Managing the Digital Risks of New Business Models

As industries continue to converge and companies adopt new business models to compete, digital risks are becoming a rising concern for the C-suite and boards. To address the most significant digital risk-created by business model disruption by competitors-it is critical to examine whether the core strategy itself remains sufficient in the face of new technologies and as nontraditional competitors enter the marketplace, according to William (Bill) Ribaudo, managing partner of Deloitte Risk and Financial Advisory’s Digital Risk Venture Portfolio, Deloitte & Touche LLP. A member of Deloitte’s US CFO Program leadership team, Mr. Ribaudo discusses why organizations should reassess their business models to understand their digital maturity, and what steps can be deployed to address the strategic risks that come with today’s increasingly ubiquitous digital technologies.

Q: How do you define digital risk?

Bill Ribaudo: An organization’s digital risk will vary depending on how it incorporates technology into the core of its business model. In the last decade, many organizations have applied digital applications and features to their businesses with various degrees of success. For example, some more traditional organizations applied digital technologies using a bolt-on approach through acquisition, without integrating them into the core business model. But rather than merely add new technologies, they should have considered making a more connected and fundamental shift in the business model itself. By taking a piecemeal approach, these organizations may have increased the associated digital risks. That’s not to say companies need to be fully digital to survive. Rather, they need to find the right mix of physical and digital assets, a strategy that is still elusive to many.

Based on our research, shareholders place a higher value, measured as a multiple of revenue, on more digitally enabled companies. CEOs, particularly those of more traditional companies, are growing aware of the need to invest in digital operations and infrastructure. And the way they make that transformation is critical to their future competitive success, and managing the risks they will face.

So when we talk about digital risk, it’s important to first look at how organizations are applying digital. Generally, they fall into one of two broad categories: they either use digital in the business or they use digital as the business, and the difference is significant for their risk profiles. Digital in the business refers to those organizations that are adapting digital applications to their existing physical businesses. A large retailer using digital technology for their point of sale (POS) system is an example. If the POS system goes down, customers can continue to make some purchases, such as with cash and check, and the retailer can still conduct business.

In contrast, digital as the business refers to companies in which digital is the way they transact, such as an online e-hailing ride service. In this case, if there’s disruption in internet connectivity, it cannot conduct business; and typically as a result, business with customers stops. So the digital risks in this business model are dramatically different than a business that uses technology in the business, and the risks likely will have a more significant impact on the business.

Q: How does digital risk differ from more traditional types of risk that organizations face?

Bill Ribaudo: What is different is the speed of impact. If you analyze how those risks play out within a business, they work through three traditional risk management channels-strategic risk, operational risk, and governance risk.

Strategic digital risk is the fundamental threat now faced by many companies that have not successfully incorporated a digital framework into their business model. Companies may do a solid job executing operationally focused strategies, but if they don’t progress toward business models that balance physical and digital capabilities, they increase the risk of being disintermediated and losing direct interactions with their customers.

Operational digital risk derives from not implementing today’s IT applications to do things better, faster, cheaper, and it mostly impacts productivity and efficiency. For example, if a company adopts new IT associated with robotic process automation (RPA) or blockchain, merely to automate existing processes or steps without changing the fundamentals of the company’s business model, this can create digital risks to operations.

The third area, governance digital risk, is an outcome or result of both strategic and operational strategy. Management has the responsibility to ensure that all the digital technologies employed, whether strategic (think business model) or operational (as in better, faster, cheaper) are fulfilling the goals set and that new risks are addressed. One step in that process would be to inventory and manage the many different RPA applications installed and ask: “Do we have bots that are talking to bots that are talking to other bots, and do we know all the linkages to our legacy systems?” Imagine the risks that can arise when you have 100 RPA projects happening at once, feeding off of 80 different systems. Someone needs to be looking at that inventory of risks across all business units.

Q: What are some considerations and strategic risks when transforming to a digital business model?

Bill Ribaudo: Understand that the purpose of transforming to digital falls under the category of using today’s latest technology to serve customers better than your competitors. The challenge for management and boards is that the speed of technological advancement has accelerated beyond their knowledge and capability, and as a result they are likely not investing as needed to stay ahead. That opens the door to new competitors who can enter their space and create disintermediation and, therefore, strategic risks.

To deal with these realities, executives can consider five broad steps: First, start with a clear understanding of the company’s current business model and be prepared to shift your mental model about understanding where value comes from and what shareholders are now valuing. The next step is to create a “market-based balance sheet” that reflects market-based valuations and identifies any implied intangible assets. Leveraged or monetized intangible assets, such as customer connection, customer information, operating data, etc., are more valued in the digital economy. It’s these assets that can become the building blocks of a new business model.

The third and fourth steps entail developing new business models based on those intangible assets, and creating a plan to reallocate capital to leverage those assets. Based on our research, new business models can be valued using a revenue multiplier applied to a certain type of business model-asset-based, service-based, IP-based, or network-based.

The last step involves establishing ways to measure and manage these new models, including new sets of key performance indicators (KPIs). New business models require new KPIs, and as the saying goes: “People manage and respect what you measure.”

Q: Why might some organizations hesitate to embrace digital?

Bill Ribaudo: With respect to digital in the business, we are not seeing hesitation. This, I believe, is because management is generally comfortable employing operational technologies-better, faster, cheaper-to improve operations. However, when it comes to strategically changing business models, management has, at times, had a hard time making the transition. Typically, traditional companies have leaders who have not grown up in the digital age and, as a result, many of these companies and their leaders may not have the familiarity or comfort to venture into this unknown space.

For companies to make the leap, they also need to get the entire leadership team to buy into the new direction and ensure the board is supportive, too. This alignment alone is difficult for many organizations to achieve and why often times companies fail, when others are better able to manage change more successfully.

Another obstacle is reallocating capital from supporting the historical business to investing in new digital areas, where digital means in the business, at the same timethat current investors want the organization to keep doing what it has been doing. Changing strategies often involves shifting groups of investors and there can be a market penalty for doing so. In the end, investors pay for the promise of growth, and if the new strategy is not communicated effectively, or shareholders are not convinced of the benefit, there can be much risk-related turbulence.

Q: What are the roles of the CFO and CRO in managing the risks that come with shifting to business models that embed digital?

Bill Ribaudo: The CFO has a pivotal role in being what I call the great translator as a company embarks on a digital business model transformation. The CFO needs to work closely with operating management and be able to explain the financial implications of different strategies. How will the market and investors react to strategy A versus strategy B? Understanding that requires financial modeling, scenario planning and buy-in from the board. It’s also essential to understand and convey the cost and risks of standing still and doing nothing. For the CFO and CRO, it is critical to anticipate, assess, and monitor this new risk frontier triggered by new digital business models.