Complexity and trust: EY’s evolving approach to risk
Internal risk professionals may have the best internal intelligence
Setting the stage for changes at EY and in the broader market, Frank Leenders, EY’s Digital & Innovation lead based in the Netherlands, explained that the firm helps clients “reframe the future” and focus on “trusted transformation,” which comes through six different lenses: Investor Trust, Organizational Trust, Third-party Trust, Customer Trust, Technology Trust and Regulatory Trust. Leenders added that the COVID-19 pandemic helped expose in greater detail how clients think about risk and trust and how different lines of defense can become sources of organizational intelligence.
Risk-oriented functions within clients’ organizations brought forward insights using data analytics and provided timely analysis on strengths and weaknesses, as revealed by internal responses to operational challenges created by the pandemic (and echoed by EY’s own Megatrends pandemic-related survey findings). While many clients’ digital agendas had been accelerating over the past four years, 2020 became an inflection point in understanding how using data and technology for timely insights related to risk could show not only what could go wrong but also how clients could improve their operations and enhance overall risk management. In short, internal audit and risk professionals likely have the best intelligence and insight into their own organizations — skills that are critical to running the business and optimizing opportunities during a prolonged crisis.
After walking through details on EY Resilience Edge — an AI-powered emerging risk modeling and scenario planner developed with IBM Watson and IBM Research — the EY partners described the EY VIA (Virtual Internal Audit) platform, a tool for end-to-end digitalization of the internal audit process and activities, including continuously ingesting data and developing analytics on clients’ ERP environments. EY uses the platform, which includes risk monitoring and what EY has named its Flexible Audit Response Model, not only as a tool for delivering on its internal audit engagements but also as a stand-alone Software as a Service offering. In addition to the technology tools and bespoke configurations, EY has the opportunity to provide change management consulting as clients adopt new tools and processes.
Regulatory Trust as the gateway to trusted complexity
Shifting to Regulatory Trust, which EY defines as managing “the regulatory burden with innovative frameworks that make compliance an enabler, allowing organizations to pursue sustainable pathways,” Federico Guerreri, EY’s Global Financial Services Risk leader, noted that stakeholders and customers have increased pressures around understanding and evaluating an enterprise’s full ecosystem, including suppliers, particularly as the end of the COVID-19 pandemic is in sight. For EY, “compliance and conduct” have become “the most important offerings” as clients in highly regulated sectors, including financial services and energy and utilities, recognize new risks associated with ecosystem partners’ behaviors and the regulators’ view of those risks.
For EY, this leads to “working from the future back to transform compliance” and infusing technology to create “continuous, dynamic monitoring.” Guerreri specifically pointed out that EY’s clients see the potential risk impacts of new regulations as a board-level issue, further raising the profile of risk professionals as well as the need for EY’s services and solutions centered on compliance.
Building on that point, Amy Gennarini, EY’s America’s FSO Risk Technology leader, said the organizations most successfully addressing risk have explicitly tied together regulatory obligations and business attributes. By integrating and making complex linkages across an entire organization, a business can enable faster and more comprehensive transformation. For TBR, this insight stands out as critical to understanding how EY sees the future of risk, trust and digital transformation: Complex linkages help identify risks and facilitate transformations. Complexity, usually a byword for making things too complicated, can be hugely beneficial for enterprises, if managed properly.
In late January, TBR spoke with leaders in EY’s risk consulting services practice about recent portfolio developments and expectations for 2021. Three critical elements stood out for TBR. First, the maturation of EY’s risk consulting services practice (which sits in the firm’s Business Consulting domain) provides the firm with a solid foundation to build new offerings and help clients with the transformational opportunities connected to risk, not simply the obligatory or compliance-related aspects of risk management. Second, the firm remains committed to making technology an enabler, through innovation and at scale, while keeping the fundamental consulting business model intact. Third, and most critically for understanding EY’s overall thinking on risk, the firm fully embraces the complexities that arise when applying technologies at scale to every component of a client’s organization and utilizes these complexities to build trust while addressing risk. In EY’s approach, complex linkages between data, technology platforms and internal business groups help identify risk and thus help clients’ transformations. In short, complexity can be good if handled well.
