Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
4 January 2017

Has the retail sector ever faced greater threats in this digital age?

Has the retail sector ever faced greater threats in this digital age?

The digitalisation of the economy has had a transformational effect on how businesses do business and therefore new threats have evolved. The retail sector has been at the forefront of the digital transformation and is also the sector most at risk of disruption from this new threat landscape.

Our collaborative blog with Paul Lloyd-Smith, SAP UK’s expert in GRC for the retail sector, will explain why this is the case.

Why is retail so susceptible to risk?

Retail is all about supply and demand. Modern retailers therefore often operate a complex supply chain involving suppliers, distributors and customers. To succeed, a retailer must protect margins and reduce overheads that count against the retail price that their product can demand. They must also ensure that the market sees value in their product to ensure that the retail price is as high as possible.

The retail market is highly competitive where the line between success and failure is very small. It is largely dependent upon consumers rather than business to business trade. Consumer focused business is inherently volatile with market forces ruling the way. Individual buying patterns naturally dictate that your product will not appeal to all people.

Retail also relies upon volume. Although selling one unit may be worthwhile, the retailer only becomes successful by selling high volumes of units and is therefore maximising revenue and optimising their negotiation position with suppliers; their internal operational manufacturing and distribution processes though scale.

Finally, there is the aspect of time. Retailers have to align themselves to the demand for their product. There is a timing aspect to this such as a seasonal product, for example de-icer or clothing, but there will also be consumer buying patterns such as the retail peak in late November, and December.

Opportunities for retail-based fraud

Paul Lloyd-Smith has detected a common theme from conversations with his customers. They suggest that all of these aspects introduce a very tangible risk of fraud in the retail industry. There are inherent opportunities for fraudsters to take advantage of weakness in controls, due to the high volume and time dependency of transactions. Retailers have traditionally focused control activities on product theft or point of sale vulnerabilities. However, this fraud threat is changing.

How the retail industry has evolved

The retail industry has fully embraced digital transformation. All successful retailers have a significant web presence with a growing proportion of their sales attributed to digital channels; web-shops and mobile apps. Whilst traditional high-street stores are important for customers to browse and research products, their importance in terms of revenue is reducing. In fact, many of the leading retailers operate exclusively online. This puts a greater degree of power in the hands of the consumer.

Because of this, opportunities for retail-based fraud can also occur in relation to distributor or delivery related issues where the product never makes it to the customer or the customer claims a refund without the goods being returned. This is in addition to the standard financial and supply chain fraud risks that are found in many back office corporate environments.


This blog has highlighted where we see a shift in the threat to the retail sector. In the next blog, we will explore in greater detail why retailers are looking to broaden their efforts around fraud and risk management activities.