Enterprise Risk Management in the Fourth Industrial Revolution 9819963060, 9789819963065

Citation preview

Enterprise Risk Management in the Fourth Industrial Revolution Tankiso Moloi · Tshilidzi Marwala

Enterprise Risk Management in the Fourth Industrial Revolution

Tankiso Moloi · Tshilidzi Marwala

Enterprise Risk Management in the Fourth Industrial Revolution

Tankiso Moloi Johannesburg Business School University of Johannesburg Johannesburg, Gauteng, South Africa

Tshilidzi Marwala Rector United Nations University Tokyo, Japan

ISBN 978-981-99-6306-5 ISBN 978-981-99-6307-2 (eBook) https://doi.org/10.1007/978-981-99-6307-2 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Cover illustration: © Alex Linch shutterstock.com This Palgrave Macmillan imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore Paper in this product is recyclable.

Preface

This book examines enterprise risk management in the fourth industrial revolution. A broader introduction is provided in Chapter 1. The book details the fourth industrial revolution in Chapter 2. Documenting the fourth industrial revolution, the chapter lays the ground for the next chapters, followed by Chapter 3, which examines the technologies of the fourth industrial revolution. This chapter is crucial as it gives the background for understanding these technologies’ potential capabilities and the beginning of the experimentation on how some of these technologies could be utilised in the enterprise risk management setting. Chapter 4 focuses on the concept of enterprise risk management, and Chapter 5 discusses stakeholders in enterprise risk management. It highlights the typical information the stakeholders will be responsible for and their role in integrating risk management information. Furthermore, in Chapter 6, the book examines the information processing steps and the new capabilities in the enterprise risk setting necessiatated by the capabilities of the fourth industrial revolution technologies to harness, analyse, and integrate information for decisionmaking and understanding internal and external contexts. Chapter 7 then conceptualises enterprise risk management in the fourth industrial revolution, whilst Chapter 8 maps out the potential role changes in enterprise risk management as a result of the fourth industrial revolution. Chapter 9 provides the synopsis of enterprise risk management in the fourth industrial revolution. v

vi

PREFACE

This book is an exciting resource for graduate students, researchers, strategists, business executives, risk management practitioners, boards of directors, and relevant board committees. April 2023

Tankiso Moloi, Ph.D. Professor and Director: Academic Johannesburg Business School University of Johannesburg Johannesburg, South Africa Tshilidzi Marwala, Ph.D. Rector United Nations University Tokyo, Japan

Acknowledgements

We thank the Senior Post Doctoral Research Fellow, Dr. Varaidzo Denhere, and the three research assistants, Mr. Njabulo Makhanya, Ms. Nomchenge Mlunguza, and Ms. Mamosa Afrika. We also thank our families in giving us the opportunity to write this book. April 2023

Tankiso Moloi, Ph.D. Professor and Director: Academic Johannesburg Business School University of Johannesburg Johannesburg, South Africa Tshilidzi Marwala, Ph.D. Rector United Nations University Tokyo, Japan

vii

Contents

1

2

3

Introduction to Enterprise Risk Management in the Fourth Industrial Revolution 1.1 Introduction 1.2 A Brief Overview of Industrial Revolutions 1.3 A Brief Outline of Enterprise Risk Management 1.4 Themes of the Book 1.5 Points to Ponder References

1 1 3 7 8 9 10

The Fourth Industrial Revolution 2.1 Introduction 2.2 Approaches by Leading Nations in the Fourth Industrial Revolutions 2.2.1 The People’s Republic of China 2.2.2 The United States of America 2.2.3 Comparisons of the Approaches to the Fourth Industrial by the USA and the PRC 2.3 Points to Ponder References

11 11

Technologies of the Fourth Industrial Revolution 3.1 Introduction 3.2 Technologies of the Fourth Industrial Revolution 3.2.1 Artificial Intelligence (AI)

21 21 23 24

14 15 16 17 17 18

ix

x

CONTENTS

3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.3 Points References

Machine Learning (ML) Natural Language Processing (NLP) Robotic Process Automation (RPA) Augmented Reality/Simulation Big Data (BD) to Ponder

26 27 28 29 29 30 31

Concept of Enterprise Risk Management Introduction Evolution of Enterprise Risk Management Some of the Definitions of Enterprise Risk Management Traditional Risk Management vs Enterprise Risk Management 4.5 Enterprise Risk Management Frameworks 4.5.1 The COSO Enterprise Risk Management Framework 4.5.2 The ISO 31000 Framework 4.6 Points to Ponder References

35 35 36 38

5

Stakeholders in the Enterprise Risk Management Setting 5.1 Introduction 5.2 Internal Stakeholders 5.3 External Stakeholders 5.4 Points to Ponder References

49 49 50 55 56 57

6

Information Processing Steps and New Capabilities in the Enterprise Risk Management Setting 6.1 Introduction 6.2 Information Processing 6.3 Points to Ponder References

59 59 61 64 66

4

7

The 4.1 4.2 4.3 4.4

Enterprise Risk Management in the Fourth Industrial Revolution 7.1 Introduction 7.2 New Approaches to Enterprise Risk Management in the Fourth Industrial Revolution 7.3 Points to Ponder

39 42 42 45 45 46

67 67 68 73

CONTENTS

8

9

The Changing Operating Environment and Potential Role Changes in Enterprise Risk Management in the Fourth Industrial Revolution 8.1 Introduction 8.2 A Recap of the 4IR Activities Taking Place Across the Globe 8.3 Volatility, Uncertainties, Complexity, and Ambiguity 8.4 The High- and the Low-Road Scenarios for Enterprises in the Fourth Industrial Revolution 8.5 The Expected Changing Roles in the Enterprise Risk Management Function as a Result of Fourth Industrial Revolution Technologies 8.6 A Typical Enterprise Risk Management Structure in the Fourth Industrial Revolution 8.7 Points to Ponder References Synopsis of the Enterprise Risk Management in the Fourth Industrial Revolution 9.1 A Recap of Discussions in Chapter 2 9.2 A Recap of Discussions in Chapter 3 9.3 A Recap of Discussions in Chapter 4 9.4 A Recap of Discussions in Chapter 5 9.5 A Recap of Discussions in Chapter 6 9.6 A Recap of Discussions in Chapter 7 9.7 A Recap of Discussions in Chapter 8 9.8 Final Analysis and Conclusion 9.9 Summary of Points to Ponder on Enterprise Risk Management in the Fourth Industrial Revolution

Index

xi

75 75 76 78 81

82 83 83 85 87 87 88 89 90 91 92 93 93 94 101

List of Figures

Fig. 1.1

Fig. 1.2

Fig. 1.3

Fig. 1.4 Fig. 2.1

Fig. 3.1 Fig. 5.1 Fig. 5.2 Fig. 5.3

Key features of the first industrial revolution (Source Authors’ conceptualisation; information sourced from Brookes (2018), Ashton (1948), Baten (2016), Moloi and Marwala [2020]) Key features of the second industrial revolution (Source Authors’ conceptualisation; information sourced from Mokyr (1998), Ashton (1948), Baten (2016), Moloi and Marwala [2020]) Key features of the third industrial revolution (Source Authors’ conceptualisation; information sourced from Agrawal et al. (2018), Marwala and Hurwitz (2017), Moloi and Marwala [2020]) Key features of the fourth industrial revolution (Source Authors’ conceptualization) Comparison of the policy approaches to the fourth industrial revoluion between the USA and the PRC (Source Authors’ conceptualization) Machine learning algorithm methods (Source Authors’ conceptualization) Internal and external stakeholders in the enterprise risk management setting (Source Authors’ conceptualisation) Internal stakeholders in the enterprise risk management setting (Source Authors’ conceptualization) A strategic exposure gap (Source Authors’ conceptualisation)

4

4

5 6

18 26 51 52 53

xiii

xiv

LIST OF FIGURES

Fig. 5.4 Fig. 5.5 Fig. 5.6 Fig. 6.1 Fig. 6.2

Fig. 6.3

Fig. 6.4 Fig. 7.1 Fig. 7.2 Fig. 8.1

Fig. 8.2

The operational exposure gap (Source Authors’ conceptualisation) The hybrid approach (Source Authors’ conceptualisation) External stakeholders in the enterprise risk management setting (Source Authors’ conceptualization) Visualisation of enterprise complexities (Source Authors’ conceptualisation) Generic steps in information processing 2018 (Source Authors’ conceptualisation; Information sourced from Nemesh []) Generic steps in information processing in the context of enterprise risk management (Source Authors’ conceptualisation) Capabilities in the enterprise risk management setting (Source Authors’ conceptualisation) The hybrid approach to enterprise risk management (Source Authors’ conceptualisation) Enterprise risk management in the fourth industrial revolution (Source Authors’ conceptualisation) A typical enterprise risk governance without the considerations of the fourth industrial revolution technologies (Source Authors’ conceptualization) A typical enterprise risk governance with considerations of the fourth industrial revolution technologies (Source Authors’ conceptualisation)

54 54 56 60

62

62 65 70 72

84

84

List of Tables

Table 3.1 Table 4.1 Table 4.2 Table 8.1

Technologies of the fourth industrial revolution Traditional Risk Management (TRM) vs Enterprise Risk Management (ERM) Steps in the TRM and the ERM Characteristics of VUCA

23 39 39 79

xv

CHAPTER 1

Introduction to Enterprise Risk Management in the Fourth Industrial Revolution

1.1

Introduction

As technology advances and seizes all aspects of human life, there is a fundamental shift in how humans think of and do things. Ordinarily, humans would have relied on traditional approaches driven by human beings in their decision-making process to allocate resources, amongst other things. For instance, a financial advisor would tell one how much they would need to live a comfortable retirement life. Unfortunately, this exposes one to risks such as the incomplete information used and the biases of the advisor. Even with the advances we are witnessing, what remains of interest though is that literature has not attempted to utilise these advances in technology to modernise critical processes such as risk management that are fundamental in the decision-making process for allocating scarce resources, amongst other things. With the simulated intelligence in machines, which allows machines to act like humans and to some extent even anticipate events better than humans, owing to their ability to handle massive data sets, this book uses some of the key technologies of the fourth industrial revolution to explain what these technologies mean in the context of the agent wanting to make a decision.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_1

1

2

T. MOLOI AND T. MARWALA

This book is an attempt by its authors to envision an essential process of managing risk in an enterprise-wide setting in a period of rapid technological advances, referred to as the fourth industrial revolution (4IR). Unlike the old way of managing risks, which was done in silos, enterprise risk management (ERM) integrates risks across the organisation. The organisation will have one set of risk framework, risk policies, policy statement, appetite and tolerance, risk repository system and risk methodology, amongst other things. In most cases, there will be a singular point of risk repository, which would generally be the office of the chief risk officer (CRO). In this regard, all divisions or departments within the organisations will use similar risk policies and templates. In theory, there is one understanding of risk management processes across departments or divisions, which extends to the executive committees, board committees and, ultimately, the board of directors. Given the above understanding, there are vast amounts of information that need to be considered, from risk identification to risk integration, to form an opinion on a risk profile of an organisation. The information that impacts an organisation’s risk profile can be external or internal information. In most cases, managing events outside the organisation is a difficult task. However, if an organisation can identify the relevant information and analyse it, it can respond appropriately or define appropriate mitigations that would reduce uncertainties. The handling of risk information which includes the risk identification, analysis of causes of that risk, the impact of the risk, and its consequences lies with the departmental heads; however, the integration of information is the responsibility of the office of the CRO. Suppose the risk is not diagnosed correctly from source, the risk that will be managed and integrated at an organisational level (assuming that the risk influences the strategy) will be incorrect. This exposes the organisation in a manner that it could fail to achieve its strategic goals (Moloi & Marwala, 2021) or could waste resources by managing risks that would ordinarily not have any impact. Therefore, the questions that are pursued in this book are: • How would enterprise risk management look like in the fourth industrial revolution? • Are there benefits (at least conceptually) for organisations that deploy 4IR technologies? Do they stand a better chance to respond appropriately or define appropriate mitigations which would reduce uncertainties?

1

INTRODUCTION TO ENTERPRISE RISK MANAGEMENT …

3

• Given the vastness of internal and external factors in the ERM setting, including potential role changes, for example, to successfully capture the broader information, analyse it to gain hindsight, insights, and foresights, what combinations of skills are needed in the ERM function?

1.2

A Brief Overview of Industrial Revolutions

Various definitions of a revolution exist. However, almost all definitions refer to an uprising of people against the ruling class, an overthrow of a ruling class or a replacement of a political order. Perhaps, these various definitions propelled Yoder (1926) to begin to think that the term ‘revolution’ was the most misused term. In the context of the industrial revolutions, we could infer that it refers to a fundamental change in the industrial sector brought about by technological advances. In their book, Artificial intelligence in finance and economic theories, Moloi and Marwala (2020) cite the work of Ashton (1948) and Baten (2016), which point to the four phases of the industrial revolution in human history, namely the first, second, third, and fourth industrial revolutions. As argued by Ashton (1948) and Baten (2016), the first phase of these industrial revolutions, later known as the first industrial revolution, was characterised by innovation in the machinery space, in this case, the steam engine. The key figures in this scientific revolution included Isaac Newton, Robert Hooke, and James Watt. The Fig. 1.1 summarises the key features of the first industrial revolution. According to Mokyr (1998), the second industrial revolution occurred between 1750 and 1914. Some of the significant breakthroughs included oil-powered internal combustion engines, and electricity. According to Ashton (1948), Baten (2016), Moloi and Marwala (2020), other major breakthroughs were the telephone, the light bulb, the phonograph, the assembly line, and mass production of goods and services. Below, Fig. 1.2, summarises the key features of the second industrial revolution. Also known as the digital revolution, the third industrial revolution came in the 1950s (Agrawal et al., 2018; Marwala & Hurwitz, 2017). The digital revolution was characterised by computerisation, which included mainframe computers, personal computers (PCs), the internet, and information and communication technology (ICT). These

4

T. MOLOI AND T. MARWALA

Period

Key innovation

Impact

Key players

•mid 18th century to ~1830

•Machinery (steam engine)

•Higher productivity •Lowering of prices

Great Britain Continental Europe United States of America

Fig. 1.1 Key features of the first industrial revolution (Source Authors’ conceptualisation; information sourced from Brookes (2018), Ashton (1948), Baten (2016), Moloi and Marwala [2020])

Period •1750 to 1914

Key innovation •Electricity

Impact

Key players

•Higher productivity •Lowering of price

Great Britain Continental Europe United States of America Japan

Fig. 1.2 Key features of the second industrial revolution (Source Authors’ conceptualisation; information sourced from Mokyr (1998), Ashton (1948), Baten (2016), Moloi and Marwala [2020])

1

INTRODUCTION TO ENTERPRISE RISK MANAGEMENT …

5

technologies are still in use in 2023. However, the invention of the transistor was the game changer in the digital revolution. The transistor was invented by John Bardeen and Walter Houser Brattain (Ament, 2015). Figure 1.3 below shows the key features of the third industrial revolution. The latest revolution is known as the fourth industrial revolution, a twenty-first-century revolution. This revolution represents a new way in which technology is embedded within societies, i.e. business, government, civil society etc., and the human body, sometimes known as cyber-physical systems. It is driven by the rapid convergence of advanced technologies across the biological, physical, and digital worlds. Harari (2018), Agrawal et al. (2018), and Marwala and Hurwitz (2017) concur that the fourth industrial revolution is manifested by emerging technology breakthroughs in several fields, which include amongst others robotics, artificial intelligence (AI), biotechnology, 3D printing, advanced materials such as graphene, ‘internet of things (IoT),’ and blockchain technologies. The key features of this revolution are summarised in Fig. 1.4. Even though their interest was in artificial intelligence in economics and finance theories, in examining the industrial revolutions, Moloi and Marwala (2020) observe that each of these revolutions had unique impacts on every aspect of human lives, including business. Furthermore,

Period

Key innovation

Impact

Key players

•20th century

•Transistor

•Higher productivity •Connectedness •Increase in data/informati on •Lowering of prices

Leaders are China and the United States - Almost the entire globe

Fig. 1.3 Key features of the third industrial revolution (Source Authors’ conceptualisation; information sourced from Agrawal et al. (2018), Marwala and Hurwitz (2017), Moloi and Marwala [2020])

6

T. MOLOI AND T. MARWALA

Period

Key innovations

Impact

Key players

•21st century

•Advances in artificial intelligence •Blockchain technologies •Cloud computing •Internet of Things •Advances in Data Analytics •3D Printing/ Additive Manufacturing

•Intelligence in machines • Advances in Robotics • Higher productivity • Flattening of borders •Changing skills

- Leaders are China and the United States - Almost the entire globe

Fig. 1.4 Key features of the fourth industrial revolution (Source Authors’ conceptualization)

as early as 2020, they forecasted that the 4IR technologies would be fundamental in the decision-making process. In a sense, risks are fundamental in selecting the right strategic options, and then allocating scarce resources to derive value for stakeholders. Thus, technologies like artificial intelligence, which allow machines to act like humans and, to some extent, even anticipate events better than humans, owing to their ability to handle massive data sets, are essential in the enterprise risk management setting.

1

INTRODUCTION TO ENTERPRISE RISK MANAGEMENT …

7

1.3 A Brief Outline of Enterprise Risk Management Enterprise risk management is a holistic approach towards managing organisational risks. It is a significant departure from the old way of managing risks in silos, which poses a challenge when it comes to integrating risks and optimal resource allocation to manage and mitigate risks. The Committee of Sponsoring Organizations (COSO) has attended to the concept of enterprise risk management in various of its frameworks. For instance, the new COSO enterprise risk management framework aims to integrate strategy and performance (COSO, 2017). This framework contains five key areas, namely governance and culture, strategy and objective setting, performance, review and revision, and information, communication, and reporting. According to Moloi and Oyedokun (2021), managing risks in an enterprise risk management setting has various benefits for an organisation, and these may include: • An organisation’s ability to overcome the silo mentality—Enterprise risk management overcomes the silo mentality within the enterprise. However, lack of coordination could bring risks as one part of the enterprise may not necessarily be up to date with what is happening in the enterprise’s other parts. • Enhanced efficiencies because of coordination—If there is no coordination, there is a chance that some activities could be duplicated. This could be costly and time-consuming as the issues which may have been better dealt with elsewhere have the potential to be double handled. • Establishment of a uniform way of managing risks—Enterprise risk management allows the enterprise to have a uniform way of identifying, managing, and responding to risks. It also offers an opportunity for internal benchmarking. The inability of one area of an enterprise to meet the targets could impact other enterprise units. Therefore, if other units are aware of the risks that another unit faces within an enterprise, they can plan adequately—hence their mitigation actions to the risks emanating elsewhere within the enterprise, thus driving down the risk impact at the source. • Enhanced stakeholder oversight on risks facing the organisation The rationalised information agreed upon by various stakeholders

8

T. MOLOI AND T. MARWALA

within an enterprise has the potential of adequately diagnosing significant issues and providing well thought and calibrated information that the board could utilise to make decisions. Adopting enterprise risk management has the potential of ensuring that the allocation of resources is based on comprehensive information passed through and was calibrated by various enterprise stakeholders (Moloi & Oyedokun, 2021).

1.4

Themes of the Book

This chapter briefly introduced the different industrial revolutions. It also introduced some technologies charaterising the fourth industrial revolution. Furthermore, the concept of enterprise risk management was introduced. Various questions that are examined throughout the book were also outlined. These questions are: How would enterprise risk management look like in the fourth industrial revolution? Are there benefits (at least conceptually) for organisations that deploy 4IR technologies? Do they stand a better chance to respond appropriately or define appropriate mitigations to reduce uncertainties? Given the vastness of internal and external factors in the ERM setting, including potential role changes, for example, to successfully capture the broader information, analyse it to gain hindsight, insights, and foresights, what combinations of skills are needed in the ERM function? Chapter 2 details the fourth industrial revolution. Detailing the fourth industrial revolution lays the ground for subsequent chapters. This chapter also highlights some of the fourth industrial revolution strategies that various countries have adopted to gain some competitive advantages over their competitors. The chapter also briefly discusses the technologies of the fourth industrial revolution. Chapter 3 examines the technologies of the fourth industrial revolution. This chapter is important as it lays the background for understanding what these technologies are, their potential capabilities and the beginning of experimentation with how some of these technologies could be utilised in the enterprise risk management setting. Chapter 4 focuses on the concept of enterprise risk management. Enterprise risk management is a holistic approach towards managing organisational risks. It differs from the old way of managing risks in silos,

1

INTRODUCTION TO ENTERPRISE RISK MANAGEMENT …

9

which poses a challenge regarding integrating risks and optimal resource allocation to manage and mitigate risks. Chapter 5 attends to the subject of stakeholders in enterprise risk management. It highlights the typical information the stakeholders will be responsible for and their role in integrating risk management information. Chapter 6 focuses on the information processing power/capabilities in the fourth industrial revolution. Enterprise risk management is a process littered with vast volumes of information. In enterprise risk management, the information that could affect the enterprise may emanate internally or externally. As such, it is essential to outline the information processing power/capabilities of the fourth industrial revolution to understand the potential of the technologies of the fourth industrial revolution in the enterprise risk management setting. Chapter 7 examines the role of the fourth industrial revolution technologies in harnessing, analysing, and integrating information for decision-making and understanding internal and external contexts. Essentially, it answers questions relating to how enterprise risk management will likely look in the era of advances in the technologies of the fourth industrial revolution. Chapter 8 attempts to map out the potential role changes in enterprise risk management in the fourth industrial revolution, e.g. to be successful in capturing the broader information, analyse it to gain hindsight, insights, and foresights, and establish what combinations of skills are needed in the ERM function. Chapter 9 provides a synopsis of enterprise risk management in the fourth industrial revolution.

1.5

Points to Ponder

• Almost all definitions of a revolution refer to an uprising of people against the ruling class, an overthrow of a ruling class or a replacement of a political order. • In this book, we infer that revolution refers to a fundamental change in the industrial sector brought by technological advances. • Existing literature demonstrates that the four industrial revolutions were different. However, each revolution has tended to build from the previous.

10

T. MOLOI AND T. MARWALA

• Technology has been a critical feature in the industrial revolution. Each time technology advances, production increases, leading to price reductions. • The rise of the People’s Republic of China (PRC) has been one of the critical stories of the third and fourth industrial revolutions. The PRC did not seem to feature in both the first or the second industrial revolutions.

References Agrawal, A., Gans, J., & Goldfarb, A. (2018). Prediction Machines: The Simple Economics of Artificial Intelligence. Harvard Business Review Press. Ament, P. (2015, April 17). Transistor History—Invention of the Transistor. Retrieved 17 March 2023, from https://web.archive.org/web/201108130 04951/http://www.ideafinder.com/history/inventions/transistor.htm Ashton, T. S. (1948). The Industrial Revolution (1760–1830). Oxford University Press. Baten, J. (2016). A History of the Global Economy. From 1500 to the Present. Cambridge University Press. Brookes, R. B. (2018). Industrial Revolutions. Retrieved 17 March 2023, from https://historyofmassachusetts.org/industrial-revolution-timeline/ COSO. (2017). Enterprise Risk Management–Integrating with Strategy and Performance. Available at https://www.iasplus.com/en-ca/projects/assura nce/completed-projects/coso-enterprise-riskmanagement-aligningrisk-withstrategy-and-performance-proposed-amendments-to-the-coso-framework-ed Harari, Y. N. (2018). 21 Lessons for the 21st century. Jonathan Cape. Marwala, T., & Hurwitz, E. (2017). Artificial Intelligence and Economic Theory: Skynet in the Market. Springer. ISBN: 978–3–319–66103–2. Moloi, T., & Marwala, T. (2021). Artificial Intelligence and the Changing Nature of Corporations. How Technologies Shape Strategy and Operations. Springer Nature. 978–3–030–76312–1. Moloi, T., & Oyedokun, G. (2021). Enterprise Risk Management and Fraud Examination Processes. OGE Publishers. Moloi, T., & Marwala, T. (2020). Artificial Intelligence in Economics and Finance Theories. Springer Nature. Mokyr, J. (1998). The Second Industrial Revolution, 1870–1914. Retrieved 17 March 2023, from https://faculty.wcas.northwestern.edu/jmokyr/castro novo.pdf Yoder, D. (1926). Current Definitions of Revolution. American Journal of Sociology, 32(3), 433–441.

CHAPTER 2

The Fourth Industrial Revolution

2.1

Introduction

There is often confusion about the fourth industrial revolution and industry 4.0. Some have tended to use 4IR and Industry 4.0 interchangeably. Literature indicates that these terms do not necessarily mean the same thing. Whilst industry 4.0 is more concerned with smart industries, and it is a concept that emerged in Germany, 4IR is more broader. In explaining 4IR, Phillbeck and Davis (2019) indicate that it is a sequence of substantial shifts in the mode that economic, political, and social value is created, traded, and distributed. Furthermore, Phillbeck and Davis (2019) indicate that these shifts in values are intrinsically interconnected to the emergence of emerging technologies that cut across the digital, physical, and biological spaces, and they are most dominant when they are connected and reinforce one another. Understood in this context, 4IR can be seen as the broader of the two terms, as it is not necessarily concerned about one industry and one technology, but about the economic and political system, and the technology integration to create, exchange, and distribute value. To contextualise the Fourth Industrial Revolution (4IR), it is essential to have an understanding of the previous revolutions which have led us to this point. The National Academy of Science and Engineering (2013)

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_2

11

12

T. MOLOI AND T. MARWALA

has defined the four general phases, albeit from the perspective of the technological evolution. Jindal and Sindu (2022) indicate that the first industrial revolution took place when the steam engine was invented, and labourintensive processes were replaced by steam-engine-powered vehicles, locomotives, and industrial developments. These developments led to enhanced processes which improved capacity and productivity. According to Macpherson (1962) and Phillbeck and Davis (2019), other effects of this change included more urbanisation, advances in regional and global market economies, increased consolidations of democratic governments, and an increasing size of the middle class in the western hemisphere. In the second industrial revolution, there was the magic of electricity. This means that with this magic, power plants, streetlights, and moving electricity using cables made much life easier. According to and Phillbeck and Davis (2019), science and technology emerged as fundamental aspects of better life and human progress. These must have been the heydays of entrepreneurs as they could take advantage of advances in science and technology during product development. As new scientific and technological ways were applied in the production processes, a great deal of standardisation, technical complexity, and precision in manufacturing (Hughes, 2004; Phillbeck & Davis, 2019; Smil, 2005) took place, which meant enhanced effectiveness and efficiency, reduction in the cost of production, and, by extension, affordable products. In the third industrial revolution, automation took place. Once again, those who lived during this period experienced a revolution as factories could manufacture goods quicker than what human beings could ever think of doing. Moloi and Marwala (2020), citing the work of Agrawal et al. (2018), Marwala and Hurwitz (2017) concur with the description of the third industrial revolution above. They refer to this revolution as a digital revolution which brought computerisation, which included mainframe computers, personal computers (PCs), the internet, and the information and communication technology (ICT) which we continue to use today. In concurring with the work of Agrawal et al. (2018), Marwala and Hurwitz (2017), Phillbeck and Davis (2019) indicate that many governments of the world and many businesses began to recognise the power of computing for two reasons, namely performing complex calculations, and the general-purpose use. Moloi and Marwala (2020) maintain the same position.

2

THE FOURTH INDUSTRIAL REVOLUTION

13

According to Phillbeck and Davis (2019), the rapid progress towards increasing computational power was a catalyst to an interconnected and complex world. Furthermore, this computational power is still driving change. In essence, the industrial revolution was catalysed by the invention of the transistor. This has been a period of technological advancement from analog technology to digital technology. During the 2016 World Economic Forum, Schwab (2016) began to make reference to the concept which would later be referred as the Fourth Industrial Revolution (4IR). The WEF is a forum which brings together various stakeholders that then engage in political, business, and cultural issues. These engagements, the WEF (2023) argues, shape all sorts of agendas including global, regional, and even industry specific agendas. In introducing the 4IR concept, Schwab (2016) proposes that 4IR took the form of new waves of innovations which tend to use different modern technologies, such as 3D printing, Internet of Things (IoT), block chain, artificial intelligence (AI), big economy, and cloud computing. This is consistent with Jindal and Sindu (2022) who view 4IR as the product of advances in technological developments of artificial intelligence (AI), machine learning, and robotics combined with highcomputing power and big data. For Herweijer and Waughray (2018), 4IR should be understood as a blend of advanced artificial intelligence (AI), robotics, biotechnology, blockchain, the Internet of Things (IoT), 3D printing, quantum computing, and other related technologies. Moloi and Marwala (2020) submit that 4IR ‘has brought with it the advent of cyber-physical systems which is a presentation of a new way in which technology becomes embedded within societies, i.e. business, government, civil society etc., and the human body.’ Citing Harari (2018), Agrawal et al. (2018), Marwala and Hurwitz (2017), Moloi and Marwala point out that literature indicates that 4IR is driven by the rapid convergence of advanced technologies across the biological, physical, and digital worlds. Similarly to others (Agrawal et al., 2018; Harari, 2018; Marwala & Hurwitz, 2017), Moloi and Marwala concede that 4IR is driven by emerging technology breakthroughs in a number of fields, which include robotics, AI, biotechnology, 3D printing, advanced materials such as graphene, IoT, and blockchain amongst other fields. The advances in AI have led to new products such as self-driving cars, virtual assistants, and precise diagnosis of critical diseases. Jindal and Sindu (2022) indicate that AI in the 4IR is making way for transformative

14

T. MOLOI AND T. MARWALA

changes in the domestic and business segments, especially in the design, production, and distribution systems (Jindal & Sindu, 2022: 45). Some have opposed the idea that the technologies mentioned above are completely new, in a manner that they should then be referred to as a revolution. They have proposed that this could just be a continuation of the progression of digital technologies which have been in place as early as the 1990s. Some critics of 4IR include Rifkin (2011) who has asserted that 4IR is not a new revolution but rather the extension of the Third Industrial Revolution (3IR). The views espoused by Rifkin (2011) also find expression in Nuvolari (2019). In this regard, the latter indicates that these technologies could be seen as simply recent or possible future advances of the information and ICT system. Taalbi (2019) also dismisses 4IR and asserts that the advances in ICT systems should be categorised as part of the third industrial revolution.

2.2 Approaches by Leading Nations in the Fourth Industrial Revolutions The World Economic Forum (WEF) describes 4IR as being more than just technology-driven change. It views 4IR as a chance to assist all people, including political, economic, and business leaders, policymakers, and people globally, to exploit converging technologies to build an inclusive and human-centred future. The WEF continues to state that 4IR is characterised by various emerging technologies that fuse the physical, digital, and biological spaces, influencing all sectors, and challenging the very notion of what it means to be human. In the book entitled Dynamic Auditing, Marx et al. (2022) indicate that 4IR began to emerge round about the 2000s. They point to the fact that the focus of revolution has been the rise of intelligent systems. This is consistent with the fusion of the physical, digital, and biological worlds as observed by the WEF. For Marx et al. (2022), these intelligent systems are as result of a variety of key technologies that have emerged. (These technologies are discussed in detail in Chapter 3). Amongst other technologies, they include artificial intelligence, robotic process automation, IoT, 3D printing, blockchain, genetic engineering, and quantum computing. For McBride and Chatzky (2019), the integration of technologies such as big data analytical tools, cloud computing, blockchain, and other emerging

2

THE FOURTH INDUSTRIAL REVOLUTION

15

technologies into global manufacturing supply chains is what makes 4IR an interesting revolution from which countries such as the People’s Republic of China have drawn inspiration, as they design their industrial policies to reduce reliance on certain key strategic industries from other countries. Perhaps it is because of the view that 4IR is a chance to advance everyone globally to exploit converging technologies to build an inclusive and human-centred future that many countries globally have devised national strategies to guide and harness their efforts on 4IR. That said, there are two countries competing to be global leaders in the 4IR space, namely the PRC and the USA. These two countries appear to have different approaches towards 4IR, and the approaches could be broadly categorised as market led approach and state backed approach. 2.2.1

The People’s Republic of China

The People’s Republic of China (PRC) has embraced the 4IR. According to Doshi (2020), the PRC does not look at 4IR as having to do only with competition between companies, but it also seeks to lead the next revolution. Based on this observation, Doshi (2020) indicates that the PRC is pursuing the state sponsored approach to technology leadership. The state backed effort of technology leadership in the PRC is supported by the following: • heavy investment in research and development (R&D); • excellent infrastructure and industrial policies supporting China’s ambitions; • manufacturing capabilities and strong linkages to the global supply chains; and • a robust and capable operation based on the best practice and global technology standards and that potentially determines the future of important industries (Doshi, 2020). It is clear from the discussions above that the PRC, through the state backed effort (incentives) afforded its manufacturing industry, has opted to view 4IR in the context of it being a sequence of substantial shifts in the mode of economic, technological, political, and social values built, traded, and distributed.

16

T. MOLOI AND T. MARWALA

It could be argued that the 2015 industrial policy plan is part of viewing 4IR in more broader lenses. In 2015, the PRC outlined its industrial policy plan (Made in China). This plan sought to transform the PRC from just being ‘a manufacturing giant to a world manufacturing power’ by the year 2049 (McBride & Chatzky, 2019). This industrial policy plan prioritises ten key sectors, namely: • • • • • • • • • •

New information technology; High-end numerically controlled machine tools and robots; Aerospace equipment; Ocean engineering equipment and high-end vessels; High-end rail transportation equipment; Energy-saving cars and new energy cars; Electrical equipment; Farming machines; New materials, such as polymers; and Bio-medicine and high-end medical equipment.

According to Kai (2019), the industrial policy plan came at the back of PRC having the most complete industrial systems and supply chains in the world today. Furthermore, it came at the time when the PRC had its manufacturing industry ranking top of the world in terms of size and total volume. Having said this, though, Kai has argued that even though the PRC has a giant factory output, and subsidies for these key industries, efficiency is still the main chocking block of the system. 2.2.2

The United States of America

Having played an important role in the previous industrial revolutions, the USA, with its huge culture of entrepreneurship, continues to play a significant role in the fourth industrial revolution. Even though the United States continues to be a leader globally, there are concerns, that the country’s resilience, competitivenes, and security have weakened. Therefore, Doshi (2019) notes that even though the US continues to have advantages over the PRC when it comes to the fourth industrial revolution, contrary to what is observed in the PRC, the USA’s manufacturing and technology leadership has weakened that country’s resilience, competitiveness, and security. Daemmrich (2017) concurs with

2

THE FOURTH INDUSTRIAL REVOLUTION

17

Doshi’s (2019) submission to the USA congress, in which it is indicated that organisational and institutional structures supporting inventors and facilitating returns to corporate innovation in the USA will require to adjust if the USA is to be the leader in the fourth and the next industrial revolutions. Institutional structures could be inferred to indicate policies. de Boer (2020) higlights the advantages that the USA still has, and argues that from a commercial point of view, massive advantages in the fourth industrial revolution as there are factors that are working in its favour. Similar to others, de Boer (2020) points to the entrepreneurship culture characterising the USA, which rewards risk-takers and those willing to try new things, as one of the key advantages. 2.2.3

Comparisons of the Approaches to the Fourth Industrial by the USA and the PRC

Figure 2.1 provides some of the key comparisons of the policy approaches to the fourth industrial revolution between the two leaders in the fourth industrial revolution, namely the USA and the PRC. What is apparent in the two policy approaches is the emphasis of both countries on artificial intelligence and data.

2.3

Points to Ponder

• 4IR and Industry 4.0 do not refer to the same thing. 4IR can be seen as the broader of the two terms, as it is not necessarily concerned about one industry and one technology, but about the economic and political system, and the technology integration to create, exchange, and distribute value. • Many countries have moved quickly to develop national 4IR strategies for the purpose of taking advantage of advances in technologies. The two leading countries are the PRC and the USA. • The PRC and the USA appear to be following two distinct approaches to 4IR which could be broadly categorised as a market led approach and a state backed approach. • The PRC does not look at 4IR as having to do only with competition between companies, but seems to have a geopolitical approach to this; for instance, they see 4IR as a catalyst which will determine the country that will lead the next revolution.

18

T. MOLOI AND T. MARWALA

USA

PRC

Approach:

Approach:

Market driven

State backed

Key policy:

Key policy:

Federal Data Strategy 2021

New Generation AI

Action Plan

Development Plan for 2030

National AI R&D Strategic Plan

Made in China industrial

Strenghtening and

policy

democratising the US AI innovation ecoystem

Fig. 2.1 Comparison of the policy approaches to the fourth industrial revoluion between the USA and the PRC (Source Authors’ conceptualization)

• The USA continues to have advantages over the PRC when it comes to the fourth industrial revolution. • There are concerns in Washington that the USA’s resilience, competitivenes, and security have weakened. To tame the weaknesses, and to ensure that the USA remains a leader in the next revolution, organisational and institutional structures will need to be adjusted. • One of the key advantages for the USA is its huge culture of entrepreneurship. • Of interest is the policy positions of both countries when it comes to the fourth industrial revolution. The policies emphasise artificial intelligence and data.

References Agrawal, A., Gans, J., & Goldfarb, A. (2018). Prediction Machines: The Simple Economics Of Artificial Intelligence. Harvard Business Review Press.

2

THE FOURTH INDUSTRIAL REVOLUTION

19

Daemmrich, A. (2017). Invention, Innovation Systems, and the Fourth Industrial Revolution. Technology & Innovation, 18(4), 257–265. De Boer, (2019). Sparking the Fourth Industrial Revolution in U.S. Manufacturing. Retrieved 4 January 2023, from https://www.mckinsey.com/cap abilities/operations/our-insights/operations-blog/sparking-the-fourth-indust rial-revolution-in-us-manufacturing Doshi, R. (2020). The United States, China, and the Contest for the Fourth Industrial Revolution. [Online], Available at https://www.brookings.edu/articles/ the-united-states-china-and-the-contest-for-the-fourth-industrial-revolution/ Herweijer, C., & Waughray, D. (2018). Fourth Industrial Revolution for the Earth: Harnessing Artificial Intelligence for the Earth. PriceWaterhouseCoopers. Jindal, P., & Sindhu, R. K. (2022). Opportunities and Challenges of the Fourth Industrial Revolution: Artificial Intelligence and the Fourth Industrial Revolution. Jenny Stanford Publishing. Kai, J. (2019). U.S.-China Trade War and the Fourth Industrial Revolution. Retrieved 4 January 2023, from https://thediplomat.com/2019/09/u-schina-trade-war-and-the-fourth-industrial-revolution/ Harari, Y. N. (2018). 21 Lessons for the 21st century. Jonathan Cape. Hughes, T. (2004). Technology as Second Creation, Human Built World. University of Chicago Press. Macpherson, C. B. (1962). The Political Theory of Possessive Individualism: Hobbes to Locke. Oxford University Press. Marx, B. van der Watt, A., Bourne, P., & Moloi, T. (2022). Dynamic Auditing. 14th Edition. LexisNexis Marwala, T., & Hurwitz, E. (2017). Artificial Intelligence and Economic Theory: Skynet in the Market. Springer. Moloi, T., & Marwala, T. (2020). Artificial Intelligence in Economics and Finance Theories. Springer Nature. McBride, J., & Chatzky, A. (2019). Is made in China 2025 a threat to global trade? Retrieved 16 March 2023, from https://www.cfr.org/backgrounder/ made-china-2025-threat-global-trade National Academy of Science and Engineering–ACATECH. (2013). Recommendations for Implementing the Strategic Initiative Industrie 4.0. Final Report of the Industrie 4.0 Working Group. Frankfurt: ACATECH. Report. Nuvolari, A. (2019). Understanding Successive Industrial Revolutions: A Development Block Approach. Environmental Innovation and Societal Transitions, 32, 33–44. Phillbeck, T., & Davies, N. (2019). The Fourth Industrial Revolution: Shaping and New Era. Retrieved 4 January 2023, from https://jia.sipa.columbia.edu/ fourth-industrial-revolution-shaping-new-era

20

T. MOLOI AND T. MARWALA

Rifkin, J. (2011). The Third Industrial Revolution: How Lateral Power is Transforming Energy, the Economy, and the World. Palgrave Macmillan. Schwab, K. (2016). The Forth Industrial Revolution. World Economic Forum. Smil, V. (2005). Creating the 20th Century: Technical Innovations of 1867–2014 and Their Lasting Impact. Oxford University Press. Taalbi, J. (2019). Origins and pathways of innovation in the third industrial revolution. Industrial and Corporate Change, 28(5), 1125-1148. https:// doi.org/10.1093/icc/dty053 WEF. (2023). The World Economic Forum. Retrieved 16 March 2023, from https://www.weforum.org/about/world-economic-forum WEF. (nd). Fourth Industrial Revolution. Retrieved 16 March 2023, from https://www.weforum.org/focus/fourth-industrial-revolution#:~:text=The% 20Fourth%20Industrial%20Revolution%20is,inclusive%2C%20human%2Dcent red%20future

CHAPTER 3

Technologies of the Fourth Industrial Revolution

3.1

Introduction

The fourth industrial revolution is characterised by the emergence of new technologies that span the digital, physical, and biological worlds. According to Phillbeck and Davis (2019), what makes the fourth industrial revolution more impactful than other revolutions are the combination and reinforcement of these technologies. Contrary to Lu (2017) who views the fourth industrial revolution and industry 4.0 as terms that can be used interchangeably, in Chapter 2 of this book, it was indicated that the fourth industrial revolution was a much broader concept than industry 4.0, which is limited to the specific industry. In a broader sense, and which view of the concept of the fourth industrial revolution we also share, Phillbeck and Davis (2019) see the fourth industrial revolution as ‘a series of significant shifts in the way that economic, political, and social value is being created, exchanged, and distributed.’ Viewed in these lenses, the technologies of the fourth industrial revolution are crucial in changing production, organisational processes, and economic directions in nations (Li et al., 2021; Qi et al., 2021; Sun et al., 2021). Having said this, we concur with Lu (2017) on the the combination and reinforcement of fourth industrial revolution technologies. In Lu (2017), the fourth industrial revolution culminates through technologies © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_3

21

22

T. MOLOI AND T. MARWALA

that are ‘adapted, integrated, service-oriented, optimized, and interoperable manufacturing process that uses algorithms, big data, and emerging technologies that transform production patterns from mass production to mass customization’ (Lu, 2017). This is consistent with Ruzarovsky et al. (2020) where these technologies are viewed as ‘fully intelligent, interconnected, and digitized production factories and organization activities’ (Ruzarovsky et al., 2020). Perhaps the fully intelligent, interconnected, and digitised organisational activities are a very important concept for the purpose of our treatise, which seeks to understand one of the organisational processes, namely enterprise-wide risk management, in the context of the fourth industrial revolution. The ability for reinforcement and integration (sometimes referred to as inteconnectedness) between and amongst these technologies is a catalyst for the increased computational power. According to PwC (2019), there are more than 250 emerging technologies which researchers in the fourth industrial revolution space have since identified. For the purposes of this treatise, our focus is on the most commonly known fourth industrial revolution technologies, which in some quarters have been referred as the pillars of the fourth industrial revolution. In other words, we concede that discussion of each of the more than 250 technologies would require a treatise of its own. Schwab (2016) concurs with the idea that the greatest advantage in the fourth industrial revolution is the ability of these technologies to integrate and reinforce each other. This view is reiterated in Harari (2018), where one of the advantages of the modern day technologies is said to be their interconnectedness. Schwab (2016) goes on to assert that the fourth industrial revolution takes the form of new waves of innovations which tend to use different modern technologies, such as 3D printing, Internet of things (IoT), artificial intelligence (AI), big data analytics tools, and cloud computing. Jindal and Sindu (2022) add to the list such technologies as machine learning, and robotics combined with high-computing power. Herweijer and Waughray (2018) add quantum computing, and other related technologies. Moloi and Marwala (2020) add biotechnology, and advanced materials such as graphene and blockchain technologies. Other technologies are cloud computing (Agrawal et al., 2018) and big data analytics tools (Marwala & Hurwitz, 2017).

3

TECHNOLOGIES OF THE FOURTH INDUSTRIAL REVOLUTION

23

Table 3.1 Technologies of the fourth industrial revolution Scholars

Technologies

• • • • • • •

• • • • • • • • • • • •

Schwab (2016) Herweijer and Waughray (2018) Marwala and Hurwitz (2017) Agrawal et al. (2018) Jindal and Sindu (2022) Moloi and Marwala (2020) Ruzarovsky et al. (2020)

• • • •

3D printing Internet of things (IoT) Artificial intelligence (AI) Big data analytics tools Cloud computing Machine learning Robotics and autonomous robots Quantum computing Biotechnology Advanced materials such as graphene Blockchain technologies Augmented reality and Virtual reality System integration Cyber security Simulation Digital twin

Source Authors’ conceptualisation

To the list of the fourth industrial revolution technologies above, Ruzarovsky et al. (2020) add the Augmented Reality, System Integration, Cyber Security, Autonomous Robots, and Simulation. Furthermore, Koh, Orzes, and Jia (2019) bring up the digital twin. Table 3.1 summarises the fourth industrial revolution technologies. With as many as of the emerging fourth industrial revolution technologies connecting and getting integrated with each other, many products and services have also emerged. In an attempt to capture some of the examples of new products that are embedded in the fourth industrial revolution technologies, Jindal and Sindu (2022) point to the self-driven cars, virtual assistants, and precise diagnosis of critical diseases.

3.2

Technologies of the Fourth Industrial Revolution

According to WEF, 4IR is characterised ‘by a range of new technologies that are fusing the physical, digital, and biological worlds, impacting all disciplines, economies, and industries, and even challenging ideas

24

T. MOLOI AND T. MARWALA

about what it means to be human.’ In other words, there is an integration of technologies in the 4IR. Some of these technologies described by the WEF above are artificial intelligence, data analytical tools, cloud computing, robotics, the Internet of Things (IoT), 3D printing, genetic engineering, and quantum computing. For the purposes of this treatise, we outline and discuss a few of these technologies, namely artificial intelligence, machine learning, natural language processing, robotic process automation, simulation/ virtual reality/augmented reality, big data analytics. This book seeks to understand entreprise risk management in the context of the fourth industrial revolution. These fourth industrial revolution technologies are discussed in this chapter because we believe that they have the potential of improving the entreprise risk management process, making the decision-making process far much quicker, enhanced, and more informed. 3.2.1

Artificial Intelligence (AI)

As has been established in Moloi and Marwala (2020, 2021), the most generic definition of artificial intelligence is that it is the quest to make machines intelligent. In other words, it allows machines to mimic the actions of human beings. Over time, so many debates have emerged as to whether machines can be as intelligent as human beings and whether it would be ethical, and to a point safe, if machines were to get to this point. We accept that various definitions of artificial intelligence exist. These definitions continue to evolve with time. As artificial intelligence evolves and new technologies emerge, we expect that the definition of artificial intelligence will also evolve. This is simply because when we define the phenomenon, we tend to give it the definition of what we know about that particular phenomenon. To contextualise this point, in the first quarter of 2023, Google introduced Bard, which is Google’s experimental conversational AI service powered by Language Model for Dialogue Applications (LaMDA). In its simplest form, Bard could be viewed as an artificial intelligence-powered chatbot whose focus is to create text. Because it is a bot, a human can issue a command to the bot in a natural way in which humans converse, then the bot responds (Elias, 2023). Observers have agreed that the release of Bard was a response to the advances made by OpenAI, another advance in artificial intelligence

3

TECHNOLOGIES OF THE FOURTH INDUSTRIAL REVOLUTION

25

released in the last quarter of 2022 by OpenAI, GPT. The initial version of GPT released was GPT-3.5. This has since been updated to GPT4. According to OpenAI (2023), ‘GPT-4 is a large multimodal model (accepting image and text inputs, emitting text outputs) that, while less capable than humans in many real-world scenarios, exhibits human-level performance on various professional and academic benchmarks.’ From the finance perspective, early April in 2023, it was reported that Bloomberg had released a paper that set out the development of BloombergGPT. According to Pandolfo (2023), BloombergGPT will join other large language models such as Google’s Bard and Open AI’s GPT. This large language model is trained on a massive amount of financial data to assist with a variety of natural language processing (NLP) tasks within the financial industry. Accordingly, this large language model will be capable of ‘rapidly analysing financial data to assist with making risk assessments, judge financial sentiment, and potentially even automate accounting and auditing tasks and more’ (Pandolfo, 2023). Even though these generative models have their own weaknesses, it is apparent that there are advances in artificial intelligence. To some point, we expect that new definitions of artificial intelligence will emerge to cover these changes. Our expectations are that the changes in the definition will feature more of natural language processing. At a conceptual level, there are two classifications of artificial intelligence, namely strong and weak artificial intelligence (Moloi & Marwala, 2020). A strong artificial intelligence will typically be characterised by the ability of a machine agent to perform various tasks, whereas weak artificial intelligence will perform a single task. Marx et al. (2022) indicate that in addition to this distinction, the strong machine learner would have a capacity to learn on its own, which eventually becomes crucial in solving new problems. On the other hand, a weak AI is typically characterised by a machine agent that relies on its maker, a human agent, to define the key parameters. According to Moloi and Marwala (2020, 2021), there are three forms of artificial intelligence which can be applicable in the business context. They list these as Machine Learning, Natural Language Processing, and Robotic Process Automation. The three forms are discussed below.

26

T. MOLOI AND T. MARWALA

3.2.2

Machine Learning (ML)

According to Marx et al. (2022), citing Chollet (2017), machine learning is often confused with the traditional software used to analyse data. Chollet (2017) submits that the difference lies in the human intervention and explains that the traditional software is characterised by a combination of human-created rules with data so that answers can be created to address the problem. However, instead of using data so that answers can be created to address the problem, the machine learner uses data and answers to discover the rules behind the problem (Chollet, 2017). The strength of machine learning is in discovery. Machine learning has the ability to find valuable underlying patterns within complex data. Marx et al. (2022), citing Alpaydin (2020), indicate that in traditional approaches, human agents were tasked to find these patterns, which consumed a lot of time, and the process was often plagued with errors. This means that there is effectiveness, efficiency, reduction of errors, and speed amongst other benefits of using machine learning algorithms. There are various methods of machine learning algorithms, and these include Supervised, Unsupervised, Semi-Supervised, and Reinforcement learning methods. These are depicted in the Fig. 3.1

Supervised learning methods

Semi-supervised learning methods

Unsupervised learning methods

Reinforcement learning methods

Fig. 3.1 Machine learning algorithm methods (Source Authors’ conceptualization)

3

TECHNOLOGIES OF THE FOURTH INDUSTRIAL REVOLUTION

27

For the machine to learn, which for instance could be seen as a process of fitting the model, data will be required. This data repository would be explored to discover the underlying patterns. For instance, we would be able to understand what the data tell us. To learn from these data, we could employ the supervised learning methods, unsupervised learning methods, semi-supervised learning methods, or the reinforcement learning methods. • Supervised learning methods would typically contain or be used to learn from classification and regression problems. The data that the machine algorithm is learning from would be labelled in this case. • Unsupervised learning methods would typically associate data or cluster (group) them. The algorithm would learn from the data, and attempt to create the associations or the groups from the data. The data that the machine algorithm is learning from would be unlabelled in this case. • Semi-supervised learning is typically viewed as a bridge between supervised learning and unsupervised learning. In this regard, the machine algorithm is learning from both the labelled and the unlabelled data. • Reinforcement learning methods would typically use estimation errors. These errors are guided by rules which contain rewards or penalties to optimise the performance of the model. The model will then learn from the rewards or penalties to determine the ideal behaviour.

3.2.3

Natural Language Processing (NLP)

Perhaps the most interesting aspect of artificial intelligence is natural language processing, owing to recent developments in the field. Marx et al. (2022), citing Moloi and Marwala (2021), indicate that natural language processing must be understood as a combination of various fields, including computer science, artificial intelligence, and linguistics. There are various techniques in the natural language processing, including:

28

T. MOLOI AND T. MARWALA

• Text Classification—This technique is concerned with the classification of text. It is possibly the first stage of the process where the raw data are classified into certain structures for further processing. • Sentiment Analysis—In this technique, the sentence/ statement will be tagged with a particular sentiment, say positive, negative, or neutral. This will then be aggregated to gain insights as to whether the sentiment is positive, neutral, or negative. • Named Entity Recognition—This technique uses a similar approach to the sentiment analysis. The only difference is that it will go to the unit to determine the number of times the person, organisation, or value appears on the test. • Summarisation—This technique breaks down the test in a statement into a group of words. • Topic Modelling—The intention here is to determine common topics. The technique will cluster the text to form common groups or topics from the cluster. • Stemming—This technique intends to measure the intent of the word. The word will be broken down to the core to understand the meaning. In this case, the verb becomes an important determiner of the intent of the word. Therefore, words which can be categorised as having the same verb would be grouped together. Time does not matter. • Lemmatisation—This technique is almost a similar technique to stemming, which intends to measure the intent of the word. The difference is that words are grouped based on their root definition. In other words, it allows us to account for time on the verb, which allows us to categorise the verbs based on time.

3.2.4

Robotic Process Automation (RPA)

Perhaps the most understood tool or software in the business environment (risk management) is arguably robotic process automation. Generally, in the business environment, there are many repetitive tasks. The emergence of robotic process automation has mostly been useful in carrying out manual and repetitive tasks which would have been identified as time-consuming and a source of risk, as human beings could get bored whilst doing them.

3

TECHNOLOGIES OF THE FOURTH INDUSTRIAL REVOLUTION

29

Citing Moloi and Marwala (2021), Marx et al. (2022) indicate that robotic process automation has many benefits such as cost reduction, time efficiencies, better accuracy rate, improved governance environment, better customer advocacy and retention, improved checks and balances, increased speed and productivity, easy integration into existing technologies, and super-scalability. In the context of enterprise risk management, time efficiencies, better accuracy rate, improved governance environment, improved checks and balances, increased speed and productivity would be beneficial for the process. 3.2.5

Augmented Reality/Simulation

Marx et al. (2022) indicate that the augmented reality provides a user with an interactive experience of the real world. It is characterised by the computer enhancing or modifying the users’ experience of objects, which allows the user to simulate the real world. 3.2.6

Big Data (BD)

Big data could be defined as an emerging computational ability to treat extensive data sets to reveal the underlying trends, patterns, and relationships within data. There are so many examples of what could be contained in the big data. Marx et al. (2022) indicate that big data could include ‘transactions and records, which is called structured data, or files, documents, text, which is called the semi-structured, or logs from the IoT, which is called the unstructured data sets.’ Marx et al. (2022) argue that these extensive data sets would ordinarily be difficult to treat using traditional processing approaches which do not contain the computational ability. They indicate that the solution to the inability to deal with extensive data sets for the traditional data processing approaches has been to sample and make observations (Marx et al., 2022). The main advantages of big data analytics are that they provide a tool to analyse big datasets, which is crucial for hindsight, insight, and foresight. In this regard, they could generate predictive analytics for the purposes of forecasting (foresight) as well as understanding essential dimensions such as trends, patterns, and relationships within data (hindsight and insight).

30

T. MOLOI AND T. MARWALA

3.3

Points to Ponder

• There are more than 250 emerging technologies which researchers in the fourth industrial revolution space have since identified. • The main fourth industrial revolution technologies revolve around 3D printing, Internet of things (IoT), Artificial intelligence (AI), Big data analytics tools, Cloud computing, Machine learning, Robotics and autonomous robots, Quantum computing, Biotechnology, Advanced materials such as graphene, Blockchain technologies, Augmented reality and Virtual reality, System integration, Cyber security, Simulation, and Digital twin. • The greatest advantages of the fourth industrial revolution are the ability of technologies to reinforce each other, and their integration/ interconnectedness. • For the purposes of the treatise, technologies deemed to be crucial in the entreprise risk management process include supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics. • Reinforcement and the ability to integrate are believed to have potential of improving the entreprise risk management process, making the decision-making process far much quicker, enhanced, and more informed for the stakeholders in the enterprise risk management process. • Supervised learning methods, unsupervised learning methods, semisupervised learning methods, or the reinforcement learning methods play key roles in the enterprise risk management setting. • The ability of using natural language processing techniques to classify text, analyse sentiments, recognise the named entity, summarise text and model topics, be stemmed and lemmatised, makes it an important aspect of enterprise risk management process in the fourth industrial revolution. • The robotics process automation is perhaps the most understood tool or software in the business environment (risk management). We are of the view that in the business environment, there are many repetitive tasks that employees perform. The emergence of the robotic process automation has mostly been useful in carrying out such manual and repetitive tasks, which would have been identified

3

TECHNOLOGIES OF THE FOURTH INDUSTRIAL REVOLUTION

31

as time-consuming and a source of risk, as human beings could get bored whilst doing them. • Big data analytics has a potential for being a crucial tool in the strategic risk assessments in particular, as executive management assess data to have hindsight, insight, and foresight. Big data analytics would be useful in generating predictive analytics for the purposes of forecasting (foresight) as well as understanding essential dimensions such as trends, patterns, and relationships within data (hindsight and insight) in the enterprise risk management user with an interactive experience of the real world. • Augmented reality could be crucial since a computer could be used to enhance or modify the risk manager’s experience of objects, which allows the user to simulate the real world.

References Agrawal, A., Gans, J., & Goldfarb, A. (2018). Prediction Machines: The Simple Economics Of Artificial Intelligence. Harvard Business Review Press. Alpaydin, E. (2020). Introduction to Machine Learning. 4th Edition, MIT Press Academic, Cambridge. Chollet, F. (2017). Deep learning with Python. Shelter Island Manning. Manning Publications Company. Elias, J. (2023). Google reshuffles virtual assistant unit with focus on Bard A.I. technology. Retrieved 16 March 2023, from https://www.cnbc.com/2023/ 03/29/google-reorganization-in-assistant-follows-bard-launch-memo-says. html Harari, Y. N. (2018). 21 Lessons for the 21st century. Jonathan Cape. Herweijer, C., & Waughray, D. (2018). Fourth Industrial Revolution for the Earth: Harnessing Artificial Intelligence for the Earth. PriceWaterhouseCoopers. Jindal, P., & Sindhu, R. K. (2022). Opportunities and Challenges of the Fourth Industrial Revolution: Artificial Intelligence and the Fourth Industrial Revolution. Jenny Stanford Publishing. Koh, L., Orzes, G., & Jia, F. (2019). The fourth industrial revolution (Industry 4.0): technologies’ disruption on operations and supply chain management. International Journal of Operations and Production Management, 39 (6/7/8), 817–828. Li, S., Cai, X., Emaminejad, S. A., Juneja, A., Niroula, S., Oh, S., Wallington, K., Cusick, R. D., Gramig, B. M., John, S., McIsaac, G. F., & Singh, V. (2021).

32

T. MOLOI AND T. MARWALA

Developing an Integrated Technology—Environment—Economics Model to Stimulate Food—Energy—Water Systems in Corn Belt Watersheds. Environ. Model, 143(1), 1–15. Lu, Y. (2017). Industry 4.0: A Survey on Technologies, Applications and Open Research Issues. Journal of Industrial Information Integration, 6(1), 1–10. Marx, B., van der Watt, A., Bourne, P., & Moloi, T. (2022). Dynamic Auditing. 14th Edition. LexisNexis. Marwala, T., & Hurwitz, E. (2017). Artificial Intelligence and Economic Theory: Skynet in the Market. Springer. Moloi, T., & Marwala, T. (2020). Artificial Intelligence in Economics and Finance Theories. Advanced Information and Knowledge Processing. Springer Nature. Moloi, T., & Marwala, T. (2021). Artificial Intelligence and the Changing Nature of Corporation: How Technologies Shape Strategy and Operations. Future of Business and Finance. Springer Nature. OpenAI (2023). GPT-4. Retrieved 16 March 2023, from https://openai.com/ research/gpt-4 Pandolfo, C. (2023). Bloomberg unveils finance-focused AI model Bloomberg GPT . Retrieved 02 May 2023, from https://www.foxbusiness.com/markets/blo omberg-unveils-finance-focused-ai-model-bloomberg-gpt Phillbeck, T., & Davies, N. (2019). The Fourth Industrial Revolution: Shaping and New Era. Retrieved 4 January 2023, from https://jia.sipa.columbia.edu/ fourth-industrial-revolution-shaping-new-era PriceWaterhouseCoopers. (2019). The Fourth Industrial Revolution. Are you Ready? Retrieved 1 March 2023, from https://www.pwc.com/us/en/lib rary/4ir-ready.html Qi, X., Li, J., Yuan, W., & Wang, R. Y. (2021). Coordinating the Food— Energy—Water—Nexus in Grain Production in the Context of Rural Livelihood Transitions and Farmland Resource Constraints. Retrieved 16 March 2023, from https://doi.org/10.1016/j.resconrec.2020.105148 Ruzarovsky, R., Holubek, R., Janicek, M., Velisek, K., & Tirian, G. (2020). Analysis of the Industry 4.0 Key Elements and Technologies Implementation in the Festo Didactic Educational Systems, (ICAS 2020). Retrieved 16 March 2023, from https://doi.org/10.1088/1742-6596 Schwab, K. (2016). The Fourth Industrial Revolution. World Economic Forum. Sun, C., Yan, X., & Zhao, L. (2021). Coupling Efficiency Measurement and Spatial Correlation Characteristics of Water—Energy—Food Nexus in China. Resources, Conservation and Recycling, 164, 105151. https://doi.org/10. 1016/j.resconrec.2020.105151 WEF. (2023). The World Economic Forum. Retrieved 16 March 2023, from https://www.weforum.org/about/world-economic-forum

3

TECHNOLOGIES OF THE FOURTH INDUSTRIAL REVOLUTION

33

WEF. (nd). Fourth Industrial Revolution. Retrieved 16 March 2023, from https://www.weforum.org/focus/fourth-industrial-revolution#:~:text=The% 20Fourth%20Industrial%20Revolution%20is,inclusive%2C%20human%2Dcent red%20future

CHAPTER 4

The Concept of Enterprise Risk Management

4.1

Introduction

Over the the decades, the concept and the nature of risk management has evolved to meet the changing needs and challenges faced by corporations. In articulating these changes, the World Economic Forum (WEF) has characterised it as an ever-increasing volatility, uncertainty, complexity, and ambiguity of the world. The Institute of Risk Management (IRM, 2018) suggests that ‘disruption’ is the best way to describe the current competitive landscape. The early practitioners of risk management viewed it as a compliance exercise. In essence, as they practised risk management, they focused primarily on identifying and mitigating financial risks. Over the decades, and because the complexities and interconnectedness that the corporate world finds itself in, ERM has emerged as the preferred management system as its approach is more holistic and takes into account the broader risks faced by corporations. ERM has received great attention and growth on a global scale, and this is reflected by the issue of regulations globally, such as the COSO framework on ERM issued by Committee of Sponsoring Organizations of the Treadway Commission. In the COSO framework, risk is described as ‘the possibility that events will occur and affect the achievement of strategy and business objectives’ (Sobel et al., 2020). © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_4

35

36

T. MOLOI AND T. MARWALA

In the traditional risk management process, various divisions or departments of a corporation would use various frameworks in order to manage risks. As ERM emerged, corporations realised the need to have an adequate risk management system which provides a holistic framework that allows corporations to manage financial losses that could be caused by disruptions to operations, loss of market presence, unexpected events, and damage to reputation (ISO, 2018; Perera et al., 2020).

4.2

Evolution of Enterprise Risk Management

The evolution of ERM can be traced back to the 1990s, when many large corporations began to recognise the need for a more integrated approach to risk management. This was driven in part by the increasing complexity of business operations and the globalisation of markets, which meant that risks were no longer confined to specific departments or geographic regions. At this time, ERM primarily focused on managing financial risks such as market, credit, and liquidity risks. The emphasis was on developing risk models that could accurately quantify the probability and impact of various risks and, using this information, to inform hedging strategies and other risk mitigation measures. However, as the world became more volatile, and was filled with uncertainties, complex, and ambiguous, corporates also began to face other types of risk, such as operational, strategic, and reputational risks. As such, ERM evolved to encompass a broader range of risks. This required a more integrated approach that involved collaboration between different departments and stakeholders, and a deeper understanding of the interconnectedness of risks. Currently, ERM has become an essential part of corporate governance, with many organisations adopting formal ERM frameworks to help them identify, assess, and manage risks on an ongoing basis. These frameworks typically involve a systematic process of identifying key risks, assessing their likelihood and impact, developing strategies to mitigate them, and monitoring and reporting on their risk performance over a period of time. In this regard, the King Report on Corporate Governance places the responsibility of risk governance on the governing body. Thus, principle 11 of the King IV Report on corporate Governance for South Africa requires that the governing body should govern risk in a way that supports the organisation in setting and achieving its strategic objectives (IoDSA, 2016).

4

THE CONCEPT OF ENTERPRISE RISK MANAGEMENT

37

For the governing boards to deliver on the risk governance mandate, Natesan and Plessis (2019) suggest, they should carefully examine and adopt the US National Association of Corporate Directors (NACD) guidelines which require that governing bodies should: • Understand not only the organisation’s key success drivers but also the risks implicit in its strategy. The organisation’s business model will reveal the most important risks, and this will enable the governing body to engage with management in determining how much risk the organisation is prepared to assume to create value. This will entail a continual, robust yet constructive dialogue with management. One of the lessons of the 2008 financial crisis was that boards seemed not to have properly understood their organisations’ key success drivers and their risks. • Define the roles of the governing body and its standing committees regarding risk. It is critical to remember that governing bodies have a risk oversight role, not a risk management one. • Establish whether the organisation’s risk management system is fit for purpose, and that it is well-resourced. Frequently, risk management is not integrated into strategy but is implemented as an afterthought. It is also essential that an organisation ensures that it has the right resources, including people with the correct skills, to be effective. • Make sure the governing body gets the right kind of risk information. Information needs to be both complete and insightful— copious is not good enough. • Assess the risks inherent in the corporate culture and incentive structure. Another lesson from the financial crisis is that corporate culture and incentive structures can promote excessive risk-taking. This is a highly complex area, and unintended consequences abound. • Monitor and ensure that strategy, risk, controls, compliance, and culture are all aligned. This is essentially pulling all the above principles into a coherent whole. • Review the board’s risk oversight processes, including horizon scanning. As with all its key duties, the governing body should periodically review how effective its risk oversight processes are. Care should also be taken to keep abreast of new and emerging risks. Because it does not have responsibility of the running of the organisation, the

38

T. MOLOI AND T. MARWALA

governing body is best placed to keep an eye on rapidly moving clouds on the horizon. One of the key drivers of this evolution has been the increasing emphasis on sustainability and corporate social responsibility. As businesses have become more aware of the environmental and social impacts of their operations, they have recognised the need to manage these risks as part of their overall risk management strategy. Overall, the evolution of ERM has been a gradual and ongoing process that reflects the changing needs and challenges faced by businesses over time. As the business environment continues to evolve, it is likely that ERM will continue to evolve with it, helping organisations to adapt and manage risks in an increasingly complex and interconnected world.

4.3 Some of the Definitions of Enterprise Risk Management According to ISO 31000, enterprise risk management (ERM) is the framework or methods used by organisations in identifying and managing risks. ERM is a disciplined holistic approach to address, identify, and manage the risk of the organisation, replacing the traditional risk management silo approach (ISO, 2018). Furthermore, ERM allows corporations to manage risks and take advantage of opportunities. According to the Casualty Actuarial Society (CAS), ERM is as the process by which organisations in all industries assess, control, exploit, finance, and monitor risks from all sources for the purpose of increasing the organisation’s short- and long-term value to its stakeholders (CAS Enterprise Risk Management Commitee, 20023). Chapman and Ward (2003) define ERM as the ‘process that combines the organization’s entire risk management activities in one integrated, holistic framework to achieve a comprehensive cooperate perspective’ (Chapman & Ward, 2003; ISO, 2018). Therefore, ERM suggests a change in the way risks are managed.

4

THE CONCEPT OF ENTERPRISE RISK MANAGEMENT

39

4.4 Traditional Risk Management vs Enterprise Risk Management According to Beasley (2019), corporate leaders have always included risk management in their day to day running of their businesses. As such, the idea of managing risks cannot be thought of as a new concept for corporate leaders. The difference in the manner in which risks are managed in the traditional approach to risk management and the enterprise risk management approach is that, on one hand, in the traditional approach, every unit within a corporation determined its own risks. ERM, on the other hand, looks at risk from a broader organisational level. The differences in the two approaches are further depicted in the Table 4.1. Both the TRM and the ERM consist of five steps (5); however, the ERM steps are more comprehensive than the ERM steps. Table 4.2 lists the steps in the TRM and the ERM. Similar to what can be noted from Table 4.2 above, Ogutu, Bennet, and Olawoyin (2018) and Simona-lulila (2014) indicate that the risk managemnt process consists of five steps. Accordingly, Ogutu, Bennet, and Olawoyin (2018) and Simona-lulila (2014) make a distinction that TRM assesses pure risk whilst ERM assesses both pure risk and speculative risk. For these authors, pure risk refers to having a loss or no loss and its obvious mitigation is insurance, and examples are fire to a building or Table 4.1 Traditional Risk Management (TRM) vs Enterprise Risk Management (ERM)

Approach

TRM

ERM

Silo

Holistic

Source Authors’ conceptualisation

Table 4.2 Steps in the TRM and the ERM

Steps

TRM

ERM

Risk Risk Risk Risk Risk

Objective setting Risk identification Risk assessment Risk response and monitoring Risk governance

identification analysis control financing administration

Source Authors’ conceptualisation; information sourced fromOgutu, Bennet, and Olawoyin (2018)

40

T. MOLOI AND T. MARWALA

a break-in at a building. However, they define speculative risk as a risk where possible outcome can either be loss, profit, or the status quo being maintained, for example, when there is neither loss nor profit. For Nocco and Stulz (2006), within the TRM system, corporate risk was the responsibility of a risk manager, which would often be a relatively junior position within the corporation. The main responsibility of the function would be to ensure that risk is managed through insurance and hedging of financial exposures. The ERM approach is different, as it introduces the Chief Risk Officer (CRO). The CRO is a member of the executive team and his/her main responsibilities include overseeing enterprise risk management. They report to the board committees and the board, which is responsible for risk management and is overseen by a board of directors, responsible for monitoring risk measures and setting limits for such measures (Moloi & Oyedokun, 2021; Nocco & Stulz, 2006). According to Beasley (2019), there are limitations in assessing and managing through the traditional risk management approach. These include: • The possibility of having other risks falling through the gaps between the different units in an organisation. Those risks that do not fall within any unit or are not perceived as important in the units would be missed. • Some risks may affect different units, albeit differently. A wholistic approach to managing such risks is needed to ensure efficacy of the management actions. • Divisional leaders may not be aware of how their proposed mitigations may affect other units. • In some cases, it would be difficult to link the risks with strategic planning. The risks are assessed at unit level whilst strategic planning happens at a higher level and sometimes the link between the two is not apparent. • In most cases, when risk assessment is done at unit level, it is usually intrinsic and focuses on the internal risks and less so on the external risks that may affect the business. Some researchers have argued that ERM acted as natural evolution of the concept of risk management (Fraser & Simkins, 2007). With the

4

THE CONCEPT OF ENTERPRISE RISK MANAGEMENT

41

realisation of the limitations of the historic way of doing risk management, many corporate leaders started embracing ERM, which was initially defined differently by many, until consensus started emerging (Bromiley, Mcshane, Nair, & Rustambekov, 2015). First, there was general consensus that ERM assumes that managing risk at organisational level is far more beneficial than managing risk at unit level within an organisation. Secondly, over and above the traditional components of risk (product liability and accidents), ERM includes strategic risks such as product obsolescence or competitor activities. Lastly, common consensus was that ERM does not see risk as a problem to be solved, but rather as an opportunity to have a competitive edge (Bromiley, Mcshane, Nair, & Rustambekov, 2015). From the discussions above, it is apparent that there are benefits associated with managing risks in a holistic manner. According to Moloi and Oyedokun (2021), managing risks in an enterprise risk management setting has various benefits for an organisation, and these benefits may include: • An organisation’s ability to overcome the silo mentality—Enterprise risk management overcomes the silo mentality within the enterprise. However, lack of coordination could bring risks as one part of the enterprise may not necessarily be up to date with what is happening in other parts of the enterprise. • Enhanced efficiencies owing to coordination—If there is no coordination, there is a chance that some activities could be duplicated. This could be costly and time-consuming as issues which may have been better dealt with elsewhere have the potential of being double handled. • Establishment of a uniform way of managing risks—Enterprise risk management allows the enterprise to have a uniform way of identifying, managing, and responding to risks. It also offers an opportunity for internal benchmarking. The inability of one area of an enterprise to meet the targets could impact other enterprise units; for example, if other units are aware of the risks that another unit faces within an enterprise, they can plan adequately, hence their mitigation actions to the risks emanating elsewhere within the enterprise, which downs the risk impact at the source. • Enhanced stakeholder oversight on risks facing the organisation— The rationalised information agreed upon by various stakeholders

42

T. MOLOI AND T. MARWALA

within an enterprise has the potential of adequately diagnosing significant issues and providing well thought and calibrated information that the board could utilise to make decisions. Adopting enterprise risk management has the potential of ensuring that the allocation of resources is based on the comprehensive information passed through and calibrated by various enterprise stakeholders (Moloi & Oyedokun, 2021).

4.5

Enterprise Risk Management Frameworks

Whilst consensus has started emerging on the common elements that describe ERM, several conceptual frameworks still exist (Gatzert & Martin, 2015). A conceptual framework refers to the depiction of relationships between the variables of the study, or the characteristics under investigation. It has been argued that ERM frameworks are a catalyst to assisting corporates as they establish a constant risk management culture regardless of their. It was the Committee of the Sponsoring Organizations of the Treadway Commission (COSO) that published the first enterprise-wide risk management framework two decades ago. In 1994, two years after this initial publication, this integrated framework was amended. At the time, this was seen as the first attempt to better the risk management practices by providing guidelines. Since the development of the integrated framework, organisations in all shapes and sizes adopted this phenomenon to identify and mitigate risks to achieve the goals and objectives of the firm (COSO, 2017). Having outlined the origins of enterprise risk management frameworks, and briefly discussed the origins of the COSO framework, Moloi and Oyedukun (2021) have argued that globally, there are two frameworks that have been used more widely than the others, namely the COSO and the International Organisation for Standardisation (ISO) 31,000 Risk Management Standard (WBCSD, 2017). Below, we discuss the risk management frameworks. 4.5.1

The COSO Enterprise Risk Management Framework

As indicated, the COSO ERM framework was developed by the Committee of Sponsoring Organizations of the Treadway Commission

4

THE CONCEPT OF ENTERPRISE RISK MANAGEMENT

43

(COSO) in the United States. According to IRM (2018) and Pierce and Goldstein (2016), COSO had to take a lead on this because it is a wellknown and trusted body that has done a lot of work within the risk management and internal control space for a long time and is regarded as authority in internal control guidance (IRM, 2018; Pierce & Goldstein, 2016). IRM (2018) and Pierce and Goldstein (2016) provide a background of COSO’s goals, and they indicate that the goals evolved from looking at fraudulent financial reporting to include ERM amongst others things. In addition, Moloi and Oyedukun (2021) indicate that the first iteration came to the fore in 1992. Accordingly, the 1992 COSO framework was welcomed and deemed by practitioners as a ‘comprehensive framework for helping organisations assess and improve their internal control systems’ (COSO, 1992). In 2004, COSO published another ERM framework titled Enterprise Risk Management—Integrated Framework (IRM, 2018; Pierce & Goldstein, 2016). Moloi and Oyedukun (2021) indicate that this 2004 version of the framework introduced four critical layers of an enterprise, namely the enterprise strategy, operations, reporting, and compliance. Therefore, this was viewed as an extension of the one dimensional and internal control-focused 1992 iteration. Furthermore, IRM (2018) and Pierce and Goldstein (2016) indicate that the 2004 publication was followed by a series of other publications dealing with specific issues relating to the implementation of the ERM guidelines, including the 2009 Effective Enterprise Risk Oversight: The Role of the Board of Directors. As a result of a multiple surveys undertaken by other independent reviewers between 2009 and 2015, COSO decided to review their 2004 framework and the result was the 2017 Enterprise Risk Management—Aligning Risk with Strategy and Performance (Pierce & Goldstein, 2016). According to Moloi and Oyedukun (2021), the results of the surveys, as well as the mid-period reviews which had resulted in various reports, indicated that the 2004 iteration had its challenges even though it was an improvement from the 1992 iteration. Oliva (2016) presents the analysis of the ERM strategic framework in the Brazilian supply chain of companies where three theoretical pillars are adopted, namely New Institutional Economics, ERM, and Supply Chain and Enterprises based on analysing the ERM in large supply chain companies. Their study indicated that the framework of 2004 had some challenges.

44

T. MOLOI AND T. MARWALA

In a study, Caron et al. (2013) adopted the eight components of the COSO ERM framework. Their aim was to illustrate the risks involved in handling of insurance claims in process mining. They note that even though the COSO ERM was considered theoretically sound, literature does not describe all the components of its model based on the process analytics approach (Caron et al., 2013). This most probably explains why some organisations take too long to process claims because they do not have continuous monitoring controls for implementing timely corrective actions as they happen, and thus expediate claims processes. Following this observation, Sithipolvanichgul (2016) argues that the COSO, 2004 ERM framework is only applicable in firms with accounting literature. Accordingly, the framework had some gaps and it needed some improvement, as this is done by ISO to improve and move with the times. There was a noteworthy comment in the argument made by Sithipolvanichgul (2016), where it was suggested that not fully understanding the cause and effect of the COSO (2004) integrated framework might trigger such thoughts. Aligning with the above, Moloi and Oyedukun (2021) indicate that there was a drive to improve the framework. COSO and PwC partnered to develop a new framework to respond to the identified deficiencies by providing guidelines to the users on how strategy and performance can be integrated (COSO, 2017). Therefore, the updated COSO ERM 2017 version was published, and it dwelt much on ERM framework strategies and its performance for the board and senior management in institutions of all sizes. In 2017, COSO introduced a revised version of its corporate risk management framework of 2004 and called it ERM—Integrating with Strategy and Performance. This revision was a result of many reasons, including the increasing complexity of doing business and the emergence of new risks; changing customer behaviour resulting in unpredictable global economic scenarios; the evolution of technology that requires organisations to be able to deal with some of the consequences such as cyber fraud etc., and increasing demands for transparency. These are just some of the reasons, there were further revisions to ensure that it is responsive to an ever-changing business setting (Pierce & Goldstein, 2016). One of the more practical reasons for the revision was that organisations were implementing ERM separately from the strategic planning process (IRM, 2018). The new approach thus attempts to correct this silo

4

THE CONCEPT OF ENTERPRISE RISK MANAGEMENT

45

approach and integrate risk management with strategy development and performance. In addition, the new approach responds to the lack of sufficient guidance on the formulation and application of risk appetite from the initial framework. The latest COSO (2017) framework narrows down the oversight of the board at viewing risks, challenging management on instituting suitable strategies and the firm’s risk appetite. The business objectives, vision of the firm, and statement must be in line with the implemented strategies (Perera et al., 2020). Hence, the revised framework gives tools to help organisations envision how strategic planning aligns with risk appetite and risk capacity (ILO, 2023; IRM, 2018). The most notable difference between the 2017 framework and the 2004 framework is structure. The 2017 framework has only 5 components and 20 principles. These principles are applicable to all organisational sizes and types, thus making their applicability easy to implement (Schroeder, 2019). 4.5.2

The ISO 31000 Framework

Another popular framework is the ISO 31000, which was developed by the International Organization for Standardization (Altanashat et al., 2019). The ISO 31000 came as a result of the review of the Australian and New Zealand standards (AZ/NZS 4360). During this review, it was agreed that an international standard was required, hence the birth of the ISO 31000 (Moloi & Oyedokun, 2021). This framework emphasises the need for a systematic approach to risk management, including the identification and assessment of risks, the implementation of controls, and ongoing monitoring and review. One of the key features of the ISO 31000 framework is that it is designed to be flexible and adaptable to meet the unique needs of different organisations (ILO, 2023).

4.6

Points to Ponder

• Whilst there are many different frameworks that explain the concept of ERM, there are two which are more popular, namely the COSO Framework and the ISO 31000. • The COSO framework has gone through various stages of development. One of the reasons for the revision was that corporations were implementing ERM separately from the strategic planning process.

46

T. MOLOI AND T. MARWALA

• The revised COSO framework gives tools to help organisations envision how strategic planning aligns with risk appetite and risk capacity. • ISO 31000 is designed to be a flexible standard. The framework emphasises the need for a systematic approach to risk management, including the identification and assessment of risks, the implementation of controls, and ongoing monitoring and review.

References Altanashat, M., Dubai, M. A., & Alhety, S. (2019). The Impact of Enterprise Risk Management on Institutional Performance in Jordanian Public Shareholding Companies. Journal of Business and Reatil Management Research, 13(3), 256– 268. Beasley, M. (2019). What is Enterprise Risk Management. North Carolina State University. Bromiley, P., Mcshane, M., Nair, A., and Rustambekov, E. (2015). Enterprise Risk Management: Review, Critique and Research Directions. Long Range Planning (pp. 265–276). Caron, F., Vanthienen, J., & Baesens, B. (2013). A Comprehensive Investigation of the Applicability of Process Mining Techniques for Enterprise Risk Management. Computers in Industry, 64(4), 464–475. https://doi.org/10. 1016/j.compind.2013.02.001 Chapman, C., & Ward, S. (2003). Project Risk Management Processes, Techniques and Insights. John Wiley & Sons Ltd. COSO. (1992). Internal Control—Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission. COSO. (2004). Enterprise Risk Management—Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission. COSO. (2017). Enterprise Risk Management—Integrating Strategy with Performance. Committee of Sponsoring Organizations of the Treadway Commission. Fraser, J. R., & Simkins, B. J. (2007). Ten Common Misconceptions about Enterprise Risk Management. Journal of Applied Corporate Finance, 19, 75–81. Gatzert, N., & Martin, M. (2015). Determinants and Value of Enterprise Risk Management: Empirical Evidence from the Literature. Risk Management and Insurance Review, 18(1), 29–53.

4

THE CONCEPT OF ENTERPRISE RISK MANAGEMENT

47

ILO. (2023). Enterprise Risk Management: A Guide for Employer and Business Membership Orgainations to Promote Efficicency and Business Resillience. International Labour Office. IoDSA. (2016). King IV Report. Accessed 11 November 2022, from https:// www.iodsa.co.za/page/king_iv_report IRM. (2018). From the Cube to the Rainbow Double Helix: A Risk Practitioner’s Guide to the COSO ERM Frameworks. IRM. ISO 31000. (2018). Risk Management—Principles and Guidelines. Switzerland. Moloi, T. (2015). Critical Analysis of Audit Committee Reporting in National Government Departments: The Case of South Africa. International Public Administrative Review, 16, 67–86. Moloi, T. (2018). Analysing the Human Capital Capabilities in the Enterprise Risk Management Function of South Africa’s Public Institutions. Business and Economic Horizons, 14(2), 375–388. Moloi, T., & Oyedokun, G. E. (2021). Enterprise Risk Management and fraud examination processes. OGE Business School Publisher. Natesan, P., & du Plessis, P. (2019). Key Principles of Risk Oversight. Accessed 11 November 2022, from https://www.iodsa.co.za/news/452777/Key-pri nciples-of-risk-oversight.htm Nocco, B. W., & Stulz, R. M. (2006). Enterprise Risk Management: Theory and Practice. Journal of Applied Corporate Finance, 18(4), 8–20. Ogutu, J., Bennet, M. R., & Olawoyin, I. (2018). Closing the Gap between Traditional and Enterprise Risk Management Systems. Professional Safety (pp. 42–47). Oliva, F. L. (2016). A Maturity Model for Enterprise Risk Management. International Journal of Production Economics, 173, 66–79. https://doi.org/10. 1016/j.ijpe.2015.12.007 Perera, A. A. S., Rahmat, A. K., Khatibi, A., & Ferdous-Azam, S. M. (2020). Review of Literature: Implementation of Enterprise Risk Management into Higher Education. International Journal of Education and Research, 8(10). www.ijern.com Pierce, E. M., & Goldstein, J. (2016). Moving Risk Managment to Strategic Risk Management: Revised COSO ERM Framework. 14th Global Conference on Busness and Economics. Oxford, United Kingdom. Schroeder, T. (2019, July 29). Softexpert. Retrieved from Sofexpert: http://blog. sofexpert.com/en/new-coso-erm-framework/ Simona-lulia, C. (2014). Comparative Study Between Traditional and Enterprise Risk Management—A Theoretical Approach. The Annals of the University of Oradea. Economic Sciences (pp. 274–280). Sithipolvanichgul, J. (2016). Enterprise Risk Management and Firm Performance: Developing Risk Management Measurement in Accounting Practice. Accessed

48

T. MOLOI AND T. MARWALA

18 April 2023, from https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos. 70441 Sobel, P. J., Murdock, D. C., Thomson, J. C., & Miller, P. K. (2020). The Institute of Internal Auditors (IIA) Preface COSO Board Members. Accessed 18 April 2023, from https://www.coso.org/Shared%20Documents/Compli ance-Risk-Management-Applying-the-COSO-ERM-Framework.pdf WBCSD. (2017). Sustainability and Enterprise Risk Management: The Fisrt Step Towards Integration. World Business Council for Sustainable Development.

CHAPTER 5

Stakeholders in the Enterprise Risk Management Setting

5.1

Introduction

A stakeholder will typically mean someone who holds a stake, or interest within an enterprise. In a risk management setting, a stakeholder is any risk management role player. We classify two types of stakeholders in risk management, namely internal stakeholders and external stakeholders. Internal stakeholders are those stakeholders with a role in processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things. All these impact the manner in which the risk information flows from the source to the integration stage. External stakeholders would be those stakeholders with which the enterprise interacts in the environment in which it operates. Managing the flow of information from the internal stakeholders and external stakeholders is vital for integrating the information in a way that does not omit any detail that is crucial in the life of an enterprise. Literature has a vast number of studies that examine stakeholders and their roles. Most literature define stakeholders as a special interest group within an enterprise. As indicated above, and from a risk management perspective, there are many role players in risk management. Some studies have even indicated

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_5

49

50

T. MOLOI AND T. MARWALA

that, within an enterprise, every employee should see themselves as a risk manager. Within the combined assurance perspective, assurance providers would comprise both internal and external assurance providers. Assurance providers/stakeholders would, in the process, typically include management, compliance function, risk management function, internal audit function as well as external auditors. According to IoD (2016), ‘a combined assurance model incorporates and optimises all assurance services and functions so that, taken as a whole, these enable an effective control environment, support the integrity of information used for decision-making by management, the governing body and its committees, and support the integrity of the organisation’s external reports.’ Viewed using the lenses of the combined assurance model, enterprise risk management looks at organisational risks holistically. ISO (2018) concurs that enterprise risk management is a disciplined holistic approach to address, identify, and manage the risk of the organisation, replacing the traditional risk management silo approach (ISO, 2018). We think that the enterprise risk management process is crucial and enables the understanding of the risk profile of an organisation. In our view, the challenge would be the integrity of information used by management, the governing body, and its committees for decisionmaking. The information emerges from a variety of stakeholders within an organisation. As such, understanding these stakeholders and the information that they supply within the enterprise risk setting is very important. In Fig. 5.1, we show the nexus of internal and external stakeholders in an enterprise risk management setting. The sections below discuss internal and external stakeholders in enterprise risk management.

5.2

Internal Stakeholders

In Chapter 8 of this book, we propose that the risk management field could be thought of as relying on information. Chapter 8 gives an example of a risk manager, and indicates that to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, a risk manager would need to have information about that particular risk. Information is subject to the three types of complexity proposed above. These include those caused by the architectural nature of the organisation,

5

STAKEHOLDERS IN THE ENTERPRISE RISK MANAGEMENT …

Fig. 5.1 Internal and external stakeholders in the enterprise risk management setting (Source Authors’ conceptualisation)

51

External stakeholders

Internal stakeholder

Internal and external stakeholders in the enterprise risk setting

those that result from internal dynamics of the organisation, and those emanating from external shocks such as political, economic, and natural factors. These three types of complexity are discussed in Chapter 8 of this treatise. Internal stakeholders would typically include the following stakeholders: • • • •

Employees; Heads of departments/ divisions; Executive committees; Internal assurance providers such as the compliance function of the enterprise, the risk management function of the enterprise, and the internal audit function of the enterprise; • The board committees; and • The board (Moloi, 2015, 2018). The internal stakeholders in enterprise risk management are further depicted in Fig. 5.2. Enterprise-wide risk management policies would differ from one enterprise to the next. In some enterprises, the risk information will take either the bottom-up approach or the top-down approach. In the bottom-up

52

T. MOLOI AND T. MARWALA

Fig. 5.2 Internal stakeholders in the enterprise risk management setting (Source Authors’ conceptualization)

Non-managerial employees, heads of departments, and executive committee members

Internal assurance providers

Board of Directors and the committees of the board

approach, the risks are identified, analysed, and rated, and mitigations are defined using a bottom-up approach. This means that the information moves from the bottom echelons of the enterprise up to the top echelons. The Monash Business School (2023a) concurs and describes the bottom-up approach as a participative approach to planning in which there is involvement at all levels. Therefore, plans are developed at the lower levels of an organisation and funnelled up through consecutive levels until they reach top management. In the top-down approach, the risks are identified, analysed, and rated, and mitigations are defined using a top-down approach. This means that the information flows from the top echelons of the enterprise down to the lower echelons. Essentially, the top-down approach is the opposite of the bottom-up approach. The Monash Business School (2023b) describes the top-down approach as an approach to planning in which senior management determines objectives, strategies, tactics, etc., with minimal input from subordinates. Even though the proponents of each approach would argue its strengths, clearly, there are weaknesses in both the top-down and the bottom-up approaches. In the context of the enterprise-wide risk management, Moloi and Oyedokun (2021) fear that within the process, whether it follows the top-down or bottom-up approach, human agents could miss

5

STAKEHOLDERS IN THE ENTERPRISE RISK MANAGEMENT …

53

some of the most crucial information that informs the understanding of risk. For instance, if the bottom-up approach was the sole approach deployed within an enterprise risk setting, the people may not, in the process, be senior enough or have enough exposure in strategic and external matters that could affect the enterprise. This information could be omitted, resulting in the clustering of risk incorrectly. We call this a strategic exposure gap, and it is elaborated further in Fig. 5.3. Having presented the strategic exposure gap in the enterprise risk management setting, we introduce the concept of operational exposure gap. The operational exposure gap would emerge if the top-down approach was the sole approach deployed within an enterprise risk setting. In this regard, the people may not be well-versed enough with the day to day processes, procedures, and operations, which would affect the enterprise. Once again, the granular information could be omitted, resulting in the clustering of risk incorrectly. We call this operational exposure gap. Figure 5.4 depicts this gap. To address the gaps in both the top-down and the bottom-up approaches to the information flow, the hybrid model is an ideal tool. It is an ideal tool because informed decision-making by the management in an enterprise is hugely dependent on the quality of information at their disposal. In their characterisation of good quality information, Rae et al. (2017) indicate that it has to be timely, accurate, and accessible. This is

No exposure to strategic information to inform the risks Flow of information

Flow of information

Fig. 5.3 A strategic exposure gap (Source Authors’ conceptualisation)

54

T. MOLOI AND T. MARWALA

Flow of information

Flow of information

No exposure to strategic information to inform the risks Fig. 5.4 The operational exposure gap (Source Authors’ conceptualisation)

consistent with Moloi and Oyedokun (2021), who submit that information gathering, analysis, management, accuracy, and dissemination speed are crucial risk management components. As such, the gaps in both the top-down and the bottom-up approaches to the information flow will not be good for the quality of information, hence the hybrid approach. In Fig. 5.5, we present the hybrid approach.

Fig. 5.5 The hybrid approach (Source Authors’ conceptualisation)

Information flows in a hybrid manner. No exposure to information leaks. Information flows in a hybrid manner. No exposure to information leaks. Information flows in a hybrid manner. No exposure to information leaks.

5

STAKEHOLDERS IN THE ENTERPRISE RISK MANAGEMENT …

5.3

55

External Stakeholders

The enterprise does not operate in isolation. It interacts with the environment within which it operates. The environment in which an enterprise operates could be characterised by local conditions, continental conditions, or global conditions. For example, on one hand, multinational enterprises and enterprises involved in export and import of goods and services will be directly impacted by local conditions, continental conditions, or global conditions. On the other hand, enterprises without continental and international presence will mainly be affected by local conditions. Therefore, stakeholders in the enterprise risk management of either type of enterprise would vary. External stakeholders in the enterprise risk management setting would typically include the following: • Local and foreign governments/ authorities; • Investors, lenders, customers, and suppliers; • Local communities and non-governmental with certain interest/ special interest groups; and • External assurance providers. Figure 5.6 present the external stakeholders in the enterprise risk management setting. It is important to indicate that the information emerging from the interaction of the enterprise with the external stakeholders is made part of the hybrid tool to close the potential risk information leaks in both the strategic and operational gaps. The main challenge of the hybrid approach which includes the information emerging from the external stakeholders in the enterprise risk management setting would be the complexities caused by various divisional processes, and the sheer size of information that would need to be analysed. Much as the hybrid approach incorporating external information would address the comprehensiveness concerns and the leaks, it also has its own shortcomings. There could be an impact on the accuracy of information and speed of decision-making. Technologies of the fourth industrial revolution such as discussed in Chapter 3 become crucial in addressing the accuracy and speed.

56

T. MOLOI AND T. MARWALA

Local and foreign governments/ authorities

Local communities and special interest groups

Investors, lenders, customers, and suppliers

External assurance providers

Fig. 5.6 External stakeholders in the enterprise risk management setting (Source Authors’ conceptualization)

5.4

Points to Ponder

• We define a stakeholder in a risk management setting as a role player in risk management. There are two types of stakeholders in a risk management setting, namely internal stakeholders and external stakeholders. • Internal stakeholders are those with a role in processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things, all which impact the manner in which the risk information flows from the source to the integration stage. External stakeholders would be those with which the enterprise interacts in the environment in which it operates. • It is reiterated that the risk management field is a field that relies on information. For any person to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk.

5

STAKEHOLDERS IN THE ENTERPRISE RISK MANAGEMENT …

57

• The information within the risk management setting is subject to three types of complexity, namely those caused by the architectural nature of the organisation, those that result from internal dynamics in the organisation, and those resulting from external shocks such as political, economic, and natural factors. • Owing to the differences in enterprise-wide risk management policies, the manner in which things are done in each enterprise would differ. In some enterprises, the risk information will either take the bottom-up approach or the top-down approach. • In the bottom-up approach, the risks are identified, analysed, and rated, and mitigations are defined using a bottom-up approach. This means that the information flow moves from the bottom echelons of the enterprise to the top echelons. • In the top-down approach, the risks are identified, analysed, and rated, and mitigations are defined using a top-down approach. This means that the information moves from the top echelons of the enterprise down to the lower echelons. Essentially, the topdown approach should be viewed as the opposite of the bottom-up approach. • We argue that both the top-down and the bottom-up approaches present gaps when it comes to information flow. We introduce the hybrid model which we argue to be an ideal tool. The hybrid tool closes potential risk information leaks in both the strategic and operational gaps. • The challenge of the hybrid approach is complexities emanating from various divisional processes. The sheer size of information that would need to be analysed would address the comprehensiveness concerns and the leaks. However, this has its own problems. It could impact the accuracy and speed of decision-making. Technologies of the fourth industrial revolution such as those discussed in Chapter 3 become crucial in addressing the accuracy and speed.

References IoDSA. (2016). King IV Report. Accessed 7 April 2023, from, https://www. iodsa.co.za/page/king-iv ISO. (2018). ISO 31000: Risk Management Guidelines. [Online], Available at https://www.iso.org/standard/65694.html

58

T. MOLOI AND T. MARWALA

Moloi, T. (2015). Critical Analysis of Audit Committee Reporting in National Government Departments: The Case of South Africa. International Public Administrative Review, 16, 67–86. Moloi, T. (2018). Analysing the Human Capital Capabilities in the Enterprise Risk Management Function of South Africa’s Public Institutions. Business and Economic Horizons, 14(2), 375–388. Moloi, T., & Oyedokun, G. E. (2021). Enterprise Risk Management and Fraud Examination Processes. OGE Business School Publisher. Monash Business School. (2023a). Bottom Up Approach to Planning. Accessed 16 March 2023, from https://www.monash.edu/business/marketing/market ing-dictionary/b/bottom-up-approach-to-planning Monash Business School. (2023b). Top Down Approach to Planning. Accessed 16 March 2023, from https://www.monash.edu/business/marketing/market ing-dictionary/b/bottom-up-approach-to-planning Rae, K., Sands, J., & Subramaniam, N. (2017). Associations among the Five Components within COSO Internal Control—Integrated Framework as the Underpinning of Quality Corporate Governance. AABFJ, 11(1), 28–54.

CHAPTER 6

Information Processing Steps and New Capabilities in the Enterprise Risk Management Setting

6.1

Introduction

Risk management could be argued to be a field that relies on information. For any person to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk. It is a field that could be prone to information asymmetry within the same company, should the information not be integrated properly. By nature, enterprises are complex. They are built upon layers of hierarchies, structures, and sometimes divisions. In essence, we are arguing here that an enterprise with no subsidiary would have a level of complexity different from an enterprise with a parent structure that has subsidiaries. For a multinational enterprise, one would expect a different level of complexity compared to a non-multinational enterprise. Besides the complexity caused by the nature of an enterprise, another complexity emanates from enterprise processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things, which all impact the manner in which the risk information flows from the source to the integration stage. This is consistent with Moloi and Oyedokun (2021) who indicate that risk management is not a separate enterprise process. In other words, risk cannot be viewed separately from other enterprise © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_6

59

60

T. MOLOI AND T. MARWALA

processes. Moloi and Oyedokun (2021) suggest that risk management should be interwoven with enterprise processes. This way, it becomes an enterprise-wide risk management. Another layer of complexity is caused by the fact that enterprises do not operate in a vacuum. They interact with the environment in which they operate. This exposes them to external shocks such as political, economic, and natural factors. Political factors would include wars, tensions between countries, and sanctions amongst other factors. Economic factors would include exchange rate movements, price movements, and general economic downturns. Examples of natural factors would include natural disasters and impact of climate change on enterprise performance. Considering the complexity caused by the architectural design of an enterprise, complexity emanating from enterprise processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things, as well as the complexity emanating from external shocks such as political, economical, and natural factors, it becomes clear that managing all these dynamics, and the information emanating from them, is equally important for enterprises survival. Figure 6.1 depicts the different enterprise complexities.

Enterprise architecture

Internal dynamics

External shocks

Fig. 6.1 Visualisation of enterprise complexities (Source Authors’ conceptualisation)

6

INFORMATION PROCESSING STEPS AND NEW CAPABILITIES …

61

In the midst of this great deal of information from the enterprise architecture to the external shock that needs to be considered, how should this information be processed to inform the risks faced by the organisation? How should it be integrated in a way that does not omit any detail that is crucial in the life of an enterprise? In essence, what are the factors that should inform the enterprise information processing ability when it comes to enterprise risk management? The following sections answer these questions.

6.2

Information Processing

Most literature on information processing has tended to focus on the role of computers in information processing (Dietel & Deitel, 2014) or has focused on the role of education or pyschology in information processing (Lachman et al., 1979). Some have concertrated on the information processing risk theory and information technology (Teymouri & Ashoori, 2011). The interest in this treatise is not necessarily on the pyschological aspect of information processing or the manner in which computers process information, but the general process of information processing. Establishing the general process of information processing is essential in demonstrating the importance of information processing capabilities in the enterprise risk management setting. The general process in information processing is essential in constructing the framework for processing a great deal of information from the enterprise architecture to the external shock that needs to be considered in the enterprise risk management setting. In this regard, the guidelines provided by Nemesh (2018) were found to be consistent with the objectives of this treatise. Their guidelines indicate that information processing essentially refers to the collection of data, capturing the information in a useful manner, which will make this information easy to retrieve and analyse, and to production of useful information that can be used in decision-making. According to Nemesh (2018), there are nine steps that are involved in information processing. These steps include acquiring information, inputting information, validating information, manipulating information, storing information, outputing information, communicating information, retrieving information, and disposing information. Figure 6.2 further depicts these steps.

62

T. MOLOI AND T. MARWALA

acquiring information

outputing information

communicating information

inputting information

storing information

retrieving information

validating information

manipulating information

disposing information

Fig. 6.2 Generic steps in information processing 2018 (Source Authors’ conceptualisation; Information sourced from Nemesh [])

We use these generic steps to guide the thinking of what is to be considered as general steps for information processing in the context of enterprise risk management. These are presented in the Fig. 6.3. When an enterprise considers the great deal of information from the enterprise architecture to the external shock, which informs the

Acquisition of information from inside and outside the enterprise

Integration of categorised information

Preparation of information

Determination of the meaning of information per category

Exploration of information

Categorisation of information

Use of information to make predictions or to gain foresight

Fig. 6.3 Generic steps in information processing in the context of enterprise risk management (Source Authors’ conceptualisation)

6

INFORMATION PROCESSING STEPS AND NEW CAPABILITIES …

63

process of enterprise risk management, what are the important capabilities? According to Li (2013), enterprises require comprehensive abilities to be in a position to integrate and aggregate the massive diverse information. By referring to lots of diverse information, Li (2013) could have in mind the complexities brought about the enterprise architecture, internal enterprise processes, and external shocks as shown in Fig. 6.1. At the beginning, this treatise argued that risk management is a field that relies heavily on information. An example was made that if any person was to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk. Information processing capabilities becomes one of the most important aspects in this field. In line with the above argument, for an enterprise to be in a position to acquire information from inside and outside the enterprise, prepare this information, explore and determine its meaning, categorise the information, determine the meaning of information per category, integrate the categorised information, and then utilise the information to make predictions or gain foresight, it must develop capabilities which will allow it to leverage technologies such as supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics. As argued in the early chapters, the reinforcement and the ability to integrate information are thought to have potential for improving the enterprise risk management process, making decision-making far much quicker, enhanced, and more informed. According to Rae et al. (2017), informed decision-making by the management in an enterprise is hugely dependent on the quality of information at their disposal. In their characterisation of good quality information, Rae et al. (2017) indicate that it has to be timely, accurate, and accessible. This is consistent with Moloi and Oyedokun’s (2021) study, where information gathering, analysis, management, accuracy, and dissemination speed are viewed as crucial risk management components. Where there are many repetitive tasks and complex processes, the robotic process automation capabilities would be useful in carrying out such tasks. Moloi and Oyedokun (2021) argue that data patterns emanating from more extensive data sources within and outside the organisation may not necessarily make sense to human agents, or they may take longer to analyse and understand. Supervised learning methods, unsupervised learning methods, semi-supervised learning methods, or

64

T. MOLOI AND T. MARWALA

the reinforcement learning methods have an important role in the data analysis in the enterprise risk management setting. As indicated, our considered view is that the ability of using natural language processing techniques to classify text, analyse sentiments, recognise the named entity, summarise text and model topics, stem and lemmatise textual data makes natural language processing an important aspect of enterprise risk management in the fourth industrial revolution. There are more comprehensive data sources within and outside the organisation. Some data could be structured, whereas some could be unstructured. Moloi and Oyedokun (2021) fear that human agents could miss some of this information. Investing in big data analytics as well as in capabilities has a potential for being a crucial tool in strategic risk assessments in particular, as executive management assesses data to have hindsight, insight, and foresight. As previously highlighted, big data analytics is thought to play a key role in generating predictive analytics for the purposes of forecasting (foresight) as well as for understanding essential dimensions such as trends, patterns, and relationships within data (hindsight and insight). Once more, in the enterprise risk management, augmented reality could be crucial as a computer could be used to enhance or modify the risk manager’s experience of objects, which allows the user to simulate the real world. A graphical depiction of the capabilities deemed necessary for an enterprise to be in a position to acquire the information from inside and outside the enterprise, prepare this information, explore and determine its meaning, categorise the information, determine the meaning of information per category, integrate the categorised information, and then utilise the information to make predictions or gain foresight is shown in Fig. 6.4.

6.3

Points to Ponder

• The risk management field could be argued as heavily relying on information. For any person to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk. • This treatise introduces three types of complexity, namely complexity caused by architectural nature of the organisation, complexity emanating from internal dynamics of the organisation,

6

INFORMATION PROCESSING STEPS AND NEW CAPABILITIES …

65

Fig. 6.4 Capabilities in the enterprise risk management setting (Source Authors’ conceptualisation)

and complexity resulting from external shocks such as political, economic, and natural factors. • Literature indicates that there are nine generic steps that are involved in the information processing, namely acquiring information, inputting information, validating information, manipulating information, storing information, outputing information, communicating information, retrieving information, and disposing information. • This treatise proposes six generic steps involved in the generic information processing in the enterprise risk management setting, and they include acquisition of information from inside and outside

66

T. MOLOI AND T. MARWALA

the enterprise, preparation of information, exploration of information, categorisation of information, determination of the meaning of information per category, integration of categorised information, and utilisation of information to make predictions or gain foresight. • If an enterprise is to be in a position to acquire the information from inside and outside the enterprise, prepare this information, explore and determine its meaning, categorise the information, determine the meaning of information per category, integrate the categorised information, and then utilise the information to make predictions or gain foresight, it is argued that it must first develop capabilities which will allow it to leverage technologies such as supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics.

References Dietel, H. M., & Deitel, B. (2014). An Introduction to Information Processing. Academic Press. Lachman, R., Lachman, J. L., & Butterfield. E. C. (1979). Cognitive Psychology and Information Processing: An Introduction. Taylor and Francis. Li, L. (2013). The Application of Information Technology in Enterprise Risk Management. International Conference on Quality, Reliability, Risk, Maintenance and Safety Engineering (pp. 2146–2150). IEEE. Moloi, T., & Oyedokun, G. E. (2021). Enterprise Risk Management and Fraud Examination Processes. OGE Business School Publisher. Nemesh, M. (2018, May 21). Encyclopedia of Business and Finance, 2nd ed. Accessed 16 March 2023, from Encycloperdia.com, https://www.encyclope dia.com/science-and-technology/computers-and-electrical-engineering/com puters-and-computing/information-processing Rae, K., Sands, J., & Subramaniam, N. (2017). Associations among the Five Componenets within COSO Internal Control—Integrated Framework as the Underpinning of Quality Corporate Governance. AABFJ, 11(1), 28–54. Teymouri, M., & Ashoori, M. (2011). The Impact of Information Technology on Risk Management. Procedia Computer Science, 3(1), 1602–1608.

CHAPTER 7

Enterprise Risk Management in the Fourth Industrial Revolution

7.1

Introduction

In Chapter 4, enterprise risk management was described as a holistic approach towards managing organisational risks. It was indicated that enterprise risk management differs from the traditional way of managing risks. The traditional way of managing risks emphasised silos, which posed a challenge regarding integrating risks and optimal resource allocation to manage and mitigate risks. Chapter 4 asserted that the move towards enterprise risk management was, to an extent, spearheaded by the changes in the world, a world that has become more volatile, full of uncertainties, complexities, and ambiguities (VUCA). In the VUCA world, enterprises could not continue on a business-as-usual (BAU) basis, as other types of risk such as operational, strategic, and reputational risk began to show face. As such, enterprise risk management evolved to encompass a broader range of risks. Enterprise risk management was described as requiring a more integrated approach that involved collaboration between different departments and stakeholders, and a deeper understanding of the interconnectedness of risks. Regarding the idea of a deeper understanding of risks, informed by risk information emanating from different departments and stakeholders, internal and external stakeholders are distinguished. Internal stakeholders, on one hand, are viewed as those stakeholders with a role © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_7

67

68

T. MOLOI AND T. MARWALA

in processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things, all which impact the manner in which the risk information flows from the source to the integration stage. On the other hand, external stakeholders are viewed as those stakeholders with which the enterprise interacts in the environment in which it operates. Given the external and internal context and stakeholders, information within the risk management setting would be subject to three types of complexities. These include those caused by the architectural nature of the organisation, those that emanate from internal dynamics of the organisation, and those resulting from external shocks such as political, economic, and natural factors. Furthermore, enterprises are different and they would adopt different enterprise risk management policies. This is because the manner in which things are done would differ from one enterprise to the next. In some enterprises, the risk information will take the bottom-up approach, whilst in others it will follow the top-down approach. The bottom-up approach to risk management would be characterised by the identification, analyses, rating, and mitigation of risk that is subjected to the bottom-up approach. This means that the information moves from the bottom echelons up to the top echelons of the enterprise. The top-down approach to risk management is characterised by risks identification, analyses, rating, and mitigation following the top-down approach. This means that the information flows from the top echelons down to the lower echelons of the enterprise. Essentially, the top-down approach should be viewed as the opposite of the bottom-up approach.

7.2 New Approaches to Enterprise Risk Management in the Fourth Industrial Revolution In Chapter 5, this treatise argued that both the the top-down and the bottom-up approaches present gaps when it comes to the information flow. The first gap emanates from the bottom-up approach, and it is known as the strategic gap. Since the bottom-up approach is subject to the risk information mushrooming from the bottom to the top, those that are identifying and assessing the risk information may not be that privy or exposed to strategic discussions within the enterprise, failing to close the strategic information gap.

7

ENTERPRISE RISK MANAGEMENT IN THE FOURTH …

69

Regarding the top-down approach, it was indicated that the information would typically flow from the top echelons of the enterprise down to the lower echelons. This approach also presents gaps when it comes to information flow. This gap is known as the operational gap. Since the topdown approach is subject to risk information flows from the top echelons to the bottom, those that are identifying and assessing the risk information may not be that privy or exposed to the day to day operational requirements, failing to close the operational information gap. They may operate at extremely higher levels, devoid of reality at the lowest levels of the enterprise. To mitigate the above challenges, this treatise introduced the hybrid model, which was argued to be an ideal tool. The hybrid tool was said to have potential to close risk information leaks in both the strategic and operational paradigms. Managing the flow of information from internal stakeholders and external stakeholders is vital for integrating the information in a way that does not omit any detail that is crucial in the life of an enterprise. The challenge of the hybrid approach was located in the complexities emanating from various divisional processes. For example, even though it has potential to address the comprehensiveness and the leaks, the sheer size of information that would need to be analysed is also problematic. It could impact the accuracy and speed of decision-making. Secondly, we fear that the vastness of information could impact the integrity of information used for decision-making by management, the governing body, and its committees. This is because in the complex structure (Fig. 7.1) which we have created for enterprise risk management in the fourth industrial revolution, information emerges from a variety of stakeholders within an organisation. In this regard, technologies of the fourth industrial revolution such as those discussed in Chapter 3 become crucial for addressing the accuracy and speed. As data become comprehensive and complex, the traditional enterprise risk management process would not be helpful in terms of speed, power, and accuracy. Enterprise risk management in the fourth industrial revolution would, for instance, adopt the big data analytics tools. The main advantages of big data analytics are that they provide a tool to analyse big datasets, which is crucial for hindsight, insight, and foresight. In this regard, they could generate predictive analytics for the purposes of forecasting (foresight) as well as understanding essential dimensions such as trends, patterns, and relationships within data (hindsight and insight).

70

T. MOLOI AND T. MARWALA

Information flows in a hybrid manner. No exposure to information leaks. Information flows in a hybrid manner. No exposure to information leaks. Information flows in a hybrid manner. No exposure to information leaks. Fig. 7.1 The hybrid approach to enterprise risk management (Source Authors’ conceptualisation)

Various machine learning algorithms are examples of the tools that can be utilised to deal with comprehensiveness and complexity of information. The strength of machine learning is in discovery. The advantage of machine learning is its ability to find valuable underlying patterns within complex data, which would be a difficult task for tradition enterprise risk management, which heavily relies heavily on human agents. The challenge with human agents is that they are prone to boredom and loss of concentration, which on its own could result in the process being plagued by errors. Enterprise risk management in the fourth industrial revolution would adopt machine learning, thus delivering information with effectiveness, efficiency, reduced errors, and improved speed. Some of the risk data emerging from the hybrid approach could be unstructured and contain a lot of textual information. We believe that here, the natural language processing would have an important role to play. Enterprise risk management in the fourth industrial revolution would deploy various techniques in the natural language processing. These techniques include the following: • Text Classification—This technique is concerned with the classification of text. It is possibly the first stage of the process where the raw data are classified into certain structures for further processing. • Sentiment Analysis—In this technique, the sentence/ statement will be tagged with a particular sentiment, say positive, negative, or

7

•

• • •

•

ENTERPRISE RISK MANAGEMENT IN THE FOURTH …

71

neutral. This will then be aggregated to gain insights as to whether the sentiment is positive, neutral, or negative. Named Entity Recognition—This technique uses a similar approach to sentiment analysis. The only difference is that it will go to the unit to determine the number of times a person, organisation, or value appears on the test. Summarisation—This technique breaks down the test in a statement into a group of words. Topic Modelling—The intention here is to determine common topics. The technique will cluster the text to form common groups or topics from the cluster. Stemming—This technique intends to measure the intent of the word. The word will be broken down to the core to understand the meaning. In this case, the verb becomes an important determiner of the intent of the word. In this regard, words which can be categorised as having the same verb would be grouped together. Time does not matter. Lemmatisation—This technique is almost similar to stemming, which intends to measure the intent of the word. The difference is that words are grouped based on their root definition. In other words, it allows us to account for time on the verb, which allows us to categorise the verbs based on time.

Different divisions of the enterprise could have different processes that are deployed. A human aggregator may miss the crucial information emerging from some of these processes. The enterprise risk management in the fourth industrial revolution would utilise robotic process automation. The adoption of robotic process automation would also be an important step for addressing repetitive tasks. Repetitive tasks are potential sources of risk as human beings could get bored whilst doing them. Enterprise risk management in the fourth industrial revolution could thus deploy robotic process automation to achieve time efficiencies, better accuracy rate, improved governance environment, better customer advocacy and retention, improved checks and balances, increased speed and productivity, easy integration into existing technologies and superscalability. In the context of enterprise risk management, this treatise asserts that time efficiencies, better accuracy rate, improved governance

72

T. MOLOI AND T. MARWALA

environment, improved checks and balances, increased speed and productivity would be beneficial for the process. Figure 7.2 conceptualises enterprise risk management in the fourth industrial revolution.

Internal and external contexts

Application of the Stakeholders in the enterprise risk management setting

applicable fourth industrial revolution

Big data emanating from external and internal environments as well as interactions with stakeholders (structured, semi structured, unstructured)

technologies in each of step to achieve hindsight/insights/ foresights.

Hindsights/Insights/Foresights

Fig. 7.2 Enterprise risk management in the fourth industrial revolution (Source Authors’ conceptualisation)

7

ENTERPRISE RISK MANAGEMENT IN THE FOURTH …

7.3

73

Points to Ponder

• Enterprise risk management in the fourth industrial revolution would consist of the hybrid approach, where information is collected in a hybrid manner rather than in either the bottom-up or top-down approaches. • The hybrid approach addresses information leaks, but it will be prone to complexities, and could lead to delays. However, it should still be seen as an enhancement of the traditional approach. As data become comprehensive and complex, the traditional enterprise risk management process would not be helpful in terms of speed, power, and accuracy. Enterprise risk management in the fourth industrial revolution would, for instance, adopt big data analytics tools. • Big data analytical tools could be machine learning algorithms. These tools can be utilised to deal with the comprehensiveness and complexity of information. The strength of machine learning is in discovery. Another advantage of machine learning is its ability to find valuable underlying patterns within complex data, which will be a difficult task for traditional enterprise risk management, which relies heavily on human agents, who are prone to boredom and loss of concentration, raising the likelihood of the process being plagued with errors. • Data may mean structured, semi-structured, or unstructured data. Some of the risk data emerging from the hybrid approach could contain a lot of textual information. We believe that natural language processing would have an important role to play. Enterprise risk management in the fourth industrial revolution would deploy various techniques of natural language processing such as text classification, sentiment analysis, named entity recognition, summarisation, topic modelling, stemming, and lemmatisation. • There are various complexities within an enterprise. One of the complexities is enterprise processes. Different divisions of the enterprise could have different processes that are deployed. A human aggregator may miss the crucial information emerging from some of these processes. Enterprise risk management in the fourth industrial revolution would utilise robotic process automation. The adoption of the robotic process automation would also be an important step for addressing repetitive tasks.

CHAPTER 8

The Changing Operating Environment and Potential Role Changes in Enterprise Risk Management in the Fourth Industrial Revolution

8.1

Introduction

In Chapter 2, this book discusses various phases of the industrial revolutions. This book assumes that these industrial revolutions do not necessarily start and stop at certain times. Instead, what often happens is that they tend to be intertwined, complement each other, and become a base model for the next revolution. Therefore, the fourth industrial revolution is complemented by the revolutions it succeeded. The difference, this book argues, is that in the fourth industrial revolution, the speed of breakthroughs owing to machine intelligence (combined with the effects of the digital revolution) is unprecedented. The unprecedented speed, coupled with the changing general operating environment, has an impact on how the enterprise risk management process is undertaken. This will also require a different skill set than the ordinary risk specialists skills, which would have previously been dominated by people from accounting, engineering, or insurance backgrounds (Moloi, 2018). According to Moloi (2015), some of the generic changes in the operating environment factors which complicate the external environment and have implications for how organisations are governed include: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_8

75

76

T. MOLOI AND T. MARWALA

• Major catastrophes that we are experiencing because of climate change; • Stakeholder activism because of the growing stakeholder expectations, and • As the world moves from unipolarity to multipolarity, geopolitical issues become dominant, causing complications. All these emerging areas are significant and deserve individual attention (and possibly require a separate write-up).

8.2 A Recap of the 4IR Activities Taking Place Across the Globe In this section, we briefly summarise a few examples of what is happening in the 4IR world, what countries are doing about 4IR. This is essential for the conceptualisation of the low- and high-road scenarios that are painted in this book. This could also be essential as one contemplates the answers to the question ‘Why would so much emphasis, at national levels, be placed on 4IR technologies?’ This book begins its recap at the horn of Africa. In 2022, Kenya indicated that coding would be introduced to all schools nationwide (The Citizen, 2022). Technology in Kenya focused mostly on financial transactions (Blockchain Technologies). In preparing the infrastructure for 4IR, in March 2021, Safaricom announced its launch of 5G in Kenya. Shortly after that, Airtel announced its launch of 5G in the country. With this move, Kenya became the 2nd country, after South Africa, to launch 5G in Africa. 5G is one of the critical enablers and technologies of 4IR. It brings super-fast connectivity and lower latency. East Africa has been very active in the space. In a bid to become a continental 4IR hub that enables a smart and connected society, Uganda has come up with a National Fourth Industrial Revolution Strategy. Their strategy document employs a three-part framework to set out ‘Uganda’s key Fourth Industrial Revolution opportunities, enablers, and delivery mechanisms.’ In April 2022, Rwanda became the second African country to join the WEF Centre for the Fourth Industrial Revolution (C4IR) network. It launched the C4IR (WEF, 2022). WEF established this global network as a platform for multistakeholder collaborations, bringing together public

8

THE CHANGING OPERATING ENVIRONMENT …

77

and private sectors to maximise technological benefits to society whilst minimising the risks associated with 4IR technologies. In September 2022, the Namibian Task Force finalised its 4IR report (Njavera, 2022). The Task ‘Force’s role included, but was not limited to, conducting a country assessment to determine the readiness of Namibia for the 4IR and making recommendations towards a coherent policy and legislative framework to harness the full potential presented by technologies.’ The president of South Africa appointed the Presidential Commission on the Fourth Industrial Revolution, which proposed eight recommendations (RSA, 2020). One of the recommendations was that South Africa should introduce the Artificial Intelligence Institute, which is hosted by the University of Johannesburg and Tshwane University of Technology. Beyond the African continent, the UAE became the first country to have a ministry of artificial intelligence. In Europe, Britain approved its AI strategy to propel its industries forward, ensuring that its defence is at par with the other superpowers. Germany appears to have penned the term Industry 4.0—smart factories. In broader Europe, there is a continental strategy. The United States and China seem to be leading the fourth industrial revolution race at this stage, if one looks at research and innovation in artificial intelligence (Doshi, 2020). A couple of years ago, China introduced what is called the social credit score. The way the social credit score is explained is that government would use the information of individuals and companies on their credit records, criminal records, and general behaviour. Furthermore, it was reported that the government was also experimenting with cameras, videos, and sensors (Lee, 2020). An example would be that if you were to jump the red traffic light, the cameras will zoom into you, identifying you, and you get demerit points. Because you are demerited, you could struggle to get credit or even be banned from public services. Recently, an interesting article indicated that China had developed an algorithm to check party loyalty (Chadwick, 2022). However, it is not clear how this algorithm works. The recent release of the chatbot ChatGPT by OpenAI demonstrates the advances that the United States continues to make in the fourth industrial revolution. This chatbot is said to be using both supervised and reinforcement learning techniques. According to Browne (2023), GPT stands for Generative Pre-training Transformer.

78

T. MOLOI AND T. MARWALA

Lastly, Japan is the one that seems to be leading the chorus for the fifth iteration—sometimes called the fifth industrial revolution (5IR). The focus is on the harmony between humans and machines (Forbes, 2018). Nel-Sanders (2023) views this harmony as the beginning of the humancentred approach to the development of technologies. It is apparent from the discussions above that a lot of work is being undertaken, from the external context and at national levels, to position each country for competitiveness. This assesses the external context by those charged with risk governance, which is a problematic task if they are not equipped with relevant skills and tools. The world is changing at a fast pace, making the operating environment volatile, full of uncertainties, complexities, and ambiguities. This requires a dynamic approach to how risks are managed.

8.3 Volatility, Uncertainties, Complexity, and Ambiguity As indicated above, those at the coalface of navigating the terrain and delivering the results for enterprises face a difficult task. The task is difficult because of the world that we live in is: • • • •

characterised characterised characterised characterised

by by by by

volatility (it is volatile), uncertainties (it is full of uncertainties), complexities (it is complex), and ambiguity (it is ambiguous).

In the Harvard Business Review (HBR), Bennett and Lemoine (2014) provide directions on how individuals can interpret the VUCA concepts. Table 8.1 delves into the characteristics of the four concepts of VUCA. Now that we know what nations are doing when it comes to 4IR, we know that those navigating the terrain at the top of that governance pyramid have to deliver the performance in a world that is characterised by VUCA. We conceptualise two scenarios, one which is the low-road scenario and the other one, dubbed a high-road scenario. These scenarios heavily rely on the technologies of the fourth industrial revolution discussed in Chapter 3 of this book. They are sometimes called the pillars of the fourth industrial revolution.

8

THE CHANGING OPERATING ENVIRONMENT …

79

Table 8.1 Characteristics of VUCA Category

Characteristic

Volatility

The challenge is unexpected or unstable and may be of unknown duration, but it is not necessarily hard to understand; knowledge about it is often available The events’ basic cause and effect are known despite a lack of other information. Change is possible but not a given The situation has many interconnected parts and variables. Some information is available or can be predicted, but its volume or nature can be overwhelming to process Causal relationships are completely unclear. No precedents exist. In this scenario, those navigating the terrain are in the unknown ’unknown’ zone/ quadrant in the Johari window (Kumar & Makand, 2021)

Uncertainty Complexity

Ambiguity

Source Authors’ conceptualisation; information sourced from Bennett and Lemoine (2014)

We introduced the technologies earlier because they are a distinguisher in our scenarios (low-road and high-road scenarios). In Chapter 2, we described the fourth industrial revolution as blurring boundaries between the physical, digital, and biological worlds. Since the fourth industrial revolution is a revolution of collective technologies, we think it should be defined as ‘a collective force of technologies that delivers intelligence in “machines”.’ From this, the fourth industrial revolution can be seen as an era of intelligence in machines. This brings us to machine intelligence, which could be considered an umbrella term for programming machines inspired by the brain’s functioning. As indicated in Chapter 2, the pillars of the fourth industrial revolution include, amongst other advances in technology, cloud computing, mobile devices, IoT platforms, location detection technologies, advanced human–machine interactions, authentication and fraud detection, 3D printing, intelligent sensors, big data analytics, multilevel customer interactions, customer profiling, and augmented reality. We can observe here that some of these pillars will take the form of robotics, whereas others will take the form of machine learning (Algorithms whose performance improves as they are exposed to more data over time). In addition, some of the pillars above take the form of deep learning. (This is a subset of machine learning in which multilayered neural networks learn from vast amounts of data.)

80

T. MOLOI AND T. MARWALA

Significantly, both machine learning and deep learning rely on data. Intelligent machines or software rely on algorithms that can reason about observed data to make valuable predictions or decisions. Of the two, deep learning is a newer field. It is useful because, in some areas, one may require artificial neural networks (ANNs) (to create better performing models, particularly if one has massive data to feed into the layers of the neural networks), convolution neural networks (CNNs) (which could be very useful in studying pictures—e.g. the computer vision), and natural language processing (NLP), perhaps to deal with natural language, particularly textual data. There are various areas of NLP; some are summarisation (abstractive and extractive summarisation), machine translation (translating text or speech from one language to another— google translate), sentiment analysis (positive, negative, neutral), and speech recognition. We note that there are other high-level uses of NLP. With this understanding of what machines can do with data, both structured and unstructured, we return to our proposition. We indicated that those who lead the navigation of the terrain and deliver the results are at the top of the governance pyramid. How do they make decisions as they navigate the terrain to assist the corporate in providing performance? By relying on information, we can explore this point further—internal and external information. There could be some expectations that the internal information is stable because those at the top of the pyramid think they understand the corporate, and that they understand the dynamics within the corporate, and maybe fairly so because the processes and technology that deliver such information have been reliable (they think it is tried and tested). Even with this, still, how do they know this is the best information available to make an informed decision? Our reader must remember that our thought experimentation has just only considered the internal context—what about the external context? This is where there is an oversimplification of the complexity of these things—the oversimplification stems from the thinking that the corporate will get the best people suitable for the jobs (who would normally chair the audit and risk committee). The universal thinking is that these individuals are specialists in their areas, and they can interpret the information etc. We would propose here that it sounds more like what Malcolm Gladwell wrote about some years in his book, The Outliers. Looking at the emerging literature though the emerging theme we see in treatises such range (Epstein, 2019), Mckinsey Minds (Rasiel & Friga,

8

THE CHANGING OPERATING ENVIRONMENT …

81

2003), Decisions 2.0: the Power of Collective Intelligence (Bonabeau, 2009), collective genius (Hill et al., 2014) is that in the Fourth Industrial Revolution, there is a shift from individualism to collectivism. The keywords in the fourth industrial revolution (4IR) era are collective, intelligence, genius, and range.

8.4

The High- and the Low-Road Scenarios for Enterprises in the Fourth Industrial Revolution Nothing is guaranteed in the volatile, uncertain, complex, and ambiguous world. Because of the volatile nature of the world, information changes regularly, and the changes are complex to comprehend promptly, heightening the degree of uncertainty—even under these conditions, those charged with navigating the terrain have a mandate—to deliver the best performance/results. Because of the complexities and uncertainties in our low-road scenario, corporates do not have sufficient intelligence because universal thinking applies. Given the ecosystem, they cannot read the signals since they have insufficient intelligence to understand the risks on the horizon. In that case, it then follows that they cannot devise on-point ways to nimbly navigate risks that might emerge and derail their strategic success. They are caught in a situation where the basic mandate cannot be delivered—best performance. The ultimate master moves in and removes them (shareholders, institutional investors). At this point, the competition has moved ahead, perhaps some miles ahead. If the ultimate master does not move and remedy the situation, in the world characterised by mergers and acquisitions, their enterprise become a takeover target. The high-road scenario is now accessible for us to understand—it is the opposite of the low-road scenario. Those charged with governance have a deep understanding of the enterprise’s internal and external environment, meaning they have sufficient intelligence to understand the risks on the horizon, given the ecosystem. In that case, it then follows that they can devise on-point ways to nimbly navigate risks that might emerge and derail their strategic success. They can deliver on their basic mandate because the vastness of data or information that needs to be mined, analysed, and used to inform the risks faced by the enterprise, is a function of collective intelligence or collective genius—in this case, man and machine.

82

T. MOLOI AND T. MARWALA

8.5 The Expected Changing Roles in the Enterprise Risk Management Function as a Result of Fourth Industrial Revolution Technologies In the high-road scenario, those charged with navigating the corporate through a world characterised by VUCA have the maturity and an understanding that connected and intelligent technologies in a digitally transforming society (4IR) are critical partners to any leadership (governance structure) in its quest to deliver value and performance. They are pretty much in sync with how these technologies are a potent mechanism to deal with the sheer size of data and information in the VUCA world. Within the leadership collective, they have recruited and strengthened this structure with the necessary skills that are helpful in data analytics. In addition, they have blended the skill set of the structure by introducing scenario planners, behavioural scientists, data scientists, RPA managers, and data architects within enterprise risk decision-making. • Earlier, we indicated that characteristics of volatility are demonstrated by the fact that ‘the challenge would be of unexpected or unstable nature and may be of unknown duration, but it is not necessarily hard to understand; knowledge about it is often available.’ The skill set within the leadership collective in the governance structure navigates through this as it has capabilities of data scientists, data architects, and scenario planners within its ranks. • We further reflected on what characterises uncertainty as the fact that the events’ basic cause and effect would be known despite a lack of other information. On this point, we also indicated that change is possible but not a given. If you look at this characteristic, there is some element of uncertainty; the skill set within the leadership collective in the governance structure navigates through this as it has the capabilities of data scientists and data architects/engineers. They know that a normal supervised ML programme could assist with the missing data (imputations). • On what characterises complexity, we indicated that it is characterised by a situation with many interconnected parts and variables. Some information describing the situation is available or can be predicted, but its volume or nature can be overwhelming to process.

8

THE CHANGING OPERATING ENVIRONMENT …

83

Since the problem here is the sheer size of information, big data analysis tools such as machine learning algorithms become useful. Furthermore, deep learning could become a useful tool for better performance in models, particularly if the data are textual, pictures, etc. The skill set within the leadership collective in the governance structure navigates through this as it has the capabilities and access to deep learners, data scientists, and machine learners, which become valuable resources in this regard. • Finally, on ambiguity, the indication was that it is characterised by causal relationships that are entirely unclear. This is because no precedents exist. We further indicated that in this scenario, the top of the governance pyramid is in the so called ‘unknown-unknown’ zone/ 4th quadrant in the Johari window (Kumar & Makand, 2021). Access to the capabilities of data scientists, data architects/ engineers, and scenario planners is paramount here.

8.6 A Typical Enterprise Risk Management Structure in the Fourth Industrial Revolution Figure 8.1 demonstrates a typical enterprise risk governance structure without considering the fourth industrial revolution technologies. Figure 8.2 demonstrates a typical enterprise risk governance with considerations of the fourth industrial revolution technologies. This figure differs from Fig. 8.1 because of the introduction of scenario planners, behavioural scientists, data scientists, RPA managers, and data architects within enterprise risk decision-making.

8.7

Points to Ponder

• The fourth industrial revolution is typically seen as blurring boundaries between the physical, digital, and biological worlds. However, on the basis that the fourth industrial revolution is a revolution of collective technologies, we think it should be defined as ‘a collective force of technologies that delivers intelligence in machines.’ • Nothing is guaranteed in the volatile, uncertain, complex, and ambiguous world. Because of the volatile nature of the world, information changes regularly, and the changes are complex to comprehend promptly, heightening the degree of uncertainty. To counter

84

T. MOLOI AND T. MARWALA

The Governing Body (GB)

Audit and Risk Committee of the GB

Risk Committee of the GB

Executive Committee

Chief Risk Officer

Organisational

Risk Management Specialist/Managers

Chief Audit Executive

Internal Audit

Departments

Unit

Chief Compliance

Compliance Unit

Officer

Fig. 8.1 A typical enterprise risk governance without the considerations of the fourth industrial revolution technologies (Source Authors’ conceptualization) The Governing Body (GB)

Audit and Risk Committee of the GB

Risk Committee of the GB

Executive Committee

Chief Risk Officer

Chief Audit Executive

Organisational

Risk Management Specialist/Managers,

Departments

Scenario planners, behavioral scientists, data

Internal Audit

scientists, RPA managers, and data architects

Chief Compliance

Unit

Compliance Unit

Officer

Fig. 8.2 A typical enterprise risk governance with considerations of the fourth industrial revolution technologies (Source Authors’ conceptualisation)

8

THE CHANGING OPERATING ENVIRONMENT …

85

this, blending skills, particularly in the enterprise risk management function, becomes important. • Enterprise risk management in the fourth industrial revolution is a function of blended skills. Rather than relying on risk managers and specialists who traditionally come from the insurance, finance, or engineering backgrounds, there will be need to introduce scenario planners, behavioral scientists, data scientists, RPA managers, and data architects within enterprise risk decision-making. • In the case of ambiguity, which is characterised by causal relationships that are completely unclear because no precedents exist, we assert that those charged with governance will be in the so-called ‘unknown-unknown’ zone quadrant of the Johari window.

References Bennett, N., & Lemoine, G. J. (2014). What VUCA Really Means for You. Retrieved 1 December 2022, from https://hbr.org/2014/01/what-vuca-rea lly-means-for-you Browne, R. (2023, February 8). All You Need to Know About ChatGPT, the A.I. Chatbot ‘That’s Got the World Talking and Tech Giants Clashing. Retrieved 11 March 2023, from https://www.cnbc.com/2023/02/08/what-is-chatgptviral-ai-chatbot-at-heart-of-microsoft-google-fight.html Bonabeau, E. (2009). Decisions 2.0: The Power of Collective Intelligence. Retrieved 11 September 2022, from https://sloanreview.mit.edu/article/ decisions-20-the-power-of-collective-intelligence/#:~:text=Collective%20inte lligence%20can%20help%20mitigate,serving%20bias%20and%20belief%20pers everance Chadwick, J. (2022). China Claims to Have Developed an AI That Can Read the Minds of Communist Party Members to Determine How Receptive They Are to ‘Thought Education’ in Since-Deleted Article. Retrieved 4 February 2023, from https://www.dailymail.co.uk/sciencetech/article-10980343/Chi nas-AI-check-loyalty-party-members.html Doshi, R. (2020). The United States, China, and the Contest for the Fourth Industrial Revolution. Retrieved 16 March 2023, form https://www.brooki ngs.edu/testimonies/the-united-states-china-and-the-contest-for-the-fourthindustrial-revolution/ Forbes. (2018, May 21). The Next Revolution Is Rising in Japan. Retrieved 11 March 2023, from https://www.forbes.com/sites/japan/2018/05/21/thenext-industrial-revolution-is-rising-in-japan/?sh=4e6b248a3034

86

T. MOLOI AND T. MARWALA

Epstein, D. (2019). Range: How Generalists Triumph in a Specialized World. Pan Macmillan. Hill, L. A., Brandeau, G., Truelove, E., & Lineback, K. (2014). Collective Genius: The Art and Practice of Leading Innovation. Harvard Business Review Press. Kumar, A., & Makand, M. (2021). Introduction to Applied Psychology. The Readers Paradise. Lee, A. (2020). What Is China’s Social Credit System and Why Is It Controversial? Retrieved 19 March 2023, from https://www.scmp.com/economy/ china-economy/article/3096090/what-chinas-social-credit-system-and-whyit-controversial Moloi, T. (2015). Critical Analysis of Audit Committee Reporting in National Government Departments: The Case of South Africa. International Review of Public Administration, 13, 67–86. Moloi, T. (2018). Analysing the Human Capital Capabilities in the Enterprise Risk Management Function of South Africa’s Public Institutions. Business and Economic Horizons, 14(2), 375–388. Nel-Sanders, D. (2023). Revolutionising Public Private Partnerships: A Transition to the Fifth Industrial Revolution. International Journal of Innovation in Management, Economics and Social Sciences, 3(1), 12–29. https://doi.org/ 10.52547/ijimes.3.1.12 Njavera, M. (2022). National Policy Changes Needed to Harness 4IR. Retrieved 30 October 2022, from https://neweralive.na/os/posts/national-policy-cha nges-needed-to-harness-4ir Rasiel, E. M., & Friga, P. N. (2003). The McKinsey Mind: Understanding and Implementing the Problem-Solving Tools and Management Techniques of the World’s Top Strategic Consulting. McGraw Hill. RSA. (2020). Report of the Presidential Commission on the 4th Industrial Revolution. Retrieved 19 March 2023, from https://www.gov.za/sites/default/ files/gcis_document/202010/43834gen591.pdf The Citizen. (2022). Kenya’s New Curriculum to Teach Coding in Primary and Secondary School. Retrieved 19 December 2022, from https://www. thecitizen.co.tz/tanzania/news/east-africa-news/kenya-s-new-curriculum-toteach-coding-in-primary-and-secondary-schools-3789706 WEF. (2022). Rwanda Launches Centre for Fourth Industrial Revolution, Joins Global Network. Retrieved 19 November 2022, from https://www.wef orum.org/press/2022/03/rwanda-launches-centre-for-fourth-industrial-rev olution-joins-global-network/

CHAPTER 9

Synopsis of the Enterprise Risk Management in the Fourth Industrial Revolution

9.1

A Recap of Discussions in Chapter 2

Following the discussion in the chapter, it was accepted that the fourth industrial revolution is essentially a series of significant shifts in how economic, political, and social value is created, exchanged, and distributed. The advantage of the fourth industrial revolution is in the integration of technologies such as big data analytical tools, cloud computing, and other emerging technologies into global manufacturing supply chains. Other key technologies of the fourth industrial revolution include artificial intelligence, robotics, the Internet of Things (IoT), 3D printing, genetic engineering, and quantum computing. What was noted in the chapter is that a lot of countries have moved quicker to develop national 4IR strategies to take advantage of advances in technologies. The two leading countries are the People’s Republic of China (PRC) and the United States of America (USA). The PRC and the US appear to be following two distinct approaches to 4IR, which could be broadly categorised as a market led approach and a state backed approach. The PRC does not look at 4IR as having to do only with competition between companies, but seems to have a geopolitical approach to this; for instance, it sees it as a catalyst which will determine the country that will lead the next revolution.

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2_9

87

88

T. MOLOI AND T. MARWALA

The chapter noted that the United States seems to have some advantages over the PRC when it comes to the fourth industrial revolution but for how long this advantage will persist remains a subject for further research. There are, however, concerns in Washington that the United States’ resilience, competitiveness, and security have weakened. To tame the weaknesses, and to ensure the United States is to remain a leader in this revolution, suggestions are that organisational and institutional structures need to be adjusted. One of the key advantages that the United States has in the fourth industrial revolution continues to be its huge culture of entrepreneurship.

9.2

A Recap of Discussions in Chapter 3

As the book delved deeper, it emerged that more than 250 emerging technologies have been identified by researchers in the fourth industrial revolution space. Specifically, the book noted that literature points out that the main fourth industrial revolution technologies revolve around 3D printing, the Internet of things (IoT), Artificial intelligence (AI), Big data analytics tools, Cloud computing, Machine learning, Robotics and autonomous robots, Quantum computing, Biotechnology, Advanced materials such as graphene, Blockchain technologies, Augmented reality and Virtual reality, System integration, Cyber security, Simulation, and Digital twin. In the discussions, the greatest advantage identified in the fourth industrial revolution is the ability of these technologies to reinforce each other and their integration/ interconnectedness. For the purposes of the treatise, technologies deemed to be crucial in the enterprise risk management process include supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics. The reinforcement and the ability to integrate are thought to have potential to improve the enterprise risk management process, making decision-making far much quicker, enhanced, and more informed for the stakeholders in the risk management process. Robotics process automation was indicated as perhaps the most understood tool or software in the business environment (risk management). We are of the view that in the business environment, there are many repetitive tasks that employees perform. The emergence of robotic process

9

SYNOPSIS OF THE ENTERPRISE RISK MANAGEMENT …

89

automation has mostly been useful in carrying out such manual and repetitive tasks, which would have been identified as time-consuming, and a source of risk since human beings could get bored whilst doing them. It was indicated that supervised learning methods, unsupervised learning methods, semi-supervised learning methods, and the reinforcement learning methods all have an important role in data analysis in the enterprise risk management setting. Authors were of the view that the ability of using natural language processing techniques to classify text, analyse sentiments, recognise the named entity, summarise text and model topics, stem and lemmatise textual data, makes natural language processing an important aspect of enterprise risk management process in the fourth industrial revolution. The treatise concluded that big data analytics has potential for being a crucial tool in strategic risk assessments in particular, as executive management assessed data to have hindsight, insight, and foresight. Big data analytics would be useful in generating predictive analytics for the purposes of forecasting (foresight) as well as understanding essential dimensions such as trends, patterns, and relationships within data (hindsight and insight). In enterprise risk management, the user has an interactive experience of the real world. Augmented reality could be crucial, as a computer could be used to enhance or modify the risk manager’s experience of objects, which allows the user to simulate the real world.

9.3

A Recap of Discussions in Chapter 4

Chapter 4 introduced the the concept of enterprise risk management. Enterprise risk management is a holistic approach towards managing organisational risks. It differs from the old way of managing risks in silos, which experienced a challenge regarding integrating risks and optimal resource allocation to manage and mitigate risks. The move towards enterprise risk management was, to an extent extent, spearheaded by the changes in the world, which has become more volatile, full of uncertainties, complexities, and ambiguous (VUCA). The chapter observed that in the VUCA world, enterprises could not continue on a business as usual basis, as they began to face other types of risks such as operational, strategic, and reputational risk. As such, ERM evolved to encompass a broader range of risks. This required a more integrated approach that involved collaboration between different

90

T. MOLOI AND T. MARWALA

departments and stakeholders, and a deeper understanding of the interconnectedness of risks.

9.4

A Recap of Discussions in Chapter 5

Following the discussions in the chapter, the definition of a stakeholder in a risk management setting emerged. A stakeholder in a risk management setting is a risk management role player. This treatise described two types of stakeholder in a risk management setting, namely internal stakeholders and external stakeholders. Internal stakeholders are those stakeholders with a role in processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things which all impact the manner in which the risk information flows from the source to the integration stage. External stakeholders would be those stakeholders which the enterprise interacts with in the environment in which it operates. Since the risk management field relies on information, the chapter proposed that to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, any person would need to have information about that particular risk. The information within the risk management setting is subject to three types of complexities, inclusive of those caused by architectural nature of the organisation, those emanate from internal dynamics of the organisation, and those resulting from external shocks such as political, economic, and natural factors. Owing to the differences in enterprise-wide risk management policies, the manner in which things are done would differ from one enterprise to the next. In some enterprises, the risk information will either take the bottom-up approach or the top-down approach. In the bottom-up approach, the risks are identified, analysed, and rated, and mitigations are defined using a bottom-up approach. This means that the information moves from the bottom echelons up to the top echelons of the enterprise. In the top-down approach, the risks are identified, analysed, and rated, and mitigations are defined using a top-down approach. This means that the information flows from the top echelons of the enterprise down to the lower echelons. Essentially, the top-down approach should be viewed as the opposite of the bottom-up approach. The chapter further argued that both the the top-down and the bottom-up approaches present gaps when it comes to the information flow. We then introduced the hybrid model, which we present as an ideal

9

SYNOPSIS OF THE ENTERPRISE RISK MANAGEMENT …

91

tool. The hybrid tool closes the potential risk information leaks in both the strategic and operational gaps. The challenge of the hybrid approach lies with the complexities caused by various divisional processes. Whilst the sheer size of information that would need to be analysed would address the comprehensiveness and the leaks, this approach has downsides too. It could impact the accuracy and speed of decision-making. Technologies of the fourth industrial revolution such as those discussed in Chapter three thus become crucial in addressing the accuracy and speed concerns.

9.5

A Recap of Discussions in Chapter 6

This chapter proposed that the risk management field could be argued as heavily relying on information. For instance, for any person to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk. In this treatise, we propose three types of complexities. These include those brought about by the architectural nature of the organisation, those that result from internal dynamics of the organisation, and those resulting from external shocks such as political, economic, and natural factors. In the literature, the chapter identified nine generic steps that are involved in the information processing. They include acquiring information, inputting information, validating information, manipulating information, storing information, outputting information, communicating information, retrieving information, and disposing information. The nine generic steps are thought to be inconsistent with the enterprise as envisioned in the fourth industrial revolution. This treatise proposed seven generic steps involved in the generic information processing in the enterprise risk management setting, and they include acquisition of information from inside and outside the enterprise, preparation of information, exploration of information, categorisation of information, determination of the meaning of information per category, integration of categorised information, and utilisation of information to make predictions or gain foresight. For an enterprise to be in a position to acquire information from inside and outside the enterprise, prepare this information, explore and determine its meaning, categorise the information, determine the meaning of information per category, integrate the categorised information, and then utilise the information to make predictions or gain foresight, it is

92

T. MOLOI AND T. MARWALA

argued that it must first develop capabilities which will allow it to leverage technologies such as supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics.

9.6

A Recap of Discussions in Chapter 7

In describing what enterprise risk management would look like in the fourth industrial revolution, it was concluded that this process would take the form of a hybrid approach where information is collected in a hybrid manner, rather than either the bottom-up or top-down approach. It was, however, argued that the hybrid approach addresses the information leaks but it will be prone to complexities, and could lead to delays. In other words, it should still be seen as an enhancement of the traditional approach. As data become comprehensive and complex, the traditional enterprise risk management process would not be helpful in terms of speed, power, and accuracy. The enterprise risk management in the fourth industrial revolution would thus adopt the big data analytics tools. What are these big data analytical tools? Big data analytical tools could be machine learning algorithms. These tools can be utilised to deal with the comprehensiveness and complexity of information. The strength of machine learning is in discovery. Another advantage of machine learning is its ability to find valuable underlying patterns within complex data, which will be a tough task for traditional enterprise risk management, which heavily relies on human agents, who are prone to boredom and loss of concentration. On its own, this could result in the process being plagued with errors. What forms do data take? It is important to understand that data may mean structured, semi-structured, or unstructured data. Some of the risk data emerging from the hybrid approach could contain a lot of textual information. We believe that natural language processing would have an important role to play. Enterprise risk management in the fourth industrial revolution would deploy various techniques of natural language processing such as text classification, sentiment analysis, named entity recognition, summarisation, topic modelling, stemming, and lemmatisation. In discussing various complexities within an enterprise, it was indicated that one of the complexities related to enterprise architecture. If, for an example, an enterprise has divisions, then these different divisions

9

SYNOPSIS OF THE ENTERPRISE RISK MANAGEMENT …

93

could have different processes that they follow. Different divisions of the enterprise could have different processes that are deployed. A human aggregator may miss the crucial information emerging from some of these processes. Enterprise risk management in the fourth industrial revolution would utilise robotic process automation, an important step to address the problem of repetitive tasks.

9.7

A Recap of Discussions in Chapter 8

Chapter 8 mapped out the potential changes in enterprise risk management in the fourth industrial revolution to capture the broader information and analyse it to gain hindsights, insights, and foresights. Furthermore, this chapter explored the combination of skills needed in the enterprise risk management function. Given that nothing is guaranteed in the volatile, uncertain, complex, and ambiguous world, this chapter proposed a structure of risk governance in the fourth industrial revolution. The proposed structure contains new roles that are necessary to manage enterprise-wide risk in an enterprise. The chapter asserted that enterprise risk management in the fourth industrial revolution is a function of blended skills. Rather than relying on risk managers and specialists who traditionally come from the insurance, finance, or engineering backgrounds, there is need for introducing scenario planners, behavioural scientists, data scientists, RPA managers, and data architects in enterprise risk decision-making.

9.8

Final Analysis and Conclusion

Enterprise risk management in the fourth industrial revolution should be looked at in the context of Janus/Ianus who was considered to be a Roman god. The depiction of Janus/Ianus is typically symbolised by faces. The first face is supposedly a reflection of the start of actions and beginnings, whereas the second face is supposedly a reflection of change and transition. Change and transition could be thought of as a representation of time. In this regard, because of the capabilities in the fourth industrial revolution technologies that can combine the internal and external context, enterprise risk management in the fourth industrial revolution allows the enterprise to see into the past with one face and into the future with the

94

T. MOLOI AND T. MARWALA

other. This means that the capabilities of the fourth industrial revolution technologies are critical for the enterprise to gain hindsight, insight, and foresight from information. In other words, enterprise risk management in the fourth industrial revolution allows the enterprise to have side mirrors, a rear mirror, and the windshield. These are crucial in a world that is characterised by ambidextrous enterprises. Ambidextrous enterprises are enterprises constantly strive to find new ways to innovate, stay ahead of their competitors, and meet the rapidly changing demands of the market. An absence of enterprise risk management powered by the fourth industrial revolution technologies would deny the enterprises an opportunity to be ambidextrous.

9.9 Summary of Points to Ponder on Enterprise Risk Management in the Fourth Industrial Revolution • Almost all definitions of a revolution refer to an uprising of people against the ruling class, an overthrow of a ruling class or a replacement of a political order. • In this treatise, we infer that revolution refers to a fundamental change in the industrial sector caused by technological advances. • Existing literature demonstrates that the four industrial revolutions were different. However, each revolution has tended to build from the previous industrial revolution. • Technology has been a critical feature in the industrial revolutions. Each time technology advances, production increases, leading to price reductions. • The rise of the People’s Republic of China (PRC) has been one of the critical stories of the third and fourth industrial revolutions. The PRC did not seem to feature in both the first and the second industrial revolutions. • 4IR and Industry 4.0 do not refer to the same thing. 4IR can be seen as a broader term of the two, not necessarily concerned about one industry and one technology, but the economic and political system, and the technology integration to create, exchange, and distribute value.

9

SYNOPSIS OF THE ENTERPRISE RISK MANAGEMENT …

95

• A lot of countries have moved quicker to develop national 4IR strategies to take advantage of advances in technologies. The two leading countries are the PRC and the USA. • The PRC and the USA appear to be following two distinct approaches to 4IR, which could be broadly categorised as a market led approach and a state backed approach. • The PRC does not look at 4IR as having to do only with competition between companies, but seems to have a geopolitical approach to this. For instance, it sees it as a catalysts which will determine the country that will lead the next revolution. • The USA continues to have advantages over the PRC when it comes to the fourth industrial revolution. • There are concerns in Washington that the USA’s resilience, competitivenes, and security have weakened. To tame the weaknesses, and to ensure that the USA is a leader in the next revolution, organisational and institutional structures will need to be adjusted. • One of the key advantages for the USA is its huge culture of entrepreneurship. • Of interest is the policy positions of both the USA and the PRC when it comes to the fourth industrial revolution. The policies emphasise artificial intelligence and data. • There are more than 250 emerging technologies which researchers in the fourth industrial revolution space have since identified. The main ones are 3D printing, Internet of things (IoT), Artificial intelligence (AI), Big data analytics tools, Cloud computing, Machine learning, Robotics and autonomous robots, Quantum computing, Biotechnology, Advanced materials such as graphene, Blockchain technologies, Augmented reality and Virtual reality, System integration, Cyber security, Simulation, and Digital twin. • The greatest advantages of the fourth industrial revolution are the ability of technologies to reinforce each other, and their integration/ interconnectedness. • For the purposes of the treatise, technologies deemed to be crucial in the enterprise risk management process include supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics.

96

T. MOLOI AND T. MARWALA

• Reinforcement and the ability to integrate are believed to have the potential of improving the enterprise risk management process, making the decision-making far much quicker, enhanced, and more informed for stakeholders in the enterprise risk management process. • Supervised learning methods, unsupervised learning methods, semisupervised learning methods, or the reinforcement learning methods play key roles in the enterprise risk management setting. • The ability to use natural language processing techniques to classify text, analyse sentiments, recognise the named entity, summarise text and model topics, stem and lemmatise textual data, makes natural language processing an important aspect of the enterprise risk management process in the fourth industrial revolution. • Robotics process automation is perhaps the most understood tool or software in the business environment (risk management). We are of the view that in the business environment, there are many repetitive tasks that employees perform. The emergence of robotic process automation has mostly been useful in carrying out such manual and repetitive tasks. These have been identified as time-consuming, and a source of risk as human beings could get bored whilst doing them. • Big data analytics has a potential for being a crucial tool in strategic risk assessments in particular, as executive management assess data to have hindsight, insight, and foresight. Big data analytics would be useful in generating predictive analytics for the purposes of forecasting (foresight) as well as understanding essential dimensions such as trends, patterns, and relationships within data (hindsight and insight). • In enterprise risk management, the user has an interactive experience of the real world. Augmented reality could be crucial as a computer could be used to enhance or modify the risk manager’s experience of objects, which allows the user to simulate the real world. • Whilst there are many frameworks that explain the concept of ERM, there are two which have become more popular, namely the COSO and ISO 31000 frameworks. • The COSO framework has gone through various stages of development. One of the reasons for revisions was that corporations were implementing ERM separately from the strategic planning process. • The revised COSO framework gives tools to help organisations envision how strategic planning aligns with risk appetite and risk capacity.

9

SYNOPSIS OF THE ENTERPRISE RISK MANAGEMENT …

97

• ISO 31000 is designed to be a flexible standard. The framework emphasises the need for a systematic approach to risk management, including the identification and assessment of risks, the implementation of controls, and ongoing monitoring and review. • We define a stakeholder in a risk management setting as a risk management role player. There are two types of stakeholder in a risk management setting, namely internal stakeholders and external stakeholders. • Internal stakeholders are those stakeholders with a role in processes, procedures, policies, number of divisions, the reporting lines, value system, corporate culture, management style, and technology amongst other things, all which impact the manner in which the risk information flows from the source to the integration stage. External stakeholders would be those stakeholders with which the enterprise interacts in the environment in which it operates. • It is reiterated that the risk management field relies heavily on information. For any person to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk. • The information within the risk management setting is subject to three types of complexity, namely those caused by the architectural nature of the organisation, those that are triggered by internal dynamics of the organisation, and those resulting from external shocks such as political, economic, and natural factors. • Because of the differences in enterprise-wide risk management policies, the manner in which things are done would differ from one enterprise to the next. In some enterprises, the risk information will take the bottom-up approach, and in others it will take the top-down approach. • In the bottom-up approach, the risks are identified, analysed, and rated, and mitigations are defined using the bottom-up approach. This means that the information moves from the bottom echelons to the top echelons of the enterprise. • In the top-down approach, the risks are identified, analysed, and rated, and mitigations are defined using a top-down approach. This means that the information moves from the top echelons to the lower echelons of the enterprise. Essentially, the top-down approach should be viewed as the opposite of the bottom-up approach.

98

T. MOLOI AND T. MARWALA

• We argue that both the top-down and the bottom-up approaches present gaps when it comes to the information flow. We introduce the hybrid model, which we argue to be an ideal tool. The hybrid tool closes the potential risk information leaks in both the strategic and operational gaps. • The challenge of the hybrid approach lies in the complexities brought about by various divisional processes. The sheer size of information that would need to be analysed would address the comprehensiveness and the the leaks, but this has downsides too. For instance, it could impact the accuracy and speed of decisionmaking. Technologies of the fourth industrial revolution such as those discussed in Chapter three become crucial in addressing the accuracy and speed. • The risk management field could be argued to be a field that relies on information. For any person to be in a position to identify, assess, and treat the risk, as well as monitor and report on the risk, they would need to have information about that particular risk. • Literature indicates that there are nine generic steps that are involved in the information processing, namely acquiring information, inputting information, validating information, manipulating information, storing information, outputing information, communicating information, retrieving information, and disposing information. • This treatise proposes seven generic steps involved in generic information processing in the enterprise risk management setting, and these include acquisition of information from inside and outside the enterprise, preparation of information, exploration of information, categorisation of information, determination of the meaning of information per category, integration of categorised information, and utilisation of information to make predictions or gain foresight. • Enterprise risk management in the fourth industrial revolution would consist of the hybrid approach, in which information is collected in a hybrid manner rather than in the bottom-up or top-down approach. • The hybrid approach addresses the information leaks, but it is prone to complexities, and this could lead to delays. In other words, it should still be seen as an enhancement of the traditional approach. As data become comprehensive and complex, the traditional enterprise risk management process would not be helpful in terms of

9

•

•

•

•

SYNOPSIS OF THE ENTERPRISE RISK MANAGEMENT …

99

speed, power, and accuracy. Enterprise risk management in the fourth industrial revolution would, thus, adopt big data analytics tools. Big data analytical tools could be machine learning algorithms. These tools can be utilised to deal with the comprehensiveness and complexity of information. The strength of machine learning is in discovery. Another advantage of machine learning is its ability to find valuable underlying patterns within complex data, which would be a difficult task for traditional enterprise risk management, which heavily relies on human agents. Human agents are prone to boredom and loss of concentration, which on its own could result in the process being plagued with errors. Data may mean structured, semi-structured, and unstructured data. Some of the risk data emerging from the hybrid approach could contain a lot of textual information. We believe that natural language processing would have an important role to play. Enterprise risk management in the fourth industrial revolution would deploy various techniques of natural language processing such as text classification, sentiments analysis, named entity recognition, summarisation, topic modelling, stemming, and lemmatisation. One of the major complexities within an enterprise is enterprise processes. Different divisions of the enterprise could deploy different processes. A human aggregator may miss crucial information emerging from some of these processes. Enterprise risk management in the fourth industrial revolution would utilise robotic process automation. The adoption of robotic process automation would also be an important step to address the challenge of repetitive tasks. If an enterprise is to be in a position to acquire information from inside and outside the enterprise, be in a position to prepare this information, explore and determine its meaning, categorise the information, determine the meaning of information per category, integrate the categorised information, and the utilise the information to make predictions or gain foresight, it is argued that it must first develop capabilities which will allow it to leverage technologies such as supervised, unsupervised, semi-supervised, and reinforcement machine learning, natural language processing, robotic process automation, augmented reality/simulation, and big data analytics.

100

T. MOLOI AND T. MARWALA

• The fourth industrial revolution is typically seen as blurring boundaries between the physical, digital, and biological worlds. However, the basis of the fourth industrial revolution is a revolution of collective technologies, and we think it should thus be defined as ‘a collective force of technologies that delivers intelligence in machines.’ • Nothing is guaranteed in the volatile, uncertain, complex, and ambiguous world. Because of the volatile nature of the world, information changes regularly, and the changes are complex to comprehend promptly, heightening the degree of uncertainty. To counter this, blending skills, particularly in the enterprise risk management function, becomes important. • Enterprise risk management in the fourth industrial revolution is a function of blended skills. Rather than relying on risk managers and specialists who traditionally come from the insurance, finance, or engineering backgrounds, there will be need to introduce scenario planners, behavioral scientists, data scientists, RPA managers, and data architects within enterprise risk decision-making. • In the case of ambiguity, which is characterised by causal relationships that are completely unclear because no precedent exist that the risk leadership could take guidance from.

Index

A artificial intelligence (AI), 5, 6, 13, 14, 17, 18, 22–25, 27, 30, 77, 87, 88, 95

B Bard, 24, 25 big data (BD), 13, 14, 22–24, 29–31, 63, 64, 66, 69, 73, 79, 83, 87–89, 92, 95, 96, 99 blockchain, 5, 13, 14, 22, 23, 30, 88, 95 bottom-up, 51–54, 57, 68, 73, 90, 92, 97, 98 business, 5, 12–14, 25, 28, 30, 35–40, 44, 45, 88, 89, 96 business-as-usual (BAU), 67 business segment, 14

C capabilities, 8, 9, 15, 61, 63–66, 82, 83, 92–94, 99 catastrophes, 76

chief risk officer (CRO), 2, 40 cloud computing, 13, 14, 22–24, 30, 79, 87, 88, 95 complexity, 12, 35, 36, 44, 50, 51, 57, 59, 60, 64, 65, 70, 73, 78–80, 82, 92, 97, 99

D decision management, 50, 53 digital twin, 23, 30, 88, 95

E enterprise architecture, 61–63 enterprise risk management (ERM), 2, 3, 6–9, 29–31, 35, 36, 38–44, 50–53, 55, 56, 61–65, 67–73, 75, 83, 85, 89, 91–94, 96, 98–100 external shocks, 51, 57, 60–63, 65, 68, 90, 91, 97 external stakeholders, 49–51, 55, 56, 67–69, 90, 97

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 T. Moloi and T. Marwala, Enterprise Risk Management in the Fourth Industrial Revolution, https://doi.org/10.1007/978-981-99-6307-2

101

102

INDEX

F first industrial revolution, 3, 4, 12 foresight, 3, 8, 9, 29, 31, 63, 64, 66, 69, 89, 91, 93, 94, 96, 98, 99 fourth industrial revolution (4IR), 1–3, 5, 6, 8–11, 13–18, 21–24, 30, 55, 57, 64, 69–73, 75–79, 81, 83–85, 87–89, 91–96, 98–100 frameworks, 2, 7, 35, 36, 38, 42–46, 61, 76, 77, 96, 97

G generic steps, 62, 65, 91, 98 geopolitics, 17, 76, 87, 95 Google, 24, 25, 80 GPT, 25, 77

H hindsight, 3, 8, 9, 29, 31, 64, 69, 89, 93, 94, 96 hybrid approach, 54, 55, 57, 69, 70, 73, 91, 92, 98, 99

I industrial revolutions, 3, 5, 8–10, 13, 17, 75, 94 industry 4.0, 11, 17, 21, 77, 94 information flows, 49, 52–54, 56, 57, 59, 68, 69, 90, 97, 98 information processing, 9, 61–63, 65, 91, 98 insights, 3, 8, 9, 28, 71, 93 internal dynamic, 51, 57, 64, 68, 90, 91, 97 internal stakeholder, 49–52, 56, 67, 69, 90, 97

L Language Model for Dialogue Applications (LaMDA), 24 lemmatisation, 28, 71, 73, 92, 99 M machine learning (ML), 13, 22–26, 30, 63, 66, 70, 73, 79, 80, 83, 88, 92, 95, 99 multipolar, 76 N named entity recognition, 28, 71, 73, 92, 99 natural language processing (NLP), 24, 25, 27, 30, 63, 64, 66, 70, 73, 80, 88, 89, 92, 95, 96, 99 new approaches, 68 O openAI, 24, 25, 77 operating environment, 75, 78 operational gap exposure, 53, 54 P People’s Republic of China (PRC), 10, 15–18, 87, 88, 94, 95 process automation, 30, 71, 88, 96 Q quantum computing, 13, 14, 22–24, 30, 87, 88, 95 R reinforcement learning, 26, 27, 30, 64, 77, 89, 96 robotic process automation (RPA), 14, 24, 25, 28–30, 63, 66, 71,

INDEX

73, 82, 83, 85, 88, 89, 92, 93, 95, 96, 99, 100 robotics, 5, 13, 22–24, 30, 79, 87, 88, 95, 96 S second industrial revolution, 3, 4, 10, 12, 94 semi-supervised, 26, 27, 30, 63, 66, 88, 89, 92, 95, 96, 99 sentiments analysis, 99 simulation, 23, 24, 29, 30, 63, 66, 88, 92, 95, 99 stakeholder, 6–9, 13, 30, 36, 38, 41, 42, 49–51, 55, 56, 67–69, 76, 88, 90, 96, 97 stakeholder activism, 76 stemming, 28, 71, 73, 92, 99 strategic gap exposure, 68 summarisation, 28, 71, 73, 80, 92, 99 T text classification, 28, 70, 73, 92, 99 third industrial revolution (3IR), 3, 5, 12, 14

103

top-down, 51–54, 57, 68, 69, 73, 90, 92, 97, 98 topic modelling, 28, 71, 73, 92, 99 traditional risk management (TRM), 36, 38–40, 50

U uncertainty, 35, 79, 81–83, 100 United States (US), 16, 43, 77, 87, 88 unsupervised learning, 27, 30, 63, 89, 96

V virtual reality, 23, 24, 30, 88, 95 Volatile, full of uncertainties, complexities, and ambiguities (VUCA), 67, 78, 79, 82, 89 volatility, 35, 78, 79, 82

W World Economic Forum (WEF), 13, 14, 23, 24, 35, 76