:

Intensifying economic uncertainty: Reflecting concerns about further economic deterioration, economic uncertainty tops the list as the biggest perceived threat as noted by 73 percent of respondents, with 77 percent of financial institutions seeing it as a critical risk.

Increasing regulations: With high unemployment, rising financial insecurity and escalating social problems, 60 percent of participants view regulatory risk as a major threat, and 75 percent of respondents operating in the financial and healthcare sectors consider regulatory change among their most critical risks.

Renewed financial volatility: Nearly 60 percent of respondents cited financial volatility as a paramount risk, with many worrying that the Eurozone debt crisis won’t get solved. More than 75 percent of the firms in the banking and other financial services sectors consider financial volatility as a serious risk.

Growing competition: As trade barriers fall and globalization grows, 63 percent of respondents believe competition will continue to increase. The rise of the digital economy is also adding to the competitive pressures, with 73 percent of technology, information, communications and entertainment (TICE) companies considering increased competition as the most critical risk.

Data privacy and security threats: The pervasive use of the Internet and social media will catapult data privacy and security risks to a higher perch on the risk agenda, according to the 56 percent of participants, a jump from 28 percent in 2011.

Competing for talent and labor: The ability to access the right talent and labor represent a major risk for more than half of the respondents in 2012, as compared with 25 percent of companies that cited it as a top risk in 2011.

“There is an increasing pressure on leaders from boards and senior management to adopt stronger measures to prepare for the evolving risk landscape,” continued PwC’s Simone. “Companies need to assess their risk management approach by taking a holistic view and thinking beyond traditional risk frameworks to focus on the right strategic risks that they can identify, as well as those that are unexpected.”

To address the new realities of the growing global risk landscape, PwC recommends the following risk management approaches for 2012:

Increasing cross-communication: Place greater emphasis on communications and data sharing in 2012 and take steps to improve cross-functional and departmental communication.

Improving data quality and reporting: Enhance global economic teams to help improve data quality and put in place improved processes for reporting data. Different business units should meet periodically with different business units to review and exchange information and data as a form of early alert to possible upcoming risks to the business.

Better forecasting and scenario analysis: Leverage more sophisticated tools such as early-warning systems and contingency plans to reconfigure approaches to manage risk (i.e. set up scenario models or Monte Carlo analysis geared to the nuances of the business, run models as events unfold, etc.)

Elevating the CRO: Put risk management role on the proactive offensive instead of reactive defense by giving CROs more cross-functional access and ability to effect decision-making.

Integrating risk management: Manage risk holistically by continuing to integrate risk management into decision-making processes relating to “traditional” functions (i.e. strategic planning). Don’t exclude new areas of risk (i.e. talent management and outsourcing), but address and integrate them into decision-making processes.

Bolstering IT: Address data privacy and security concerns and take stock of where to build better processes, practices, procedures and technical defenses. Shifting technology and heightened competition for new customers in new markets are also exposed to more risks, so it’s imperative to study the setbacks and successes of peers who pioneered the use of these new technologies.

Greater board involvement: Understand the risks facing a company and have in-depth discussions with management to make sure those risks are being handled properly. The discussion should also cover potential risks that are not yet on management’s radar and what the implications of those emerging risks might be.

“With today’s complex, volatile and uncertain world, risk management leaders have their work cut out for them, especially with the fact that risk is always changing. Companies must adopt a new and more robust approach to defining, communicating and managing their global risk profile,” concluded Simon.

To download a full copy of the report, Risk in Review, please visit: http://www.pwc.com/riskinreview

About PwC’s Risk Assurance practice

PwC understands that significant risk is rarely confined to discrete areas within an organization. Rather, most significant risks have a wide-ranging impact across the organization. As a result, PwC's Risk Assurance practice has developed a holistic approach to risk that protects business, facilitates strategic decision making and enhances efficiency. This approach is complemented by the extensive risk and controls technical knowledge and sector-specific experience of its Risk Assurance professionals. The end result is a risk solution tailored to meet the unique needs of clients.

About the PwC Network

PwC firms help organizations and individuals create the value they’re looking for. We’re a network of firms in 158 countries with close to 169,000 people who are committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at http://www.pwc.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...