EY’s Veron Wong: Risk, controls often treated as an afterthought

She discussed Singapore’s business risk environment and the growing role of emerging technologies in shaping its future.

Singapore’s business landscape is shaped by its remarkable position as a global hub, where strong governance, regulatory discipline, and innovation have become vital to success. Companies operate in an environment marked by cross-border activities, digital transformation, growing third-party dependencies, and rising expectations around compliance and sustainability.

This domain closely reflects the professional lens of EY ASEAN and Singapore Risk Consulting Leader, Veron Wong. With over 20 years of experience in governance, risk management, business process improvement, internal audits, and pre-IPO listing reviews across global markets, she brings a practical and informed perspective on what it takes for organisations to operate and grow effectively in Singapore’s dynamic business ecosystem.

Speaking as a judge for the 2026 Singapore Business Review International Business Awards and National Business Awards, Wong shares her insights on how Singapore organisations manage rising third-party risks, the impact of sustainability and ESG priorities on corporate risk management, and the common risk and control gaps emerging from digital transformation efforts.

With growing reliance on third-party vendors, how mature is third-party risk management amongst Singapore organisations?

From our observation, whilst Singapore organisations understand that certain functions may be outsourced, they recognise that they are still responsible for accountability and risk management. As supply chains become more complex and regulations increasingly fragmented, many companies are now more proactive in managing third-party risks. Over the past few years, we have seen more structured approaches being adopted, including formalised vendor assessments, ongoing monitoring, and clear contractual obligations. That said, risk maturity levels still vary widely across industries and company sizes.

How is the increasing focus on sustainability and ESG influencing corporate risk management practices in Singapore?

There is growing recognition that environmental, social, and governance (ESG) considerations are critical for regulatory compliance, investor confidence, and long-term business stability. Many organisations have started to integrate ESG into their risk frameworks, particularly in areas like supply chain resilience, climate impact, and ethical governance.

However, recent global developments, such as shifting trade policies, have caused ESG to compete with more immediate operational or financial priorities. Nonetheless, we anticipate ESG will continue to influence decision-making, as stakeholders, regulators, and investors demand greater accountability. ESG is not just a reporting obligation; it is about proactively managing risks and reinforcing trust.

What common gaps do you see in organisations’ digital transformation journeys from a risk and controls perspective?

One of the most common issues we see is that risk and controls are not prioritised; they are often treated as an afterthought rather than a core component of success. Without early attention (i.e., from the planning stage), organisations may face compliance challenges, operational disruptions, or even reputational damage.

Another gap is the assumption that governance is automatically handled by the system integrator. Organisations often implement solutions at scale without embedding dedicated practitioners to oversee risk management. This can lead to blind spots, from data security vulnerabilities to process inefficiencies, which may only become apparent later.

How does Singapore’s business risk environment compare with other major markets in Southeast Asia?

Singapore’s business risk environment stands out across Southeast Asia as a result of the government’s clear and consistent expectations around governance and accountability. This top-down emphasis creates a culture of trust and reliability, reinforcing confidence amongst businesses, stakeholders, and investors.

At the same time, organisations still face challenges from macroeconomic shifts, cybersecurity threats, and evolving regulatory requirements. Hence, risk management cannot be taken for granted.

What role will the emergence of advanced analytics, AI, and automation play in the future of risk management in Singapore?

Digital tools provide unprecedented capabilities to identify, monitor and mitigate risks in real time. Artificial intelligence (AI) and analytics can process vast and complex datasets, uncovering patterns and insights that were previously difficult or impossible to detect. Automation reduces manual errors and accelerates routine risk management processes, freeing up teams to focus on strategic decision-making.

The key is not just adopting technology for its sake but integrating it thoughtfully into existing frameworks to anticipate emerging risks, respond swiftly to disruptions, and make data-driven decisions with confidence. Ultimately, technology is not a replacement for human judgement but a capacity enhancer that allows risk management to become smarter and faster.

As a returning judge for the Singapore Business Review International Business Awards and Singapore Business Review National Business Awards 2026, what specific qualities or innovations are you going to look for in the exceptional entries this year?

The best entries are those that benefit the entire value chain, positively impacting both upstream and downstream operations. It’s about solutions that are integrated, practical, and drive measurable impact for the organisation as a whole.