Three Questions Start-Ups Should Ask Themselves



Three Questions Start-Ups Should Ask ThemselvesInternal controls, compliance and risk culture are often the last things senior management and boards of start-ups and small to medium companies want to discuss during their strategy and operational meetings. Alternative views on these factors are seen as counterproductive to the organisa- tion’s strategic objectives. Indeed, many start-ups spendan inordinate amount of time focusing on the challenges of meeting the expectations of the market and of stakeholders such as investors, customers, fi anciers and regulators. In the process, they take on new, and sometimes unknown, risks, yet are reticent to address them proactively.There are reasons, regardless of an organisation’s size and geographic reach, that discussions about integrated internal controls, compliance and risk culture need to happen up front rather than as a fi al step. From our experience working with start-ups in Singapore, we believe that there are three important questions boards and management in start-up organisations should ask themselves:Do our internal processes provide adequate protection if things go wrong?Many start-ups face intense pressure to grow revenue and market share, and they compete fiercely for investor and financier funds. Some of these factors contributeto an inclination for management to increase risk appetite and acceptance of risks when making business decisions, especially when it comes to expansion of products and geographies and the possibilities of increased revenues and profitability.Besides the known risks of such expansion, has executive management considered the impact of noncontrollable external forces in a volatile market environment? Having a robust enterprise risk management framework that challenges the status quo will provide a structure for executives to ask the right questions to ensure that proper discussions are taking place. Senior management and boards should play a key role in these discussions. Is senior managementproviding sufficient tone-from-the-top leadership in your enterprise risk management program? Does your organisation’s board have the right balance/mix and relevant experience in business or corporate governance to advise adequately?Do we have the right systems, processes and technologies in place to control our growing pains?Whilst enterprise software, applications and database solutions have improved and become more sophisticated, start-ups often face a unique challenge to adopt a solution for their start-up mode and then transform as they scale up. Their enterprise resource planning (ERP) solutions struggle to keep pace with operational and organisational changes, as well as with increased complexities of rapid business growth. For instance, ERP solutions are not designed to cater to new or enhanced business models, or, for some start-ups, system-based controls are notfully implemented, thus causing them to rely too much on manual controls that can be easily circumvented.Consider also that some start-ups rush to get their systems into production, configuring or failing to configure certain features or functions which are irreversible and required later on in their growth. In addition, after changes in roles and responsibilities of key departments or people, including corporate restructuring, take place, users may continue to have access to data and systems – and, more critically, theauthority to approve transactions – which are not under the purview of their new roles and responsibilities. In such cases, the risk of fraud and override of internal controls is significantly increased.Other factors may affect the level of control start-ups have as they continue to grow at a rapid pace. These include the lack of dedicated resources and of specialised in- house knowledge of enterprise software, applications anddatabases, as well as poor blueprinting of future processes and a lack of accountability during implementation.Is there a storm brewing with our cloud computing solution?Businesses turn to cloud computing solutions for different reasons: to reduce capital expenditure, to optimise internal IT resources, to improve business continuity and redundancy, and to enable a more rapid deployment of new business services with greater flexibility and scalability, to name a few. Start-ups increasingly adopt cloud computing solutions so they can focus on their core business and not have to concern themselves about keeping up with technology changes.Selecting a cloud service provider that proactively manages or addresses data privacy and security concerns prevalent with cloud computing services is crucial. Important considerations, such as the need for the service providers to conform to your organisation’s policies on handling and encryption requirements of sensitive and confidential data in payment methods, gateways and platforms, must be addressed.It’s important to obtain answers to a number of significant questions about cloud service providers. How do they use customer data for their own activities, and what are the implications to data security andconfidentiality? Does the service provider share customerdata with third-party service providers? Does the service provider have oversight controls in place to ensure that the confidentiality of customer data is maintained? Does the service provider have adequate incident response procedures to handle exigencies effectively?Cloud service providers can invest in far more advanced security technologies than what most organisationsare able to for their own on-premise data centers. A security breach can be costly in terms of both costs and reputation. Companies should perform due diligence and risk assessments prior to engaging a cloud service provider and regularly throughout the contract period.How Protiviti Can HelpWe assist boards and senior management with identifying and assessing the enterprise’s risks and implementing strategies and tactics for managing risk. We provide value and an experienced, unbiased perspective on issues sepa- rate from those of company insiders and share our exper- tise to help organisations improve their risk management and internal auditing processes. Our experience working with start-ups in Singapore and the surrounding region puts us in a unique position to understand and provide the nec- essary advice so that your business is not disrupted while you disrupt the industry.About ProtivitiProtiviti () is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000? and 35 percent of Fortune Global 500? companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.Ranked 57 on the 2016 Fortune 100 Best Companies to Work For? list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.? 2016 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. PRO-0616-107136 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download