A recent survey reveals Chief Risk Officers (CROs) are facing five pressures — de-risking, growth and strategy, regulatory compliance, effectiveness & efficiency and cost-takeout — that require the acceleration in the transformation of the risk function to adapt to change. According to the new 2023 KPMG Chief Risk Officer survey, CROs report the greatest challenges in risk management also rank within the top areas they feel least prepared to address.

To complete the report, from July to September 2023, KPMG LLP and Forbes Insights conducted an online survey of 390 enterprise risk officers representing U.S. organizations across six industry sectors with at least $4 billion in annual sales or $25 billion in assets under management.

According to the report, these five mounting pressures are accelerating changes in organizations’ risk management function:

1. De-risking 

• CROs say the most significant future risks are also those that they feel least prepared to address: regulatory/compliance risks (28% moderately prepared or worse), economic downturn/recession (40% moderately prepared or worse), and macro/geopolitical risks (37% moderately prepared or worse).
• Technology disruption (such as generative AI) and outdated systems rank as middle-of-the-road threats in the eyes of CROs, while 70% of CROs say they are well prepared or very well prepared to address these risks.
• The majority of CROs, 80%, are also confident in their organizations’ ability to handle cybersecurity threats and data breaches today, while 53% rank cybersecurity measures a priority risk area to modernize in the next two years.

2. Growth or strategic change

• 82% of CROs indicated that they have a high level of support from the C-suite in terms of sufficient budget and attention to risk management. Most of those that lack support say they want greater alignment of risk management to business strategy.
• The risk activities set to be strengthened most over the next two years are emerging risk and trend analysis, risk strategy alignment with the business, and data analytics and predictive modelling.

3. Regulatory compliance

• It is no surprise that regulatory and compliance issues are the biggest expected risk management challenges in the next 2-5 years.
• Regulators/government agencies (33%) and stakeholders/investors (22%) are creating the most pressure and interest around risk management.

4. Effectiveness and efficiency

• 88% of organizations will increase risk management budgets by at least 5% in the next 12 months.
• CROs cited artificial intelligence (AI) and machine learning (ML) as the most vital digital tools to accelerate risk management processes in the next five years, followed by cloud and cyber solutions.
• Three-quarters of companies use AI and ML in their risk management practices, with the leading use cases being monitoring success of implemented tools and considering technical feasibility and alignment with organizational capabilities.
• CROs are also focused on building out the skills and capabilities on their teams, particularly in: improving data, analytics and visualizations/dashboards; increasing training for employees in targeted areas; and increasing diligence in policy management, controls and employee accountability.

5. Cost takeout

Cost takeout is the reduction in the overall costs associated with the governance, maintenance, oversight and execution of risk requirements and practices.

• The top areas organizations will consider outsourcing are: strategic risk management and planning (33%); financial risk analysis, including market, liquidity and credit risks (33%); cybersecurity and threat protection services (33%); and technology-driven risk management, such as AI/ML implementation and oversight (32%).