There’s | 23 22 | There’s no reward without risk — EY’s global governance, risk and compliance survey 2015 Today’s biggest business concerns need new responses to risk Purpose-led transformation Companies routinely state or imply their purpose through various mechanisms including promotional material, client proposals and public speaking forums. With these statements, they set an expectation with the public that they represent certain values, performance standards and service quality, to name a few. Failure to meet these expectations poses significant risk to the brand and reputation of a given organization. From a risk management perspective, a company’s ability to identify, measure and monitor strategic risk is the most direct link to their stated purpose. Proper mitigation of this strategic risk is the best means of ensuring realization of the ultimate purpose. Performance-led transformation (PLT) offers an approach to realizing and activating a company’s purpose — the “why” a company’s products and services are aligned with the needs of their customer base. PLT helps organizations send a clear message to the market about what they stand for. The benefits of injecting “purpose” into the fabric of a company’s processes include: • Improving execution and overall growth • Creating a rallying point for company employees • Driving new innovation • Galvanizing company strategy • Driving results Purpose forces business leaders to manage and respond to the risks that matter most. When purpose is put at the forefront of all important business initiatives and decisions (i.e., “why” are we pursuing a certain path), it becomes clearer as to which risks may stand in the way. PLT helps organizations think about the risks that could prohibit the company from realizing its purpose as well as the achievement of its strategic business objectives. For information about EY’s Purpose-Led Transformation, please visit ey.com/PLT . Approximately US$682b is wasted on underperforming projects across the globe annually. Program risk management Drivers such as innovation, technology shifts, evolving business models and regulatory change have forced companies to transform the way they operate and generate value. Successfully addressing the risks and challenges associated with transformation can create significant value for an organization — reduced project cost, reduced project time, increased benefit realization and improved time to benefits. However, strategic project execution continues to produce disappointing results. Program risk management (PRM) allows organizations to unlock the value of their strategic programs; enabling them to deliver projects that support their business strategy and maximize the expected benefits. PRM helps with: • Identifying programs that directly align with business objectives • Prioritizing and balancing the program portfolio to maximize ROI • Anticipating and limiting the impact of potential project risks • Improving program execution and time to market • Monitoring and driving benefits realization As you start to think about your organization’s opportunity to better manage risk, we wanted to highlight related topics that can help you in that endeavor based on our experience working with our clients. * The Energy Project, What Is Your Quality of Life at Work , 2013. http://theenergyproject.com Employees are three times more likely to stay with a purpose- driven company.* Seventy two percent of global consumers would recommend a company with a purpose.* A clear purpose drives results ... Every opportunity created by digital technology also creates risk. Organizations need to understand and adequately address digital risk by performing targeted risk and program assessments, and implementing additional controls. Leading organizations apply portfolio management and predictive analytics to build confidence in successfully executing projects. They consider program risk as part of regularly assessing their risk landscape, they optimize functions and processes to best respond to identified risks, and, they embrace solutions that enable them to deliver successful programs. The ability to have a forward-looking view of risks and being able to predict the impact of those risks allows the organization to proactively manage and balance their portfolio of projects. The key is to help executives identify projects with the best potential and then to enable them to nurture the most valuable and innovative programs: this requires having the right processes and tools in place to enable the early identification of risks. The ability to make adjustments to the project’s governance, controls and processes prior to the onset of issues leads to greater control of program performance and accelerated benefits achievement. For information regarding our EY’s PRM service offerings and solutions, please visit ey.com/PRM. Embracing a digital future To many people it might feel like a digital future has already arrived, but the new technologies of today will look tame in comparison with the technologies that will emerge tomorrow. The Internet of Things (IoT) is becoming more active and more engaged as more and devices become connected — however, it is estimated that today only 1% of devices are currently connected. When more are online, it will have a profound impact on our personal, social and professional lives. It will be big business too: the wearable technology sector alone is expected to expand rapidly in the near future, with some experts forecasting growth of between US$10bn and US$50bn in the next five years. It is now widely accepted that the four areas of digital change that will have the greatest impact on businesses are: cloud computing, data, social media and mobile technology, and each introduces specific risks into the landscape. Yet, with each risk, there is always opportunity. To capitalize on the potential, businesses need to develop an ambitious digital strategy. We believe there is a three-stage process to help organizations maximize the possibilities of digital innovation. The EY Digital Realization TM Framework focuses on these phases of the digital journey: create, incubate and activate. For information about your digital landscape, please visit ey.com/digital . Cybersecurity The same advances in technology — especially the networks within the Internet of Things — that are transforming lives, are also creating vulnerabilities for data security and organizations of every kind need to keep themselves and their customers safe from cybercrime. Today’s cybercriminals are sophisticated and conduct advanced and persistent attacks on organizations until their defenses are breached. Companies risk significant loss of physical assets, including data, as well as financial loss through lost revenues, and costly reputational damage. Cyberattacks can destroy organizations, and so must be considered a significant threat. It is important that organizations not only maintain and enhance their traditional security controls, but continue to evolve their ability to rapidly detect and respond to threats. However, anticipating cyberattacks is the only real way to get ahead of cybercrime. For information about getting ahead of cybercrime, please visit ey.com/cybersecurity, or see EY’s latest Global Information Security Survey on ey.com/GISS . The question is not “if” your company will be breached, or even when? It has already happened. The real questions are: Is your organization aware of it, and how well are you protected for the future?