The 2022 Global Risk Survey is a survey of 3,584 business and risk, audit and compliance executives conducted from 4 February to 31 March 2022. Business executives make up for 49% of the sample and the rest is split among executives in audit (16%), risk management (24%) and compliance (11%).
The survey saw the participation of 109 Indian leaders as respondents with business executives making up for 72% of the sample and the rest being divided between risk management (13%), audit (10%) and compliance (6%).
In terms of organisational scale, 81% of the Indian respondents are executives in large companies (USD 1 billion and above in revenues) while 42% are in companies with USD 10 billion or more in revenues. The Indian respondents operate in a range of industries – financial services (12%), industrial manufacturing (17%), retail and consumer markets (14%), energy, utilities and resources (4%), technology media and telecom (35%), health (17%), and Government and public services (1%).
PwC Research, PwC’s global centre of excellence for market research and insights, conducted this survey.
Organisational risk management and broader resilience capabilities need to quickly adapt to support business agility and contribute proactive, robust and timely risk insights for decision making. In an environment where change is constant, risk management capabilities provide the greatest value to board members and business leaders when they are embedded within the organisation’s strategic planning and decision-making processes. Informed by a panoramic view of emerging risks, business leaders can make confident decisions in pursuit of their strategy.
The world is different than it was two years ago and so is the risk environment in which organisations operate. Change is fast and disruptive. The pandemic caused disturbance in the labour market and the supply chain. The current volatile geopolitical environment is further exacerbating supply constraints, heightening cyber risks, introducing rapidly evolving sanctions and putting safety and humanity at the forefront of all decisions. Ransomware attacks are more frequent and more sophisticated, no doubt a driver of cyber’s rise to the top threat to business among CEOs in our 25th Global CEO Survey. The changing work environment brought on by the pandemic continues to disrupt talent and labour markets. Supply shortages, sanctions and rising raw material costs are heightening risks within supply chains as organisations deal with upstream supply chain risks related to subcontractors and other fourth parties that further complicate risks. Customers, investors and other stakeholders are laser-focused on ESG, particularly in light of recent proposed SEC climate disclosures. Each of these risks can cause significant impacts, but because they are also highly interconnected, any one risk can initiate far-reaching implications across the enterprise and put brand and reputation at stake.
Q3b: Please rank the top individual risks that your organisation is most concerned about, in terms of the impact on your organisation’s revenue in 2022?
Base: 109 and 3,584
Source: PwC’s 2022 Global Risk Survey
In this turbulent business environment, many executives find the need to revise and adapt their strategies and operating models at a rapid pace. They know that capturing opportunity and avoiding disruption requires speed. While managing disruptions, organisations are simultaneously dealing with internal digital transformation challenges, and how to bring along internal stakeholders as they automate business processes and drive digital into everything they do.
Organisations’ risk management and broader resilience capabilities need to quickly adapt to support business agility and to contribute proactive, robust and timely risk insights for decision-making. In an environment where change is constant, strong risk and resilience capabilities can provide an edge. Business leaders can make confident decisions in pursuit of their strategy that are informed by a panoramic view of risk.
Our 2022 Global Risk Survey highlights five key actions that organisations should consider to drive their risk management capabilities forward.
Risk management capabilities provide the greatest value to Board members and business leaders when they are embedded within the organisation’s strategic planning and decision-making processes. The environment in which organisations operate is far from static. It changes constantly. As such, strategic decisions are revisited frequently. How risks are managed needs to adapt so that real-time risk insights and analysis can support risk-informed decision-making by stakeholders across the organisation. This means that risk management capabilities must be agile and operate in an iterative manner to reflect the organisation’s changing risk profile. PwC’s survey shows that organisations recognise the importance of this imperative: Nearly eight in ten say keeping up with the speed of digital and other transformations is a significant risk management challenge.
The organisations that have stood out from the pack in the past two years have not just managed risks. They’ve taken on risks, with confidence. These organisations have an agility advantage. They have the right resources engaged in making risk-informed decisions at the right time. Good analysis and modelling is a key component of proactive risk management, as is including risk management capabilities at the start of new projects and other strategic initiatives. Today, less than 40% of business executives are reaping the benefits of consulting with risk professionals early in their programmes.
Key considerations for engaging early and getting risk insights at the point of decisions include:
India | Global | |
---|---|---|
79% | 79% | report that keeping up with the speed of digital and other transformations is a significant risk management challenge |
38% | 39% | of business executive respondents say that they are making better decisions and achieving sustained outcomes by consulting with risk professionals early |
83% | 70% | are prioritising diversity in risk teams |
Q5a: How significant are the following challenges to managing risk in your organisation in 2022? Base: 109 and 3,584
Q19: Which two of the following phrases do you think best describes your overriding feeling towards risk management today? Base: 79 and 1,787 business executive respondents.
Q11a: Thinking about practices affecting the risk management workforce, to what extent is your spend changing on the following in 2022? Base: 109 and 3,584
Source: PwC’s 2022 Global Risk Survey
Organisations commonly use key performance indicators (KPIs) to measure performance against strategic objectives and to support decision-making. The same approach should be used for measuring and monitoring risks. When connected to key business risks, key risk indicators (KRIs) provide leading indicators of the risk environment in which the organisation operates. Movement in KRIs provides early-warning signals to leaders to reevaluate strategies, risk management capabilities and risk mitigation activities. Changes in KRIs can signal opportunity as well as risk. Examples of KRIs to monitor ransomware risk, for example, may include phishing occurrences, number of open critical points, email security issues, or leaked credentials. Supply chain risk KRIs might include supplier quality ratings, violations or financial health measures, and more.
The ability to utilise and interrogate data is a key tool in the arsenal to detect changes in the risk landscape. The survey shows that companies are investing: Three-quarters of executives are planning on increasing spending across data analytics, process automation and technology to support the detection and monitoring of risks. Sharing investment and further integrating technology and risk data across the three lines could help to efficiently drive a panoramic view of risk across the enterprise.
Key considerations for taking a panoramic view of risk include:
India | Global | |
---|---|---|
70% | 65% | are increasing overall spending on risk management technology |
4/5 | 3/4 | are planning on increasing spend across data analytics, process automation and technology to support the detection and monitoring of risks |
36% | 38% | report that their risk function is not actively seeking external insights to assess and monitor risks |
Q7: How do you expect your organisation’s overall spending on risk management technology to change in 2022?
Q8a: To what extent are you changing your spend on the following technology areas to better manage risks in 2022?
Q13: For each pair of statements, please indicate which one best represents your organisation’s view and practices with regard to risk management.
Base: 109 and 3,584
Source: PwC’s 2022 Global Risk Survey
Business leaders saw opportunities to thrive in the face of disruption during the pandemic. They began to question their business model and ways of working, and they engineered changes for the long term which were accompanied by risk. Risk and return are inextricably linked. An organisation’s risk management capabilities can create tremendous value if they help the organisation take advantage of the upside of risks that have higher payoff.
Risk appetite is a critical tool to help business leaders understand where they are able to take more risk in pursuit of new opportunities and growth. It denotes the guardrails within which the Board asks executives to stay as they make decisions and execute on their strategies. If an opportunity requires more risk than the organisation’s appetite allows, it may be fruitful to revisit risk appetite and consider if the organisation is willing to take on more risk for greater reward. Among survey respondents, 26% report they are now realising benefits from either defining or resetting their organisation’s risk appetite.
Risk culture also plays a role in taking advantage of upside risk. A too strong compliance culture can stifle innovation, for example, while too weak of a compliance focus can impact brand and reputation. An effective risk culture enables business leaders and risk managers to have a clear understanding of the organisation's risk appetite and it gives the Board and senior executives confidence that risks will be identified and managed as desired across the organisation. When strategy, risk appetite and risk culture are aligned, business leaders can take decisive action.
Key considerations for employing risk appetite to take advantage of upside risk include:
India | Global | |
---|---|---|
26% | 22% | are realising benefits from defining or resetting risk appetite and risk thresholds |
67% | 56% | are investing in risk culture and considering behavioural risk in 2022 |
55% | 47% | are very confident in their risk function’s ability to build a more risk-aware culture |
Q12: To what extent is your organisation doing the following with regard to your risk management strategy and programme in 2022?
Q14: How confident are you in your risk function’s ability to deliver the following outcomes in 2022-2023?
Base: 109 and 3,584
Source: PwC’s 2022 Global Risk Survey
With the growing complexity and interdependencies of risks, more timely and relevant information is needed to be able to make risk-informed decisions. Many organisations do not have a common risk language which enables an organisation to productively view and make decisions about risk. Driving consistency in risk management capabilities across the organisation can be difficult. Oftentimes, disparate risk processes and systems are deployed contributing to challenges in achieving a common and a consolidated view of risk. Investment in risk processes, frameworks and enabling systems is needed to help an organisation deploy a standardised and consistent approach to risk management. While 76% of organisations report that having technology systems that don’t work together is a significant risk management challenge, just 28% of those are addressing that challenge in a formal, enterprise-wide manner.
Key considerations for enabling risk-based decision-making through systems and processes include:
India | Global | |
---|---|---|
88% | 74% | are increasing their spending toward adding technology and digital capabilities to the risk function workforce |
54% | 54% | complement risk technology investments with people and process changes |
76% | 75% | say that having technology systems that don’t work together is a significant risk management challenge |
Q11a:Thinking about practices affecting the risk management workforce, to what extent is your spend changing on the following in 2022?
Q6: Please answer each of the following statements regarding your organisation’s current approach to investments in risk management technology.
Q5a: How significant are the following challenges to managing risk in your organisation in 2022?
Base: 109 and 3,584 Source:
PwC’s 2022 Global Risk Survey
Talent management. Supply chain. Regulatory compliance. Cyber threats. ESG. Regardless of industry sector, these risks are likely impacting organisations’ strategies and operations.
These high-priority risks are tightly interconnected, which means one can amplify others and impacts can be far reaching. For example, what may start as a technology breach can quickly pose huge operational, financial and reputational risk.
Risk management capabilities should go beyond the traditional risk analysis, and perform deep dives on these fast-moving, high-priority risks. A deep-dive effort should identify the risk triggers and signals. It should help risk owners understand the interdependencies between the risks driving the organisation’s risk profile. And an evaluation of risk management plans should identify actions the organisation can take to help drive increased resiliency.
Not all risk exposures can be completely mitigated or avoided. A critical capability to strengthen resilience is to develop robust business continuity and crisis response plans to enable the organisation to respond to and isolate risks in a swift and agile manner.
Key considerations for doubling down efforts on top risks include:
Technology organisations were provided with a separate taxonomy question which included additional risk categories.
Q3a: Now thinking about the risk that your business faces in 2022, please select the top three risk categories that you believe will have a significant impact on your organisation’s revenue in 2022.
Q3b: For the risk categories you’ve selected, please rank the top individual risks that your organisation is most concerned about, in terms of the impact on your organisation’s revenue in 2022.
Source: PwC’s 2022 Global Risk Survey, April 2022 Global
Base: Non-TMT (3108) and TMT (476)
India Base: 109 and Technology (33)
In a business environment defined by volatility and laden with interconnected risks, risk management must be a team sport. Ownership of different risks is understandably spread more and more across distributed parts of the organisation, yet all parts need to work together, with well-informed risk insights and a common understanding and usage of risk appetite.
Our survey found that when organisations embrace risk management capabilities as a strategic organisational capability — where a community of solvers participates and teams have a panoramic view of risks enabled by internal and external data, together with smart technology — Board and executive confidence in achieving sustainable outcomes is high. They are five times more likely to be very confident in delivering stakeholder confidence, a growth-minded risk culture, increased resilience, and business outcomes. And, they’re almost twice as likely to project revenue growth of 11% or more over the next twelve months. Strong risk management capabilities help protect the organisation from downside risks and they enable the organisation to look forward and take risks in pursuit of growth. It’s a win-win.
The top 10% of respondents — the ones that are realising benefits from strategic risk management practices — expect faster revenue growth and better outcomes.
Business outcomes
Stakeholder confidence
Growth-minded risk culture