Internal processes and governance: Delivering value for tech companies
Renowned for its inventiveness and creativity it’s perceived as a safe place to push the boundaries of what’s possible in global innovation and dynamism. However, tech companies of all sizes face growing business disruption and an ever-stringent legal and regulatory compliance regime.
In addition, Cambridge’s knowledge-based economy is still suffering from a lack of immediately available quality workspace. This has led to an extreme supply and demand imbalance. While plans are in place to improve this, it won’t be fully resolved for years, adding pressure to an already challenging sector.
In this article we examine the benefits of robust internal processes and governance to reduce risk, provide clarity and allow tech businesses to focus on their primary objectives.
Why internal processes are more important than ever
Internal processes and governance not only provide assurance over the key activities and risks, they also advise on the design and effectiveness of controls and governance arrangements.
Traditionally, using the three lines of defence[1] (3LOD) model helps stimulate innovative solutions to improve an organisation’s ability to anticipate and manage its risks.
After over a decade of uncertainty following the financial crisis and the pandemic, a whole suite of ‘new-normal’ processes have been established. Consequently, the organisational impact is still to be fully understood. From the ability to work remotely, to the use of automation and the ‘as-a-service’ cloud revolution, companies have had to adapt and push traditional boundaries, taking on more risk in the process.
We see many tech organisations increasingly using the 3LOD approach as a framework to assess the level of their maturity in how they are managing their risks.
Current areas of focus in respect of internal processes and governance
Many of the challenges that tech companies grapple with aren’t unique to the sector they operate within. Nonetheless, our experience highlights they face several business issues in developing their strategies and making investments.
Cybersecurity – The ever-shifting threat landscape is a key focus point for many tech companies. The rapid shifts in technology, the continued transitioning to PaaS (Platform as a Service) and SaaS (Software as a Service) cloud solutions, increased diverse regulatory environments and changes in corporate culture means that tech companies need to be constantly alerted to protecting their systems and data. Ensuring resources in security over the company’s network, applications and information is proportionate to manage the threat of cybercrime, cyber-attack and/or cyber-terrorism is critical to tech companies.
Operational resilience – It’s critical for tech businesses to ensure there are sufficient and appropriate mechanisms to mitigate the risk of business disruption. It can be problematic building and instilling resilience in an organisation’s people, processes and technology infrastructure. Tech companies need to consider continuity and disaster recovery plans to cover data security attacks, IT outage and denial of access to critical people, premises, systems and technology.
Data governance – The importance of data being captured, stored, used and protected cannot be underestimated. Tech organisations are at the forefront of leveraging the power of big data. Organisations unleashing the potential of their data are starting to see some real benefits, however there are security and methodological risks. Regulatory demands on organisations can have significant financial and reputational impacts for those who do not put in place sufficient data governance protocols.
Mergers and acquisitions – The ability to manage strategy execution risk more effectively is leading many tech companies to put in place additional rigour over their merger, acquisition and divestiture programmes. This ensures there is a fact-based and well-controlled diligence, valuation, planning and execution process.
System implementation – Tech companies are making much greater use of cloud services. Organisations can face challenges when moving their IT infrastructure to the cloud. These include the risk of cloud systems implementations not delivering the intended value/benefits, overlooking processes or parts of the business on the journey and managing any resistance to change.
Legal & regulatory framework – Regulation around tech isn’t as heavy as other sectors. This enables tech companies to innovate and disrupt several highly regulated industries. Therefore, they face the challenges of understanding and complying with a wide range of cross-industry legal and regulatory requirements. For some tech companies, implementing a global compliance framework may be a logical progression along their compliance journey.
Third party risk – Organisations increasingly leverage third parties to provide a variety of services. These include product sales, distribution, data storage, marketing, finance, HR, payroll and customer service. Outsourcing frees up organisational resource to focus on the core strategies and outcomes of the business, as well as reduce costs.
How can Evelyn Partners help?
At Evelyn Partners, we believe in the power of good advice. Our professional services advisers possess a depth of knowledge that can scale to support businesses at any stage of their journey. You’d also gain access to the wider business which has proven expertise in helping business owners and C-Suites to execute long-term strategy.
Our dedicated Risk Advisory division supports, advises and provides assurance services to tech companies. Our professionals bring deep technical and industry knowledge and experience, allowing you to strengthen key governance, risk management and controls, whilst enhancing business performance.
Our service offering includes but isn’t limited to:-
- Advising on establishing improved internal processes and governance
- Collaborating and building the approach, methods, tools, strategy, programme of work and support in the transition and implementation of changes made
- Helping establish internal audit functions or operate as a fully outsourced provider of internal audit services
- Operate as a co-sourced provider in a hybrid delivery model. This includes providing a Head of Internal Audit and secondee/s to support in-house teams, utilising the resources within your organisation to deliver success
Together we can unlock the power of good advice and seek to transform the way you perceive – and navigate – risks so you can stay at the forefront of technological change. You can email Mark Prince at mark.prince@evelyn.com
Sources
[1] The Three Lines of Defence model, published by the Institute of Internal Auditors
Evelyn Partners LLP is regulated by the Institute of Chartered Accountants in England and Wales for a range of investment business activities. Evelyn Partners LLP is an independent network member of CLA Global Limited. See https://www.claglobal.com/disclaimer.
