The global marketplace has never witnessed an environment so fraught with peril and filled with promise.
By Dean Simone
In 2012, the forces of change that had shaped business over the previous decade coalesced to become the new normal. Globalization, the rise of emerging markets, the ever-deeper penetration of data technologies and third-party service providers, the increased influence of external stakeholders, and continued repercussions from the global recession of 2008–09 combined to produce a new environment of uncertainty and complexity, where exogenous risks could come swiftly and unexpectedly, with far-reaching ramifications.
To cope with these new market realities, senior executives began to rethink their risk attitudes and approaches. Many companies initiated business transformation efforts to position themselves for success in a fast-changing marketplace.
In 2013, executives remain concerned about external market risks even as they retool their organizations to meet new challenges. Our survey of more than 800 executives and risk managers shows that continued recessionary pressures, global financial shocks, increased taxation, and excessive government austerity are seen as likely risks that could have serious consequences for business in the year ahead. But with the world economy showing some signs of recovery, executives should be prepared to seize new opportunities should a global upturn come later in the year.
Widespread business transformation is adding further complexity to the global risk landscape, as senior executives respond to global market shifts by making fundamental changes to their companies’ strategies or operations via avenues such as mergers/acquisitions/ divestitures, large-scale outsourcing/offshoring, enterprise-wide IT change or organizational restructuring, value-chain optimization, etc. Our survey found that since mid-2011, more
than two-thirds of our responding companies have undergone a major business transformation, while another 10 percent plan to do so over the next 18 to 24 months. Corporations are building new business models, tapping into digital channels, and expanding into new geographic markets. At the same time, they’re rethinking globalization strategies, including where to source supplies and locate production and research and development facilities. Some companies are reshoring operations to home markets to take advantage of cost differentials and logistical benefits.
These changes in business direction can expose companies to new risks, including data security, intellectual property abuses, and political and regulatory pressures in emerging markets, not to mention the possible failure of the new strategies themselves. Further complicating matters, the interplay of market and business transformation is creating complex risk linkages that can be unpredictable, fragile, and difficult to detect. Simultaneously, the demands and expectations of external stakeholders are gaining ever more power: Investors have less tolerance, customers are demanding more for less, and digitally empowered consumers are pushing companies on issues such as sustainability, fair-labor, and local sourcing. Such stakeholder influence further complicates the risk environment, and accelerates the speed and severity with which companies are punished for their mistakes, in both the media and the marketplace.
This study, carried out in November and December of 2012, presents insights from our survey of more than 800 executives and risk managers with businesses worldwide, highlighting companies’ views of the current risk landscape and the steps they’re taking to address that new environment. Our survey findings indicate that in the coming year, companies’ key strategic responses will relate to:
Resilience. Companies are pushing harder to build resilience to emerging risks. Over the next 18 months, more than half of our responding companies will be applying horizon scanning, early-warning systems, scenario planning, and flexible risk appetite statements.
People and organization. More companies are taking organizational measures such as developing risk-related performance incentives and conducting talent audits to identify skills gaps. Our survey respondents plan increases of 79 percent and 69 percent, respectively, in their use of these measures.
Technology. To address growing risks from digital technology and social media, companies will nearly double their use of intellectual property, brand, and reputation audits over the next 18 months and take measures to mitigate the risks that are uncovered.
Next-generation risk analytics. Across industries, companies will draw on more sophisticated techniques to identify hidden patterns and risk linkages in large sets of data. The fastest growing tools will include integrated risk data warehouses (whose use is expected to double) and risk dashboards (which will increase by 50 percent).
2012: Adapting to New Market Realities
In 2012, companies continued to adjust to market shifts created by rapid technological change, globalization, the rise of emerging economies, and the economic fallout from the 2008–09 global recession. Over the course of the year, as earlier norms failed to reassert themselves, companies began to accept that uncertainty and complexity were not just short-term effects of recent economic and financial crises, but hallmarks of a new business environment.
In response, companies not only changed their risk thinking, but also recast business strategies and models through accelerated cycles of transformation—and this in itself produced another fundamental change with which senior executives had to contend: Not only had external events become more unpredictable and far-reaching, but business transformation itself was creating new and more complex internal risks. To cope, a fresh approach to risk management was needed.
In today’s business ecosystem, where organizations and markets form a complex, interlocking, global web, risks can emerge and metastasize quickly, cascading across markets. In 2012, for example, the effects of Hurricane Sandy spread far beyond the storm’s impact zone, as the two-day shutdown of Wall Street upset financial activities worldwide, the closing of Northeast ports and airports disrupted global supply chains, and power outages and flooding at data centers disrupted Internet linkages. In the same year, cyber-attacks on the biggest U.S. banks showed that even the most protected computer systems were vulnerable to unforeseen shocks.
During the year, executives also saw some much-feared potential cataclysms fail to materialize. Despite predictions of a contagion effect from the Greek financial default, weaker Eurozone countries such as Spain, Italy, and Portugal avoided their own economic collapse. Similarly, China sidestepped its own economic crisis by turning a burst real estate bubble into a soft landing. And as the year drew to a close, the U.S. Congress managed to hammer out a solution to the so-called “fiscal cliff” of automatic tax hikes and spending cuts that were to take effect on January 1, 2013.
Against this backdrop, corporate boards pushed for better risk systems to cope with shocks and increased complexities. As a result, risk executives across industries expanded their repertoire of risk management techniques, from scenario analysis to stress testing. Because of the apparent increase in unknown risks, many companies put greater emphasis on building organizational resilience and contingency planning.
Executives realized last year that the market had entered a sustained period of global economic instability and structural change. The long-held assumption that emerging markets were inherently riskier than developed markets began to be called into question. Faced with low growth, heavy debt, and high unemployment in the industrialized world, economic influence was shifting to the emerging markets, which, despite greater operating difficulties, continued to gather strength as centers of economic activity.
In 2012, companies began to incorporate this new reality into their planning. Working in conjunction with senior management, risk executives adjusted their assessments and strategies for coping with the reverberations from these changes, which could include economic and financial volatility, political, and regulatory change, and market pressures on resources from commodities to human capital.
Even as companies adjusted their risk strategies to cope with black swan events and global market changes, they were also faced with increased demands and expectations from outside stakeholders—a powerful, cumulative force that elevates the risks associated with globalization, data technology changes, and other trends.
The slow recovery of the U.S. economy, economic and fiscal worries in Europe, and other forces have made investors more risk-averse, even as companies make transformational decisions that require an expanded risk tolerance in pursuit of greater growth. Regulators, empowered by governments reacting to recent economic events and business scandals, are expanding their oversight. Customers are becoming more demanding as their options increase. And digitally empowered consumers are pushing companies on issues such as sustainability, environmental standards, fair-labor, and local sourcing. Such stakeholder influence has further complicated the risk environment, and accelerated the speed and severity with which companies are punished for their mistakes, in both the media and the marketplace.
Across industries, the depth of market change required a move from rigid risk cultures focused on identification and compliance to risk-aware cultures that accept risk management as an integral part of business. To nurture this new culture, companies began to adopt a more holistic risk management approach, ensuring that the full management team worked together to integrate risk into its strategic thinking. Boards became more active in the governance of risk, and the role of the chief risk officer (CRO) expanded to encompass new areas that required new expertise, including digital business acumen and collaborative management skills.
At the same time, senior management teams pushed forward with initiatives designed to cope with market shifts brought on by economic realignment, globalization, and technology disruption—but that very process of business transformation opened the door to new threats, including heightened risk of cyber-security breaches, reputational risks from social media, and shortages of talent to drive new strategic imperatives. Market and business transformations were working together to create a convoluted web of risk interrelationships.
2013: The Risks Ahead
As we move through the early months of 2013, some of 2012’s key global market risks are behind us (the US fiscal cliff) or showing signs of abating (e.g., a potential Eurozone breakup and a China hard landing). But with the Eurozone, the US, and Japan still facing tough fiscal challenges, and the potential for taxation, austerity, and regulatory changes lying ahead, executives continue to keep a watchful eye on the future.
Among the respondents to this year’s risk survey, a major global economic downturn is again seen as the most serious risk over the next 18 months: Nearly two-thirds of respondents cited such a downturn as likely, and nearly three out of four said it would have a major impact on their organization (see Figure 1).
Chief executives responding separately to PwC’s 16th Annual Global CEO Survey were equally apprehensive, with 81 percent saying they were either somewhat or extremely concerned about economic uncertainty and nearly a third expressing worries about a recession in the US. Unsettled economic conditions around the world, combined with fiscal measures to address them, will continue to dominate the corporate risk agenda, and executives see future economic and financial shocks as a distinct possibility.
But some believe the global market turned the corner in 2012, and that these executive concerns about the economy may be rooted in a moment that’s now passed. According to Ken Coy, partner, US Assurance GRC Leader at PwC, “Executives may be worrying about last year’s world, when they should be musing over this year’s opportunities. There is a danger that if executives stay focused on an economic downturn, they may not be able to move fast enough if a market upturn comes. Additionally, companies may not notice the upturn early enough to gain a first-mover advantage over their competitors.”
Regardless of where the economy heads, executives continue to fear that regulators will exercise greater influence over the next 12 months. They are most apprehensive about increased taxation in industrialized markets, which some 60 percent consider a probable event with serious consequences
Similarly, about half of respondents view excessive government austerity measures as a powerful threat, particularly as more nations move to reduce their heavy debt burdens. Executives also remain uneasy about the related risks of social or political change, including potential military flare-ups in the Middle East and greater social unrest in Europe, the latter stemming from record high unemployment rates and anger over government austerity measures.
Business Transformation Complicates Risk Management
To adjust to changing global market conditions, senior management teams will continue over the next year to transform their global business strategies, structures, and operating models. Our survey found that more than two out of three companies have undergone business transformation over the past 18 to 24 months, while another 10 percent are planning such changes over the next 18 to 24 months (see Figure 3). In some industries, such as consumer and industrial products and services (consumer and industrial) and technology, information, communication, and entertainment, and among larger multinationals, the extent of transformation is even greater.
At some companies, transformation is viewed as an ongoing process. “Transformation is a bit of an overused word,” says Michael Monahan, CFO at Pitney Bowes, “but it is part of how you do business every day now. You just continue to evolve your portfolio and business processes to stay ahead of the competition.”
For others, transformation can be sweeping and challenging. Organizational change and restructuring, talent shortages, and greater technology risks are just some of the key transformation- driven risks identified in our survey (see Figure 4). “We’re doing more than we ever have, as people and managers,” says Michael Loughlin, CRO at Wells Fargo. “Our skill sets are being stretched as never before.”
“Ultimately, successful companies are driven by the right people with the right talent brought to bear at the right time,” says Jason Pett, Partner, U.S. internal audit services leader at PwC. “The most successful companies are constantly evaluating their talent needs, both for today and tomorrow. These companies are not afraid to add skills when and where they are needed, whether by hiring new resources or by looking outside the organization to source the skills needed, even if it sometimes appears that individual additions are slightly ahead of the curve.”
The deeper companies wade into global markets, the broader their risk exposures become. With the costs of production rising fast in emerging markets like China, India, and Brazil, many companies are now electing to pursue investments in low-cost frontier markets such as Malaysia, Vietnam, Indonesia, and the Philippines. In accepting the challenges inherent in navigating these markets—unfamiliar operating environments, extended supply chains, complex service interconnections, and a range of cultural issues—companies open themselves up to numerous political, regulatory, commercial, social, and economic risks.
Almost half of the respondents to ok our survey are concerned about risks from entering new geographies and markets, particularly regulatory compliance risks. For Nigel Williams, CRO of Australia’s ANZ Banking Group, the difference between compliance laws across countries is especially vexing: “Some compliance regimes are principles-based, some rules-based, some in conflict with each other. You’ve got to have business executives who are thinking about how to deal with those conflicts.”
For many companies, longer and more complex supply chains are a paramount concern. As an example, Williams notes the recent surge in sales of flat-screen TVs in Southeast Asia: “A large number of companies in various industries contribute to the supply chain for such products,” he points out, “not just the manufacturer whose brand is on the final product. All are affected if one falls victim to a supply-chain disruption.”
According to Dean Simone, leader of PwC’s U.S. risk assurance practice, “Risks from insufficient buffer inventory levels can also arise when companies strive to eliminate supplier redundancies through lean manufacturing, or rationalize suppliers and costs through third-party-vendor risk management.”
On the flip side of globalization, a growing number of companies, among them some large players in the Internet, technology, industrial, and auto segments, are “reshoring” part of their manufacturing back to the US to take advantage of favorable cost differentials and logistical benefits. According to a new study from the Massachusetts Institute of Technology (mit.edu/pie), realizing the advantages of reshoring may be a slow process, since the U.S. must rebuild much of its manufacturing infrastructure and re-create networks of domestic suppliers and subcontractors to accommodate them.
The continuing evolution and ever-wider adoption of new digital technologies across industries will expose individual companies to a broad range of risks in 2013. Close to 60 percent of executives think that business transformation will make their companies more vulnerable to technology risks in general. The danger that major IT programs will fail to deliver expected benefits was the biggest specific risk cited by survey respondents (see Figure 5).
Cyber-security threats—including potential theft of sensitive information and other cyber-crimes—are becoming “a very big issue” for the utility sector, says Anil Suri, chief risk and audit officer at Pacific Gas and Electric (PG&E). “This year in our risk metrics that go to our CEO, we’ve included metrics that track performance related to cyber-security controls that, if compromised, could impact safety and reliability.”
Social media has also led to new anxieties. While companies see social media as a valuable way to reach stakeholders and track opinion, they worry that it opens them up to brand or reputational damage. More than 40 percent of survey respondents say social media is likely to put them at risk in the next 18 months. The issue is especially pressing for banks, which face tighter regulations regarding the marketing of their products and services over social media.
ANZ, a market leader in mobile banking, has invested in controls to protect its data in today’s open digital environment. “You have to participate, and you actually have to lead in that,” says CRO Nigel Williams, “but you also have to make sure you’ve got the controls and protections in place.”
“Companies will not continue to make long-term investments in technology unless they know their intellectual property is protected,” says Melvin Flowers, chief audit executive at Microsoft. Flowers sees this as one reason for the recent trend for companies to locate operations in developed countries, where laws governing intellectual property offer better protections than are available in emerging-market countries.
Executives also worry about emerging technologies that can dramatically shift a company’s competitive position. PG&E’s Anil Suri gives an example: “As battery technologies improve and solar becomes cheaper, traditional energy management business models are not as effective, both financially and operationally. We continue to monitor technology shifts and try to figure out how to be a part of a changing technological landscape, in order to provide the highest level of reliability while being financially competitive.”
In 2013, market and business transformation will coalesce to create more complex, interconnected risks for business. “Globalization, technology, political risk—all of these dimensions are playing out in ways we’ve not seen,” says Pitney Bowes’ Michael Monahan, who believes that traditional risk patterns and assessments shed little light on today’s seemingly random events: “My colleagues at other companies feel their ability to predict with certainty between one or two scenarios is diminished.”
The shift in economic influence from West to East, and corporate strategies to capitalize on this trend, are also leading to new risk linkages and dependencies. According to Nigel Williams of ANZ, the rapid growth of the Asian middle class has made the region more economically resilient. “Rising wages in China are unlikely to dampen East Asian growth,” he says, “since companies seeking lower labor costs are tending to shift production to other countries in the region—like Vietnam, Indonesia, and the Philippines. Chinese investment, too, is now an important ingredient in their growth.”
Understanding today’s risk complexities requires companies to develop what Williams calls a more questioning culture. At ANZ, he says, “Our greatest concerns are big, unexpected losses— not the bell-curve-type risks. We’re trying to get a risk culture that asks, ‘What could be wrong about the current thinking? What assumptions are built into our current thinking that, if altered, might give us different outcomes?’”
PwC’s Jason Pett adds, “Successful companies assess the risk of both action and inaction, over-reaction and under- reaction, and then weigh these risks to make the best risk- and opportunity- informed decisions. When evaluating these complex decisions with multiple layers of risk and opportunity, leading companies are leveraging data analytic models and tools to inform their decisions, measure success, and adjust as necessary as the chosen strategy plays out.”
Risk Impact at Pitney Bowes
Pitney Bowes recently completed a three-year strategic transformation that saw the manufacturer shift emphasis from its traditional postal equipment business to offering web-based, high-value solutions. As part of this move, says CFO Michael Monahan, “We were also driving toward a more variable cost structure and an integrated service model that would allow us to evolve more quickly as opportunities present themselves.”
Becoming a more agile company enhanced the role of risk management as well. Pitney has a decentralized structure that places ownership of risk with its functional and business leaders. Scenario planning, for example, is done at the functional level, with stress testing reserved for risks related to financial and other corporate-wide activities. A risk council of senior executives meets once a month to review 16 company-wide risk categories. The council can decide to shift emphasis depending on its changing views of each category’s impact on the company.
“We also try to make sure that if a risk is being addressed in one area, that there isn’t redundancy in another,” says Monahan. Over the past year, however, as the strategic transformation effort concluded, the company has made changes in risk management that reflect the fact that it is now in a wider range of businesses with potentially greater exposure to new and interlinked risks—for example, through the web.
Explains Monahan: “We’ve regrouped our risks to align more with things that are interrelated, such as anything with an IT association, so we can look more comprehensively at their interdependencies and streamline the mitigation process.”
Dean Simone is a partner at PwC, where he heads the risk assurance practice.