AI transforms risk consulting from manual to strategic work

Forrester has launched a new research area focused on risk consulting services, highlighting how AI is transforming the traditionally manual-heavy industry. The report, “An Anatomy Of Risk Consulting Services,” reveals that Chief Risk Officers (CROs) are seeking providers who can automate craft-based manual work while helping them navigate an increasingly volatile risk landscape marked by geopolitical instability and regulatory changes.

What you should know: Risk consulting firms are fundamentally reshaping their service delivery models through AI automation to meet evolving CRO demands.

• Most firms are already using AI to automate controls testing and assurance work that has historically been their primary revenue source.
• CROs want partners who can help disrupt both the culture and practice of enterprise risk management.
• The shift represents one of the most significant transformations the industry has witnessed, according to Forrester’s analysis.

The manual work problem: Current risk management practices still rely heavily on time-consuming manual processes that AI could streamline.

• Risk practitioners manually chase audit evidence, review documents, perform risk analysis, and manage compliance workflows.
• One global bank interviewed for the research employs over 2,500 people whose primary job function is performing manual risk and control assessments.
• This manual approach prevents risk functions from positioning themselves as strategic advisors.

Why this matters: The transformation aligns with a broader shift toward positioning risk functions as strategic business partners rather than compliance gatekeepers.

• As Paul McKay, VP and Principal Analyst at Forrester, explains: “Expect a future where risk professionals shift their focus from doing this manual work, to exercising more acute professional judgement.”
• CROs will choose consulting partners “who challenge the status quo rather than conform to it.”
• The focus should be “on the professional judgements they need to form, and less on going through the motions required to support that judgement.”

Looking ahead: The integration of AI and automation technologies will drive a seismic shift in risk consulting over the next five years.

• Supporting risk technologies like Governance, Risk, and Compliance (GRC) platforms are evolving alongside generative and agentic AI.
• Some firms will begin offering technology-driven managed risk services as a new business model.
• Forrester plans to evaluate this market with a comprehensive Forrester Landscape and Wave assessment in 2026 and early 2027.

The bigger picture: CROs are operating in what society has dubbed a “permacrisis” environment, requiring different approaches to risk management.

• They face challenges from geopolitical instability, regulatory whiplash, and what’s being called the “ESG winter.”
• Many still rely on risk consulting providers “stuck in the audit compliance cottage industry of yesteryear.”
• The new landscape demands risk programs and cultures that can adapt to increased volatility and fragmentation.