Digital trust and the smart factory: Guarding the gates and opening the frontier

November 17, 2017

By Bill Hull

Open your browser, search for industrial products (IP) , and you’ll see image after image of gears, fittings, and heavy machinery – the go-to visual shorthand for heavy manufacturing. But behind those images are other realities: artificial intelligence, sensors, robots and cobots, 3D printers, intelligent machinery, and Internet of Things networks – all of the markers of a sector in the midst of rapid, transformative change.

At little as 10 years ago, a manufacturer might have utilized a CAD (computer-aided design) system for product design and development or used a manufacturing execution system for monitoring work on the factory floor, but the majority of those systems’ processes were still analog and siloed. Today digital technologies have become central to IP companies’ operations, processes, and products, as well as the ways they connect with vendors and customers. From the factory floor to the supply chain and the sales process, a new web of automation, data, and analytics is now more and more connecting machines with human workers, thereby promoting real-time collaboration, achieving hyperefficiency, reducing waste, decreasing downtime, and presenting greater opportunity for innovation.

Analytics, digital twinning, and additive manufacturing technologies speed processes from design, prototyping, and engineering to manufacturing and sales, which simplifies the order process and delivers products customized for clients’ needs. Predictive maintenance analyzes sensor data to detect and address equipment wear patterns and maintenance needs. And mobile and augmented-reality technologies give technicians instant, on-the-floor access to data and documentation whether it’s a wiring schematic for a malfunctioning machine or it’s shift data to improve plant efficiency.

In a very real sense, IP companies are now technology companies, but with that transformation also come all of the risks inherent in a high-speed, highly connected digital enterprise. How are IP companies assuring their stakeholders to trust that those risks are fully accounted for? How are they ensuring the security of their connected devices and of the data that flows throughout the enterprise and its vendor ecosystem? How are they ensuring the resiliency of manufacturing processes that rely on connected equipment?

In the past decade, companies focused on giving their stakeholders comfort that they’ve mitigated risks in the technologies they’ve used to become more creative, nimble, and connected with their customers. Today technological risk has moved beyond business processes and down to the literal nuts and bolts of the enterprise. When a wi-fi-enabled sensor on a cooling unit can give hackers a back door onto the factory floor – potentially exposing whole facilities to malware, digital hijacking, and other threats – then managing those risks and retaining stakeholder trust become paramount.

For risk and audit professionals in the IP sector, dealing with these changes means opening their aperture beyond risks to traditional business processing systems. It means learning the language and systems of Industry 4.0 and building new relationships with the engineers who select and implement new digital manufacturing solutions.

Below, I provide an overview of how the risk and audit team can harness existing capabilities and processes for cybersecurity, data confidence, system risk and controls, risk resiliency, and other risk management disciplines and using them to serve a broader scope.

Cybersecurity. Strategically, risk management and internal audit can help shape a broader strategic response to cyberrisk by reaching an understanding of current capabilities and establishing a plan to dedicate new cybersecurity investments to the most-consequential vulnerabilities. Individual security assessments have to extend beyond data privacy and business processing applications so that they ensure the security of industrial access points both in-house and across the ecosystem. Proactive crisis management and resiliency plans can promote persistent monitoring and help make sure of rapid detection, immediate response, effective containment, and astute forensics around breaches, cyberespionage, operational disruptions, supply chain security issues, and other threat incidents.

Data confidence. Data that flows from thousands of human and machine touch points is useful only if it’s usable. Effective governance controls over the availability, usability, integrity, and security of data within the manufacturing ecosystem help IP companies realize efficiency gains, increase productivity, and boost top-line growth.

System risk and controls. Working across the entire control life cycle, risk management has to help increase the maturity, reliability, and resiliency of the existing control environment; has to strengthen overall controls design; and has to give stakeholders confidence that the company’s systems have the right controls and monitoring to do what they’re supposed to.

Risk resiliency. The confidence to take risks comes from trust that the company’s risk management processes, controls, and tools are sufficiently robust to help the business withstand disruption. In an environment of rapid and dramatic technology change coupled with a similarly dramatic expansion of digital threats, risk management must adapt quickly to give stakeholders the confidence that new technology and data risks are understood and being well managed and that vital digital platforms remain uncompromised and operating at peak potential to serve the enterprise.

Transformation confidence. Change begets change, and trust begets confidence. The rapid digital transformation of the industrial products sector means the production of more and more data that can be analyzed to extract more and greater opportunities – if it’s all done right.

By delivering a risk and control environment able to meet challenges and mitigate threats on the smart-factory frontier, industrial products risk and internal audit professionals can ensure the success of current operations, but they also help push the frontier even further by giving their companies the confidence to embark on the next complex digital transformation program.

©2017 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

Print Friendly, PDF & Email

Previous post:

Next post: