Boardroom Intelligence

Majority of US companies lack compliance automation strategies, claims new report

BY Fraser Tennant

Compliance leaders in the US are yet to fully automate their compliance activities in order to respond more efficiently to shifting regulatory expectations and a changing risk landscape, according to a new KPMG report.

The report, ‘Innovating compliance through automation’, found that only one in five chief information officers (CIOs) and chief compliance officers (CCOs) said they had a well-defined strategy to automate compliance in the next two years. However, 90 percent did say they had plans to increase funding for automation in the coming years.

Among the report’s key findings: (i) 36 percent of CIOs and CCOs said that attention from leadership and stakeholders is a top challenge they have encountered or expect to encounter in implementing compliance automation; (ii) when asked what is limiting their ability to automate compliance activities, 70 percent of CIOs and CCOs named data integrity and 67 percent pointed to data availability as leading factors; and (iii) 32 percent of CIOs and CCOs said the availability of resources to support automation is lacking.

Furthermore, CCOs and CIOs differ on their view of the subject matter knowledge their organisation requires to tackle compliance automation, with approximately 18 percent of CCOs stating knowledge was lacking while 40 percent of CIOs pinpointed this as the main automating compliance challenge.

"Companies are automating routine operational tasks to increase efficiencies and lower costs," said Amy Matsuo, a principal in KPMG’s risk consulting services and national leader of regulatory insights practice. "The next step is for organisations to pivot from using automation in operational processes to deploying it for compliance analytic and predictive purposes. To do so, they must first prioritise compliance activities that can be automated while setting expected returns on investment."

According to the report, compliance activity priorities are based on product safety (42 percent), industry specific regulations (41 percent), cyber security and information protection (36 percent), privacy (29 percent), fraud (27 percent) and consumer protection (22 percent) regulatory obligation categories.

Ms Matsuo concluded: "Organisations will need to identify personnel with the appropriate skills, knowledge and availability to undertake automation. This requires a unique skillset that blends an understanding of business operations, compliance issues and risk management with technological proficiency."

Report: Innovating compliance through automation

New report highlights lack of gender diversity in ASX 201-500 companies

BY Fraser Tennant

Women account for only 15.8 percent of board roles in ASX 201-500 companies, according to a new report – the first of its kind examining the state of gender diversity within small-cap companies – by the Australian Institute of Company Directors (AICD) and Heidrick & Struggles.

The ‘Beyond 200: A Study of Gender Diversity in ASX 201-500 companies’ report also reveals that there are signs that boards of newer companies and those chaired by individuals who also chair larger listed boards are leading the way towards greater gender diversity.

The report’s key findings include: (i) female representation on boards greatly declines beyond the ASX 200, falling from 27.9 percent across the ASX 200 to 15.8 percent across ASX 201-500 companies; (ii) newer companies are more likely to have greater gender diversity, with women accounting for 25.3 percent of directorships for companies listed in the last five years; and (iii) female representation rises to 22.9 percent on ASX 201-500 boards chaired by an ASX200 chair.

“This report indicates that there are larger obstacles to achieving greater gender diversity among companies outside the ASX200, given small board sizes and greater presence of founders and investors,” said Elizabeth Proust, chairman of the AICD. “However, it also shows chairs of larger companies are exerting their influence and newer companies have heard the message about the importance of diversity.”

In 2015, the AICD set a target for all boards to achieve gender diversity based on a strong body of evidence showing that diverse boards lead to better outcomes for shareholders and stakeholders alike. Further research showed that 30 percent is where ‘critical mass’ is reached in a group setting and the full benefits of diversity are realised.

The report also states that while the AICD has been tracking progress towards the 30 percent gender diversity target as far as ASX 200 boards are concerned for several years, it felt it was now time to “shine the spotlight” on small-cap companies.

Ms Proust concluded: “Greater gender diversity on boards of all sizes is fundamental to the future of good governance in this country. Continued advocacy, engagement and education is needed to see all boards reap the benefits of diversity.”

Report: Beyond 200: A Study of Gender Diversity in ASX 201-500 companies

Data scientists top UK CEO recruitment wishlist, claims new survey

BY Fraser Tennant

Illustrating their increasing role in supporting future business growth, data scientists have been named the most important workforce capability by UK chief executives, according to a new survey by KPMG.

In its ‘Growing pains: 2018 Global CEO Outlook’ report, KPMG states that more than two thirds of survey respondents (69 percent) named the data scientist role as important in supporting future growth plans, followed by emerging markets experts (57 percent) and emerging technology specialists (55 percent ), such as artificial intelligence professionals.

The KPMG analysis also suggests that firms should focus on the impact of technological disruption as well as considering business opportunities beyond domestic markets.

“UK CEOs are encouragingly bullish on their resourcing requirements and evidently more so than their counterparts elsewhere in the world,” said Mark Williamson, partner and head of the people consulting practice at KPMG in the UK. “This sends a powerful message to the world that UK business leaders can see past market uncertainty and are focused on future-proofing their operations.”

In order to respond to technological disruption, the report also notes that UK businesses need to treat technology disruption as part of an integral part of business strategy, and respond by looking at ways in which their workforce can change its size, shape and composition to meet the strategic demands of the next decade.

“Fundamentally, the nature of digital disruption is potentially transformative if approached with the right mindset,” continued Mr Williamson. “Technology disruption is becoming such an integral part of business strategy that we expect business leaders to increasingly establish their own training programmes and invest in external support.”

The KPMG report showcases the views of 150 UK leaders and a further 1150 chief executives across the globe.

Mr Williamson concluded: “UK business leaders are embracing digital disruption and are confident in the potential for automation to create jobs in the near future. The rise of the data scientist is clear evidence of this sentiment and shift in priorities within UK boardrooms.”

Report: ‘Growing pains: 2018 Global CEO Outlook’

UK C-suite cyber confidence concerns

BY Richard Summerfield

Despite recent growth in the number of recorded data breaches, senior management at a number of UK companies believe that their cyber security provisions are above average – a sign that some UK firms may be overconfident in their defences, according to the ‘United Kingdom – Views from the C-Suite Survey 2018’ report released by FICO.

Executives at three out of four UK firms believe that their company is better prepared than its competitors. Among UK industries, financial services firms were the most confident of all, with 55 percent of respondents saying their organisation is a top performer, and 41 believe that their defences are above average. Forty-two percent of telecommunications providers believe that their firm is a top performer. The least confident executives were in the retail and e-commerce sectors, with 38 percent of respondents saying that their firm is a top performer, and only 19 percent rating it as above average.

This overconfidence among UK executives is particularly jarring as only 36 percent of organisations are carrying out regular cyber security risk assessments.

“These numbers suggest that many firms just don’t understand how they compare to their competitors, and that could lead to a lack of investment,” said Steve Hadaway, FICO’s general manager for Europe, the Middle East and Africa.

The UK is not alone in its overconfidence, however. Firms from all eight jurisdictions surveyed, including the US, believe they are well placed to resist a cyber attack. Canadians were more likely to rate their firm a top performer for cyber security.

Ovum conducted the survey for FICO through telephone interviews with 500 senior executives, mostly from the IT function, in businesses from the UK, the US, Canada, Brazil, Mexico, Germany, India, Finland, Norway, Sweden and South Africa. Respondents represented firms in the financial services, telecommunications, retail and e-commerce and power and utilities sectors.

“IT leaders have greater funding than ever to protect organisations from the continuously evolving threat landscape and meet complex compliance demands,” said Maxine Holt, research director at Ovum. “These same IT leaders are undoubtedly keen to believe that the money being spent provides their organisation with a better security posture than any other – but the rapid pace of investment, often in point solutions, rarely takes an organisation-wide view of security.”

Report: United Kingdom – Views from the C-Suite Survey 2018

CEO ‘disconnect’ a cyber concern

BY Richard Summerfield

Though cyber security is one of the biggest issues of our time, a misalignment between CEOs and technical officers, including CIOs, CTOs and CISOs, is weakening many organisations’ cyber security postures, according to a new report from Centrify titled ‘CEO Disconnect is Weakening Cybersecurity’.

The report, which saw over 800 executives surveyed by Centrify and Dow Jones Customer Intelligence, suggests that discord among C-suite leaders is leaving companies increasingly vulnerable to attack. The report claims that “the CEO response to cybersecurity is misaligned with reality”.

Sixty-two percent of CEOs cite malware as the primary threat to cyber security, compared to only 35 percent of technical officers. Only 8 percent of all executives stated that anti-malware endpoint security would have prevented the “significant breaches with serious consequences” that they experienced. Technical officers believe that identity breaches – including privileged user identity attacks and default, stolen or weak passwords – are the largest threat companies face, not malware.

Poor investment decisions made by CEOs – 60 percent of CEOs are investing the most in malware prevention and 93 percent indicate they already feel ‘well-prepared’ for malware risk – and poor communication between CEOs and technical officers are further cause for concern. Eighty-one percent of CEOs believe that they are most accountable for their company’s cyber security strategy, while just 16 percent of technical officers agree. Seventy-eight percent of technical officers believe that they are most accountable for the company’s strategy.

“While the vast majority of CEOs view themselves as the primary owners of their cybersecurity strategies, this report makes a strong argument that companies need to listen more closely to their Technical Officers,” said Tom Kemp, chief executive of Centrify. "It’s clear that the status quo isn’t working. Business leaders need to rethink security with a Zero Trust Security approach that verifies every user, validates their devices, and limits access and privilege.”

To bridge the gap between CEOs and technical officers, the report suggests that all parties must share their perspectives on the issues surrounding cyber security, but ultimately CEOs must alter their understanding of the threats they face. While malware is an issue, CEOs must change their mindsets, realign their cyber security spending and focus more heavily on the importance on combating identity breaches.

Report: CEO Disconnect is Weakening Cybersecurity

©2001-2019 Financier Worldwide Ltd. All rights reserved.