Tomorrow Takes
trust
73%
Customer loyalty
How trust benefits your business
Q: To what extent does building trust in your company, internally and externally, help improve the following? (Response to ‘A lot’)
Source: PwC Trust in US Business Survey, Sept. 16, 2021: base of 503 business executives
—MOHAMED KANDE
VICE CHAIR, CONSULTING SOLUTIONS
CO-LEADER AND GLOBAL ADVISORY LEADER, PwC US
“Each leader in an organization is likely to work with stakeholders with varying definitions and expectations of trust. It is important that leaders consider those different perspectives as they seek to establish and foster trust.”
© 2022 PwC. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
©2022 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy (Your California Privacy Rights) | CCPA Do Not Sell My Information Fortune may receive compensation for some links to products and services on this website. Offers may be subject to change without notice. Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions. | EU Data Subject Requests
58%
Positive reputation
56%
Expanding into new areas/markets
57%
Revenue growth
52%
Employee recruiting/retention
54%
Strong relationships with regulators/policymakers
54%
Brand equity/brand protection
55%
Growing customer base
48%
Strong analyst feedback
50%
Access to capital/financing
To profitably grow your business, embrace risks—and your risk professionals
Embracing risk and your risk leaders can help with growth—and help stave off a big mistake. You can win trust with stakeholders by anticipating and managing risk, says PwC’s Elizabeth McNichol.
You wouldn’t dive into a pool without knowing how deep it is, or without knowing how to swim. Likewise, no enterprise ought to plunge into a large-scale program without first appraising the risks and forming a plan to address them. And yet, we often see clients forging ahead with transformative programs before thinking about what might go wrong, and how they might address issues if they arise.
A company dedicated hundreds of millions to creating and launching a new product without first determining the regulatory environment that would make the product viable. (Spoiler alert: It didn’t.) When this company called us in to perform a baseline risk assessment, their developers and design teams were already hard at work building the product. But we found a number of flaws in the business case.
The client had miscalculated the benefits it stood to gain from the software, for example. In the business case, it had not placed emphasis on the need for legislation to pass before the application could be viable. We found no indication that there was even a market for the app.
Our reports led the company to cancel the project after the enterprise had already spent a quarter of the costs—still saving three-quarters of the project costs.
How can something like this occur? A combination of lack of communication, collaboration, and governance. The lack of governance over product development is an underlying cause in many cases. Rather than collaborate and coordinate with other functions, including technology and operations, product management could initiate a project on its own. As a result, it could miss information that might have dissuaded the organization from even embarking on the project.
Bringing risk professionals to the table from the start might well have saved this client most, if not all, of the money and time it spent on this aborted effort.
Risk gets a bad rap
Given the upside of assessing risks, why do organizations so often not consider it from the start? One reason may be that they are stuck in old paradigms.
Risk management tends to be seen as a drag on business, slowing progress and hindering success. And yet, among U.S. chief risk officers responding to a recent PwC Pulse Survey, 72% said capitalizing on digital transformation opportunities is imperative for business growth. Asked what the biggest challenge to risk management is today, keeping up with the pace of transformations in their organization was cited by 79% of close to 3,600 business and risk executives surveyed in PwC’s 2022 Global Risk Survey.
“There’s no secret sauce to building trust, but proactively communicating with stakeholders about what you’re doing to build trust—and backing those words with action—is a critical step. Every company has a story, and business leaders need to make sure that the story they are telling is authentic to the company’s actions, operations, and its culture; what we do as organizations isn’t just about numbers—it’s about people, the communities we serve, and making a lasting impact.”
—WES BRICKER
VICE CHAIR - TRUST SOLUTIONS CO-LEADER, PwC US
Note: This article was created by PwC.
How should I handle metaverse governance and security?
The metaverse right now doesn’t have a lot of governance rules. It also offers many new attack surfaces, including through virtual goggles—potentially causing traumatic experiences. New kinds of metaverse-specific crimes are emerging such as “pump and dump” non-fungible tokens (NFTs) and other fraudulent metaverse investments involving crypto tokens.
For governance, get up to speed on decentralized autonomous organizations (DAOs) built on voluntarily, agreed-upon rules enforced by a computer program that runs on a blockchain. For cyber defense, consider security measures at the services level that accompanies your assets as they travel through the metaverse. Reassess vendors and partners to see that their platform providers and cybersecurity firms have updated their security playbooks for the metaverse.
How can I trust digital identities in the metaverse?
In the metaverse, people, assets, and organizations may own their digital identities, complete with data, history, and assets that they can use anywhere. This is different from today’s internet, where customers, assets, and employees generally have specific identities just for specific companies or a particular platform or application. This decentralization may make it harder for you to trust identities and protect your stakeholders.
To boost trust, consider blockchain-based credentialization services and metaverse versions of multifactor authentication and multi-signature verifications. Software can help detect anomalies and impersonations. You may also want to join one of the coalitions developing digital identities to help ensure that they’ll meet your needs. At the same time, monitor other coalitions for opportunities to adapt their data governance and authentication strategies.
How can I offer stakeholders a trusted metaverse experience?
A privacy violation or attack could be intensified if suffered when immersed in a three-dimensional world. When your stakeholders enter your virtual spaces, they’ll be trusting you to protect them. Your brand could pay dearly if users experience aggression, extreme behavior, privacy violations, or misinformation within your metaverse environment.
If you participate in metaverse environments like virtual storefronts or entertainment, consider new protocols and controls, including third-party oversight, as well as impartial content moderation teams to cut down on misinformation, harassment, and abuse. You may also need to adapt your privacy controls to a digital world that allows its users to do much more, and reveal much more, than on the internet today.
How do I build trust for when no one is looking?
Even after your customers or employees remove their virtual reality (VR) or extended reality (XR) headsets, smart contracts in the metaverse will keep enforcing agreements and trading assets. Digital products will remain on digital shelves, ready for other digital users to buy them. Virtual machines will keep producing virtual widgets.
To make sure that your company’s virtual activities work as desired, rethink digital services, monitoring, and controls. Blockchain, when combined with artificial intelligence (A.I.), can in some cases automate the authentication of identity, assets, transactions, and contracts—helping maintain trust in ongoing metaverse activities. And independent teams, internal and external, may be used to audit both smart contract code and its underlying hardware and software infrastructure.
Authors
Frank Badalamenti
Roberto Hernandez
Vikram Panjwani
Emmanuelle Rivet
© 2022 PwC. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
©2022 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy (Your California Privacy Rights) | CCPA Do Not Sell My Information Fortune may receive compensation for some links to products and services on this website. Offers may be subject to change without notice. Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions. | EU Data Subject Requests
Note: This article was created by PwC.
Risk leaders have read the room. We have seen that in the Agile Age, “slow and steady” does not win the go-to-market race.
Risk professionals today are more about embracing risk than avoiding it. We understand the importance of innovation and risk-taking for business growth, provided that the risks are calculated. Rather than putting on the brakes, we serve as nimble-footed, agile enablers of progress and change. We aren’t so much interested in slowing down processes as in helping to set up the guardrails an enterprise needs to move confidently, securely, compliantly—and quickly. After all, every transformation and innovation that the business embarks on can only bring sustained outcomes if they can be trusted by stakeholders. Risk professionals can help bring the trust lens to the boldest moves of the business.
Expecting the unexpected
Even when problems emerge that no one could have predicted—a global pandemic, for instance—it pays to have risk teams already in place so that the business can pivot gracefully and quickly enough to sidestep major issues.
A couple of years ago, a client invited our risk teams to get involved at the beginning stages of a major project. The company envisioned a disruptive new technology platform to expand and enhance its services. This platform, the client thought, could change the way the entire industry does business.
This project’s many components required keeping many balls in the air, including a major technology overhaul, organizational change management and the formation of new business partnerships. Recognizing that it shouldn’t embark on this complex venture without a clear view of the risks, the client engaged us from the start.
The company had one specific request: to be agile. Because the company planned to use an Agile methodology to tackle this enormous undertaking, breaking the project into smaller, more manageable parts and addressing them in short bursts of work, or “sprints,” they asked us specifically to take an agile approach to risk management, as well.
To do so, we worked closely with the project team to assess and respond to risk at every phase. During each sprint, we considered aspects of risk that corresponded to the project sprints: examining project planning and governance, scrutinizing the business case, looking at the company’s development and testing procedures, helping to improve change management, and so on.
One problem we found: Their ad hoc testing lacked structure or strategy to quickly progress through the heavy workload. Without a testing plan that included boundaries, we told them, they wouldn’t know when they were finished, and could get bogged down. Project managers agreed and set up a process for testing and acceptance to quickly move on to each new phase.
The risks we identified may have seemed small, but that’s the point. Using an agile risk-management process let us alert the client to risks as we found them or as they arose. This approach allowed the client to catch the risks before they flared up into problems and issues. It helped prevent risks from snowballing into larger problems that could threaten the project’s timeline.
Contrast this client’s experience with one who gets a massive report from us after a six-week assessment with perhaps dozens of findings—a situation so potentially overwhelming that some risks might never get addressed at all.
Then the COVID-19 pandemic introduced new risks. But this particular client adjusted quite easily, taking in stride changes in the marketplace and the workplace because it had already laid the groundwork for project success. And because we were on board and familiar with the platform and the processes that had brought it this far, we were able to assess, advise and support at every turn.
The product launched on time, succeeding despite the unknowns introduced by the pandemic. Far from slowing this project by throwing up obstacles or urging them to pull back—the outmoded expectation of those who don’t understand risk’s modern role as “growth enabler”—we helped this client move more quickly from idea to launch to success.
Risk as “governance whisperer”
Sometimes the greatest obstacle to a project’s success has less to do with the product than with the personalities of the people involved.
Politics has often stymied many a project’s progress. Various functions pursue their interests, goals, and expectations in ways that are not always for the good of the project. The “elephant in the room” that everyone sees but no one acknowledges, politics can pose an enormous risk, but it’s not often discussed inside or outside the office.
Personalities may clash, especially when tensions rise. People may struggle for dominance or even just to get their ideas heard. The potential for office politics is a very good reason to bring in third-party risk managers at the start of a project. Having an objective third party running interference in interoffice conflicts or acting as the “bearer of bad news” can prevent potential problems being swept under a rug or bogging down progress.
Members of our risk team took over one client’s project management office completely. They orchestrated the nitty-gritty, day-to-day details and kept track of progress on every front—and reported weekly to the chief financial officer and controller. These officials relied on us to give them the facts, information that a company employee might have soft-pedaled or even withheld.
In this way, we acted as “governance whisperer,” discreetly letting higher-ups know who, and what, needed help for the project to succeed. In some cases, we forwarded thoughts and ideas from individuals who felt unheard by their managers.
When risk professionals bring objectivity and the disciplines of risk management to initiatives that mean the most to the growth trajectory of a business, the CEO who ultimately owns all the risk can trust the process, progress, and outcomes.
When growth itself is a risk
Companies whose growth strategy centers on mergers and acquisitions have risks of their own to consider, including an extraordinarily fraught digital transformation.
One of our clients has grown via a series of acquisitions and is now a multinational organization with many dozens of offices around the world. Working amid the resulting patchwork of business processes was time-consuming and fraught with its own risks. To smooth the way for further growth, the client decided to standardize how it does business by using organization-wide enterprise resource planning (ERP) and systems applications and products (SAP). Implementing these was an enormous task.
By bringing in risk teams from the get-go, this company avoided many of the procedural and compliance headaches it might have suffered trying to standardize on its own. We zeroed in on financial and tax reporting, as well as controls automation, and helped this client position itself to expand into more markets and acquire additional companies in a less risky manner.
How to truly embrace risk
Unfortunately, it’s not the norm for companies to get a baseline risk assessment at the start of a digital initiative or new product development.
More often than not, clients take the plunge without knowing what to expect or how to achieve the outcomes they want or need. It’s not uncommon for us to hear from a project team six months or even three years in, asking for help as they delay a launch yet again.
New business ventures are invariably a struggle. How difficult yours will be depends on a number of factors, including the complexity of the project and of your organization. This much, however, we can say across the board: You are much more likely to reach your goals when you’ve laid the proper groundwork—including risk—before beginning. Profitable growth, not just growth. Sustained outcomes, not one-hit wonders. Transformations that CEOs, boards, customers, partners, investors, and communities can trust.
Embracing risk is the linchpin of business success. So why would you not include risk professionals in your project from its start? Plunging in without their guidance is its own form of risk avoidance—one that could very well set you up to fail.