PRINESHA NAIDOO: The risk landscape is fast changing as disruption, the networked economy and hyper-connectivity bring new risks and demand better response strategies. But risk today is no longer seen as something to fear, minimise or avoid – instead, consulting firm Deloitte says it can be used as a tool to create value and boost performance. Navin Sing, managing director of Deloitte’s Risk Advisory Africa practice, joins us with the details. Navin, thank you so much for joining us today.
NAVIN SING: Thank you, it’s a pleasure.
PRINESHA NAIDOO: Navin, how has the risk landscape in Africa changed?
NAVIN SING: When looking at the risk landscape for Africa I think it is appropriate to also look at the risk landscape more holistically, taking a global perspective. The impact of global trends – such as emerging technologies, social media, digitalisation, promulgation of new regulations – creates a very dynamic environment with a consistently shifting risk landscape. Organisations are embracing these new technologies and are now entering into geographies and expanding into new markets.
When one considers this hyper-connected world that we live in, Africa is not immune to the changing risk landscape and often is the follower of a number of activities and risks that unfold globally. The dynamics of the African continent are amplified in many areas but the adoption of digitisation primarily of emerging technologies confirms how businesses are starting to become organised and how they are starting to operate. To put that simply, organisations are changing their traditional business methods.
A further compounding impact, as I mentioned earlier, is the emergence of new regulations and regulators that are a lot more deliberate and robust in the oversight role now than ever been before. Regulations promulgated in different continents are now very much applicable to the African continent and African businesses as well.
One regulation that comes to mind that was recently promulgated in Europe is GDPR [the General Data Protection Regulation], and any organisation, regardless of where you are operating, has to comply with these types of regulations. So if we look at how businesses are transforming from the traditional business methods, while aligning to regulatory requirements, these have a fundamental impact on the risk profile of any of these businesses. It actually requires these organisations to rethink their approach to risk identification and mitigation.
So, in essence, any change brings with it an element of risk – but the current rate and extent of change that we are seeing has been unprecedented and, of course, there is a direct correlation between the rate of change and the rate of emerging risks, which is really redefining the risk landscape in Africa.
Going with that is the compliance landscape. Because of these changes – and the ability to accommodate both the emerging trends and regulations – organisations are challenged to accommodate more intense data, and [to] analyse this data so that they [can] present a far more informed decision and an informed assessment of the risk landscape that ever existed prior to the digital era we find ourselves in.
Risk as a performance enabler
PRINESHA NAIDOO: So for you, you are saying that in order to navigate this dynamic environment, as well as to get through the regulatory changes, organisations need to focus on data and that helps them to position themselves to respond to evolving risk.
NAVIN SING: Data underpins the entire activity of an organisation. It is the consolidation of an organisation’s business activities through the entire value chain, and traditionally businesses looked at processes in isolation without considering the impact of the data that they have, which often holds significant value for an organisation.
It has become almost impossible for any organisation to really assess the depth and breadth of the risk profile without using data and data analysis to assess the level of risk and the extent to which they need to comply with the risk profile and regulations.
PRINESHA NAIDOO: As we mentioned earlier, risk isn’t necessarily something that’s bad. In fact, Deloitte views it as a tool that can be used to boost performance. So tell us more about how this can be used as a performance enabler and whether there isn’t, in fact, a correlation between risk and value?
NAVIN SING: I think in assessing the correlation between risk and value one really needs to look at the differentiations between pure risk and non-traditional business risk – and by that I mean in the context of pure risk we look at a situation that only has a negative outcome. So if the negative outcome does not materialise then there isn’t a benefit but you do avoid a loss.
The non-traditional business risk, on the other hand, combines both the possibility of a positive and negative outcome. If we take a simple example: if an organisation decides to diversify their business and acquire new business, there’s always a risk that the new business, which is not a core part of your traditional business, may either be very successful or it may fail – and that failure might be as a result of unknown factors that emerged after the acquisition of the business. So, in this instance, there’s a potential positive outcome or a negative outcome.
Similarly, any organisation may decide not to embrace the changing world of doing business, which is underpinned by technology, and they may take the decision not to change the technology landscape or embrace emerging technologies. In that case, they may sustain the business in the current format, [and] they may be successful in the short term. But the reality is that in the long term, without adapting to the changing environment, the changing market and the changing landscape, the sustainability becomes very questionable and whether they are able to translate into the growth in the customer base or in revenue is unlikely in the long term.
So while adopting new technologies or new trends has a risk component to it, if organisations are not willing to invest and take that risk, their strategic objectives around growing the client or customer base and their revenue becomes a lot more limited and the likelihood the sustainability becomes a high risk in itself.
To use an example, if we consider the Netflix story – Netflix, while it was still a traditional business of sending, through a courier service, DVDs or movies, it understood at that time (with emerging technology and changing customer profiles) that business would not be sustainable in the future because the market would be demanding something different, something more instantaneous, something for their convenience that they would enjoy as and when they wanted to.
Netflix many years ago started investing in the current streaming technology that we see today, to the extent that they cannibalised their own traditional business to make the current business a success. That was the risk they took. The market may not have adapted to the current Netflix service provisions, and it cannibalised its own business, so it could have been out of business altogether – but it managed to balance the core traditional business and invest while taking the risk in what they perceived to be what the market demand would be in the future.
Leveraging digital to manage risks
PRINESHA NAIDOO: It’s a very interesting point that you make there, Navin, but I also wanted to touch on digital risk at the moment because that seems to be a buzzword of late. What exactly is this digital risk?
NAVIN SING: That’s quite interesting because different people have different perceptions and views – and I say perceptions and views deliberately because it depends on the level of maturity and understanding of people who engage in discussions around digital and digital risk.
But simply put, digital risk is about the risks associated with transforming a business process to become more tech-enabled.
[Although] the perception is that digital risk is a technology-related risk, digital risk is not exclusively a technology-related risk even though technology underpins everything around digitalisation. Digital risk is really a business issue that combines your people, process and technology, and how an organisation functions and transforms itself from an existing traditional operating model to a more advanced technology-enabled business model that still is still underpinned by the same processes, but just in a different manner, moving away from a manual to a more digital process.
PRINESHA NAIDOO: So bearing that in mind, how then can organisations leverage digital to manage the risks that come hand-in-hand with digital itself?
NAVIN SING: Any change has an element of risk, and organisations need to understand the current risk profile and what additional risks, new risks or differentiated risks would arise in the journey to digitalisation.
And it’s a roadmap. Every component that you transform in your business, in the value chain of how the business operates, has an element of risk that could have been there in the past – but that type of risk would have been looked at, considered and mitigated differently.
Would that risk still remain the risk that you would tolerate or accept or mitigate in the traditional way? Or has that risk now changed because of the process that has changed?
Organisations need to understand what is that journey through which they restructure and reorganise their operating model, versus what is it that they want to achieve at the end of the transformation journey.
That would convey a holistic risk profile to an organisation.
But each stage of the transformation process has different gates of risk that need to be considered to align that more specifically to the organisation’s business.
When you talk about people: how are people transforming and changing their mindset, and what are the risks that they will not adapt and embrace the new change? And if they do embrace the new change, [what are the risks] that they will apply the processes as they are designed? Do the processes safeguard the organisation in the same manner as in the past, but with the objective of making the processes more efficient and effective? And does the technology underpin what the strategic objective of the business is, [and] that the people and process aligns to the outcomes the organisation achieves?
There isn’t a single outright definition or a silver bullet around the digital risks that an organisation would face in a digital transformation journey. It is bespoke to organisations and it is dependent on the level of maturity around the understanding and acceptance and mitigation of risks in that organisation.
PRINESHA NAIDOO: Lastly, Navin, Deloitte is planning on addressing risk at the Deloitte Risk Conference 2018. What can be expected from those discussions?
NAVIN SING: Firstly, a diverse range of topics is included in the programme, and the reason for that is to create an awareness around the digital process and transformation journey to allay and address any myths that might exist; and to unpack what types of risks, and what are the considerations that any organisation should put on the table in their discussions – on their agenda – to be able to address a safe transformation from a traditional business method to a digital environment.
The session may not cover all the solutions and there may be some questions that may arise that people have not considered, but that, in its very essence, is also a benefit to people attending that conference.
PRINESHA NAIDOO: Navin that is where we are going to leave things for today. Navin Sing is managing director of Deloitte’s Risk Advisory Africa practice.
Brought to you by Deloitte.