Assess transformation risks

How do Swiss companies assess the drivers of digitalization? How do they assess the risks of digital transformation and are they prepared to manage them? In order to answer these and other questions, the Institute of Financial Services Zug IFZ of the Lucerne University of Applied Sciences and Arts conducted a comprehensive survey in collaboration with SwissERM and presented the results in the ERM Report 2018.

The basis for this was the Digital Risk Framework, which was developed by the two cooperation partners and is the focus of this article.

The Digital Risk Framework
The analysis of digitization drivers, their influence on the digital transformation of companies and thus the risk landscape is complex. This is one of the reasons why no framework and no risk catalogue based on it have yet become established. The Institute of Financial Services Zug IFZ and SwissERM have therefore presented the "Digital Risk Framework" for the first time in the ERM Report 2018.

The framework shown below was developed on the basis of an analysis of scientific and practice-oriented literature, our own research, and discussions with risk management and digitalization experts and managers. Its purpose is to provide practitioners with a tool for orientation and for identifying the risks of digital transformation.

This is done by relating financial risks, operational risks, compliance risks and customer risks (columns) to digitization drivers (left side), see graphic:

A risk is basically understood as a possible event that could have a negative or positive impact on a company and influence the implementation of its strategy. This understanding of risk always includes potential opportunities. The framework developed takes into account the general opportunities of the digital transformation as an umbrella, which at the same time emphasizes the strategic integration of risk management into corporate planning.

This is intended to express the fact that the risks to be depicted in the framework are based on a corresponding potential opportunity and that this is the only way in which the risk can be assigned (strategic) relevance.

Two examples in practice
The following two examples illustrate this point:

The transfer of applications to the cloud enables companies to use data that is always up-to-date, regardless of location and time. However, the company may also run the risk of being dependent on an external IT service provider.

The use of data and knowledge about customers and the services they use opens up the potential of cross-selling for companies. Under certain circumstances, however, there is a risk that the data will fall into the wrong hands and be used to the detriment of the customer. As a supplement to the aforementioned umbrella, the framework has a foundation. This embodies ERM, which focuses on the identification, assessment, management, monitoring and reporting of risks. Within this foundation, important aspects such as the risk culture and the establishment of a common understanding of values are subsumed under the term "governance".

The supporting pillars of the framework

The four risk categories - financial risks, operational risks, compliance risks and customer risks - form the link between the fun dament and the umbrella. Whether or not ERM should consider the risks from a portfolio perspective following the individual assessment, it is necessary to categorize the risks in the sense of an identification and classification grid.

In this context, however, it is important that the risk categories are oriented towards strategic fields of action. This construct is ultimately influenced by the following digitization drivers, among others:

Technological innovations, changing customer needs, increasing automation, greater networking, easier access to data, and growing volumes and sources of data. These drivers cause tensions and changes in the business environment. As a result, companies must adapt to new conditions and digitally transform their business model and value chain where appropriate in order to keep pace with existing and new competitors. This process of change can have both a positive impact in the form of opportunities and a negative impact in the form of risks on a company and its ability to achieve its goals. The Digital Risk Framework developed as part of the study and mentioned in the above articles will be presented in greater depth in the spring of 2019 in the textbook Enterprise Risk Management - Balancing Risk and Reward, which will be published by Springer Gabler Verlag.