On 27 and 28 March 2019, at PwC’s Risk Summit in Boston, PwC senior leaders and consultants in the risk assurance and consulting practices shared with their clients and over three dozen industry analysts their vision of how digital technologies are transforming both risk management and business performance.

Key takeaways

• Digital transformation does not require big top-down projects.  It can be enabled through a program that supports large numbers of smaller projects.
• Data governance is critical to the success of digital transformation projects, particularly those involving artificial intelligence (AI) and advanced analytics.
• For Governance, Risk and Compliance (GRC) professionals, robotic process automation (RPA) can dramatically reduce the amount of grunt work, and advanced analytics offer opportunities to improve business decision making.  However, as digital transformation progressively increases the adoption of these and other emerging technologies, the lines that separate risk management, compliance, and internal audit functions blur.
• PwC is engaged in the development and licensing of software and has even started selling hardware for risk management.  For example, a patent-pending indoor geolocation platform demonstrated at the event enables employees to request assistance to their exact location using a staff alert device.

PwC wrapped their Risk Summit around the theme of digital transformation, knowing full well that digital transformation is an overused term.   Certainly, chief risk officers and other GRC leaders could be forgiven for kicking the next consultant who uses the phrase out of the office.  Yet, considering the many live case studies and the emerging technologies workshops at the summit, no better term comes to mind that expresses the tremendous changes in business models and business operations that are being enabled through digital technologies. 

PwC has become in part a software and products company.

As evidence of the reality of digital transformation, PwC has become in part a software and products company.  The “accounting” firm demonstrated several software products, including solutions it licenses for continuous transaction monitoring, safety risk management, augmented reality, intelligent automation, IoT, blockchain auditing, and others.  PwC demonstrated a patent-pending IoT device that it offers along with integration services to various emergency and alerting applications.

Digital transformation is the new reengineering

The last time businesses transformed so rapidly was during the 1990s and early 2000s when the convergence of client server networks, the internet, and enterprise software enabled the disintermediation of supply chains, enabling new efficiencies and the redistribution of work around the globe.  Hammer and Champy coined the term “reengineering” to describe the process transformations and accelerated business performance that could be enabled through IT.

Digital transformation is really the reengineering of business process reengineering into an iterative, agile and continuous process!

Reengineering was a top-down approach to wiping the slate clean and dramatically transforming business operations.  It was big-time projects and wholesale change.  While many companies saw benefits, few saw the dramatic improvements that were promised by reengineering champions, and there were also mammoth failures.  With the advent of digital transformation, the big shift has been to fast, iterative steps, where possible, while getting continuous market and workforce feedback, and adjusting on the fly. Digital transformation is really the reengineering of business process reengineering into an iterative, agile and continuous process!

PwC clients who spoke on panels at the summit offered a multitude of insights into digital transformation, but the one common thread was the subtlety of digital transformation initiatives.  Rather than a massive top-down reengineering effort, the approach to change with new technologies was the ability to create great value with small changes – sometimes many small changes.  Here are some examples:

• Anti-corruption – A large West Coast technology firm found in hindsight that during investigations of corruption incidents, the data to indicate a potential high-risk deal had always been available but had been missed by those responsible for ensuring compliance and approving sales.  Applying advanced analytics, the firm created a digital tool to risk score sales transactions from 0 to 100.  Deals with high risk scores get a detailed second look.
• Asset risk and performance – An edge computing provider that digitizes data on physical things illustrated how its chip technology can improve asset risk management and performance.  A chip embedded in an asset during manufacturing stores all records associated with that asset, e.g., when it is received, when it is put into service, and what preventive and corrective maintenance is performed.  The chip is normally disconnected from the internet and any other networks and applications, and the data travels with the chip.  The example illustrated at the summit was the availability of proper safety flotation devices in an airplane.  A technician can quickly scan an entire plane, and the chips on the flotation devices report key information, such as the presence of the device and its expiry date.  Manual inspections to validate that the devices are present and not expired become unnecessary, and manual errors are eliminated.  The chips enable confidence in safety, reduce the time associated with inspections, and create and store auditable records of compliance.  Edge computing capabilities can query the chips when the records are needed for performance, audit, or compliance reasons.
• Alerting Services – A major hotel chain needed to comply with a new City of Chicago ordinance requiring that housekeepers be provided with individual means of sending an alert that they were in danger.  In a preliminary discovery meeting with the client, a PwC partner by chance happened to have with him a small device that fit the bill. However, geolocation within a hotel is a three-dimensional challenge and requires more precision than what is available through a smartphone.  The solution was to use a multitude of pre-existing signal sources such as wifi access points and other specialized systems already in the hotels to provide precise geolocation within eight meters.  In other words, the solution took advantage of a pre-existing internet of things (IoT).

Digital transformation through citizen-led innovation

With digital transformation there certainly can be major strategic initiatives that require a top-down approach to planning and execution.  However, due to resource constraints and limits on any organization’s ability to absorb major changes, most enterprises have just one or two strategic initiatives at any given time. 

There are hundreds and even thousands of opportunities within a medium-sized or large enterprise for citizen-led digital transformation initiatives. 

That doesn’t mean that digital transformation has to await the approval and execution of strategic initiatives.  As RPA and data analysis tools become much more user-friendly, there are hundreds and even thousands of opportunities within a medium-sized or large enterprise for citizen-led digital transformation initiatives. 

PwC offered itself as an example.  In a firm-wide program, over a thousand PwC employees have received in-depth training on data tools and RPA. Within their own offices and teams, these Digital Accelerators identify innovation opportunities both within PwC and for new market-facing solutions.  Not only have they accelerated the adoption of automation within the firm, the turnover rate of Digital Accelerators is half that of the rest of the firm.

Digital transformation blurs the three lines of defense

Looking into the future, many of the digital technology capabilities demonstrated and discussed at the summit cross the three lines of defense – business units, risk management and compliance, and internal audit. For instance, audit analytics and compliance use the same taxonomies, data, and advanced analytics approaches.  An anti-corruption digital tool that provides opportunities for risk scoring of deals, enables better business decision making as well as compliance. 

Audit and compliance functions especially may blur, and augmented intelligence, combining AI and RPA, could do away with much of both functions.  As the business value of risk data becomes more apparent to line of business leaders, more risk management responsibility is shifting from the 2^nd to the 1^st line.  A client executive on one panel shared how he had elements of all three lines of defense reporting within his organization. 

Recommendations

• Business and GRC executives should think of digital transformation not only in terms of large projects, but also as an ongoing program to infuse solutions based on digital technologies throughout the enterprise. 
• For any projects involving advanced analytics, data governance is a prerequisite for success.  For this reason alone, it is advisable to start with smaller initiatives, get the data governance right, and then expand.
• To gain immediate benefits from advanced analytics, RPA, AI, and other emerging technologies, set up small teams of advanced technology experts who can train and support digital accelerators who will infuse solutions throughout the enterprise.
• GRC executives should ensure rigid adherence to the 3 lines of defense model does not inhibit the infusion of new digital solutions. 

This analysis also appears on The Analyst Syndicate.