By Scott Tobutt
06 December 2018
It certainly has been a tumultuous year in the corporate world, with numerous emerging risks and challenges, exacerbated by growing regulation and greater public scrutiny. The bar has been lifted in terms of greater accountability and expectations of those charged with governance. As a result, the reputation risk of not maintaining appropriate standards has never been higher.
Bearing this in mind and as we approach the Christmas break, it is a great time to sit back and reflect and consider how your organisation can improve in 2019. We outline below some key areas where we have assisted clients this year – it is a good checklist to assess your business’ preparedness as we wind down the shutters for 2018:
Risk Management, Governance and Culture
- Understanding and mitigating risks that specifically impact the organisation has become essential. A good risk management framework will have systems for identifying, measuring, evaluating, monitoring, reporting and controlling material risks that may affect the business’ ability to achieve its objectives.
- Review policies around key governance areas. Documented policies need to be clearly articulated, communicated regularly and continually updated.
- Assess how the culture of the organisation is being overseen and driven. Culture should start at the top and be evaluated across the organisation.
- Consider effectiveness and appropriateness of Business Continuity Plans or documented plans for business interruption/crisis. Have these been tested?
- Cyber security is a continually evolving environment that requires ongoing audit, education, remediation and re-evaluation. It should not be considered in isolation but as part of the overall risk management.
- In-house or outsourced IT providers should be independently reviewed and challenged, and staff need to be continually educated on emerging risks e.g. phishing.
- There is a legislative requirement to have an effective Data Breach Response Plan (mandatory data breach notification became effective in February 2018).
- Potential fraud needs to be mitigated through effective fraud assessment and management.
- Control environment should be designed and implemented appropriately to mitigate any potential key risks and key controls need to be identified and tested on a periodic basis.
- Policies are only effective if they are being continually updated and have been put into operation.
- Consider introducing a Whistleblowing process or reporting mechanism. Whistleblowing is a tool by which issues can be raised and resolved early. Upcoming legislation will provide additional requirements including protection for whistleblowers e.g. independent hotline.
Data Analysis and Business Intelligence
- Consider the quality of the data being generated by information systems for reliability, accuracy and timeliness.
- To provide beneficial insights into your organisation through data you must consider whether your data provides business intelligence around key operational and transactional processes. i.e. product sales, customer data, project performance and profitability.
- Introduction and continual evolution of data analysis is vital in dynamic organisations. Data analysis is becoming increasingly powerful and must be performed on an ongoing basis to identify trends, patterns and anomalies over entire population sets.
Our clients’ experience is that due focus to the above areas will increase efficiency, improve their bottom line and protect their assets – from a business perspective, there is no better New Years’ Resolution!