Tag Archives: risk management

Telecommunications companies are not doing enough to address cyberthreats

As the telecommunications industry continues its shift to a digital business model, organisations are recasting themselves as technology companies that offer a broad array of digital communications, connectivity, and content services.

They are racing to deliver not only high-quality and reliable communications services, but also to provide fresh content across a range of computing platforms to an expanding range of customers. Digitisation also has led to new products and services that are created and delivered in innovative ways, resulting in a raft of new collaborations, joint ventures, and strategic alliances across industries. At the same time, a slew of big deals are in the works, including mergers of telecommunications companies, multi-system operators, satellite television providers, and mobile communications networks. Some telecoms are acquiring businesses outside of their traditional scope to gain intellectual property and broaden their services.

Many of these changes are compounding network traffic and demanding that telecoms deliver enhanced capacity and quality of services – without raising fees to customers. That represents a formidable challenge as new entrants to the telecom market and lower pricing structures intensify competition and, in some cases, erode revenues.

Making matters more difficult: The frequency and scope of cybersecurity and privacy risks continue to mount. While breaches have typically targeted customer data, there is growing concern that ultra-sophisticated adversaries like nation-states, organised crime, and hacktivists will initiate attacks that disrupt services and even cause physical damage. A recent attack on a French television network provides an example that is uncomfortably close to home: In April, politically motivated hackers infiltrated a major television broadcaster, knocking 11 channels off the air and compromising websites and social media accounts.

As telecoms pivot toward a more digital future, they will very likely encounter entirely new types of cybersecurity risks to data, applications, and networks. Yet according to findings from The Global State of Information Security® Survey 2015 (GSISS),many telecommunications companies are not doing enough to address cyberthreats for today – or the future.

The slight line between risk management and innovation barriers

I admit I’m usually in the critics side when it comes to new ideas. I like to challenge them against possible risks (looking at issues from a number of angles ?!) but I also enjoy the “out of the box” thinking. Split personality? Just a balanced approach, I hope :)

Here’s why:

The Eurozone Crises and its Scenarios. What does this mean to your business?

Eurozone 02
Eurozone (Photo credit: slolee)

The chances of Greece departing the Eurozone are rising sharply so what chances are there that Grece will remain in the Euro as a compromise? Spanish banks are still holding an estimated Euro 600bn of mortgages at full value on their books so Spain will be the next big test for Europe. Spanish and other Eurozone banks are going to require hundreds of billions of Euro recapitalisation in the next 12 months.

On January 2012, Congressional Research Services looked into possible scenarios regarding the Eurozone and their impact on US economy. Latest indicators from the US are mixed and patchy but this economy is out-performing the Eurozone. CEEMEA’s central outlook remains 3-5 years of sub-par economic growth, continuous Eurozone crises and tough global business conditions. PwC also provided four scenarios, including one where Greece would exit the Eurozone.

What does this mean to your business?

The risks for a worse outlook have intensified since March/April and Eurozone restructuring has the potential to create significant change and disruption to the operations of many organisations. Global companies (both headquartered in the Eurozone and ones with extensive links with it) will be impacted across their whole value chain.

There will be:

  • Treasury changes (e.g. liquidity and financing, security over banking arrangements);
  • Operational changes (e.g. documentation, pricing arrangements, customer payment mechanisms);
  • IT changes (e.g. systems configuration, payment and billing systems changes, master data, transaction data migration, package applications and support arrangements);
  • Planning, benchmarking and forecasting (e.g. contingencies, restatement of historical data, costs to implement the Eurozone restructuring);
  • Challenges in communications to shareholders, stakeholders, customers and suppliers regarding organisational impact and arrangements to manage the impact.

How one can cope with all these challenges? Here are some suggestions:

  • Evaluate your supply chain risk, particularly where raw materials become expensive for suppliers no longer in the euro-zone;
  • Develope business cases / risk analysis to take advantage of potential new sourcing opportunities and provide delivery support to realise these benefits;
  • Run rapid diagnostic tools that can be deployed simultaneously across Finance (EPM Blueprint, Finance Effectiveness);
  • The break-up of the Eurozone may even give rise to opportunities from a tax perspective: identify them and work to build them into existing contingency plans should the right commercial fact patterns arise in the future.

Other suggestions?

What do organizations moving toward risk mastery think of their approach?

Risk
Risk (Photo credit: The Fayj)

I recently came across a study on Risk Management with some interesting results:

  • Almost 64% of Risk Masters (organizations moving toward risk mastery)  indicate that their risk management capabilities provide competitive advantage to “a great extent”.
  • Almost three in every four Risk Masters consider the risk organization critical to reducing operational, credit and market losses.
  • Risk Masters integrate risk management capabilities across the organization.
  • Risk Masters are more likely to concentrate risk management in the hands of a chief risk officer. This suggests that Risk Masters more readily acknowledge the importance of having a C-level risk executive as an influential part of top management.
  • Risk Masters from their peers is their commitment to creating and infusing an awareness of risk exposure and the means to mitigate risks – as well as more detailed tacit knowledge and training – across the corporate culture.
  • Risk Masters emphasize the importance of making risk management part of everyone’s daily responsibilities.

The chief risk officer for one global energy company concluded: “A high-quality and efficient risk management function is among the top strategic goals of the company, ranking second only to growth and profitability.”

The future of risk management in the Communications industry

Iphone-picture
Image via Wikipedia

Each year I’m looking for the Global CEO Survey with great interest. Specifically this year I’m interested to see how risk management is affected by the global economic challenges. Communications CEOs are more worried not only about the global economic outlook, but also about several related risks. As the report shows, 45% are extremely concerned about the risk of economic volatility (versus 32% of the total sample). Similarly, 40% are extremely concerned about the measures highly indebted governments are taking to cut their fiscal deficits (versus 27%). Conversely, they’re more relaxed about the prospect of inflation. Only 19% of communications CEOs are somewhat concerned on this score (versus 31%).

Disruptive change is a constant feature of the communications industry and the results from this year’s survey indicate that CEOs see little sign of the pace and scale of change diminishing in the future. The rapid emergence and adoption of new technologies, devices and channels —from smartphones to tablets and Twitter to Groupon – can create overnight stars and catch the unprepared off guard. So it’s hardly surprising that 36% of communications CEOs are planning to make fundamental strategic changes in the next 12 months, compared to 13% across the rest of the survey population.

So how do communications CEOs propose to deal with these challenges?

They’re planning various strategic changes covering a wide range of financial and organisational areas over the next 12 months. Capital investment decisions and capital structuring activities feature prominently in their plans, for example: 31% intend to make major alterations to the former and 29% to the latter (versus 19% and 14%, respectively, of the total sample). And 29% expect to make major alterations in the way they manage risk, whereas the overall average is just 17%.

As well as changing their approach to investment and risk, communications CEOs say they’re likely to continue cutting costs. A full 90% have already implemented cost-reduction initiatives in the past 12 months, which is significantly more than the 75% who’ve done so in our entire survey sample. And 48% expect to outsource a business process or function in the next 12 months (compared to the overall average of 33%). Of course, outsourcing may be motivated by the need to reduce costs, but it’s also a component of the major organisational changes that two-fifths of communications CEOs expect to make in 2012.

Not surprisingly, since new technologies play such a key role in the sector, many communications CEOs are reconsidering how best to manage innovation, too. Communications CEOs are repositioning their portfolios to focus on developing new products and services, and fine-tuning existing products and services. But 60% also intend to adopt new business models in response to a fast-changing environment.

Predictably, perhaps, many communications CEOs are pinning their hopes for future growth on the emerging markets rather than the developed markets—as, indeed, are their peers in other sectors. And while most CEOs with plans to expand abroad are focusing on China, communications CEOs prefer Brazil: 26% believe it will be a key growth market in the next 12 months (versus 15%).

The full report on Communications CEO survey is available here.

Will social technologies improve performance?

English: A tag cloud (a typical Web 2.0 phenom...
Image via Wikipedia

One of the most challenging questions… Will enterprises benefit of Web 2.0 deployments and will such technology improve performance?

On the one hand you see by far too much time spent on Facebook these days and statements like “my whole life is there” are not such unussual amongst the young generation. Therefore, the question is not how you make them use it (they already do) but what benefit you have as a company from using such technologies?

McKinsey’s conclusion is that companies are improving their mastery of social technologies, using them to enhance operations and exploit new market opportunities (“How social technologies are extending the organization,” McKinsey Quarterly, November 2011). They asked 4,261 global executives how their organizations deploy social technologies, including social networking, blogs, video sharing and microblogging, and the benefits gained. The 2011 survey reports that when adopted at scale across an emerging type of networked enterprise and integrated into the work processes of employees, social technologies can boost a company’s financial performance and market share, also confirming last year’s survey results.

I find not quite spectacular the four clusters that emerge from McKinsey’s analysis:
1. Executives at internally networked organizations note the highest improvement in benefits from interactions with employees;
2. Executives at externally networked organizations note the highest improvement in interactions with customers, partners, and suppliers;
3. Executives at fully networked organizations report greater benefits from both internal and external interactions (this result is easy to be assumed out of the first two);
4. In the fourth and by far the largest group, developing organizations, respondents report lower-than-average improvements across all interactions at their organizations.

It’s clear that there is an improvement in communication, especially for large inter-regional organisations but you don’t need a study to know that. What I would be interested in is how this is linked to performance on the job also this would be more difficult to find out once it becomes a way of life and business. Looking ahead three to five years, many respondents expect still more profound organizational changes. They say that with fewer constraints on social technologies at their companies:

  • Boundaries among employees, vendors and customers will blur.

I would raise a red flag here as this might be a signifficant risk management issue.

  • More employee teams will be able to organize themselves.

I would consider it one of the most relevant benefits.

  • Data-driven decision-making will rise in importance.

I’d also add a red flag here considering that Web 2.0 gathers unstructured data and the real challenge will be how to manage such information in a structured way.

New media impact: marketers change their thinking and spending allocations

Social Media Outposts
Image by the tartanpodcast via Flickr

Too many companies view marketing plans as little more than an exercise in where and when to buy media placement. Yet as the number of digital interactions increases, marketers must recognize the power that lies beyond traditional paid media.

The changing role of older media and the emergence of newer ones extend the marketer’s role well beyond the allocation of budgets and channels. Marketers today require a deep understanding of how consumers engage with different types of media at each stage of the journey toward a purchase decision. McKinsey’s study “Beyond paid media: Marketing’s new vocabulary” splits the media in 5 categories: paid, owned, earned, sold, and hijacked and makes an analysis of how media are evolving nowadays.

What’s there to think about?

1. Media are becoming more integrated. New ways to connect with customers, for example, are transforming traditional relationship management by requiring marketers to interact with consumers through multiple forms of media in increasingly personalized ways. JetBlue has promoted its Twitter offering through many channels, for instance, and now has about 1.6 million followers seeking a regular feed of special deals for tickets. This approach has given JetBlue the ability to deliver timely coupons at a minimal variable cost, reducing its reliance on expensive paid media while fostering closer relationships with consumers.

2. New publishing models are emerging because the increasing complexity of consumer needs. Computer maker Dell and automobile manufacturer Nissan, for example, worked with the Sundance Channel to create a television talk show hosted by Elvis Costello to attract their target demographic. With ads that seamlessly blended into the show’s content, Dell and Nissan not only gained exposure to a highly engaged audience but also shifted the perception of their brands to connect with Generation X.

3. Applications on wireless devices are spawning tools that provide useful information. For example, eBay’s Red Laser generates a list of prices for any product whose bar code has been scanned by a mobile phone. Beverage companies show where their products are available by overlaying icons onto maps on the screens of mobile phones. In Japan, food manufacturers can increase sales across entire product categories through marketing collaborations with platforms such as Cookpad, the country’s leading online recipe site, with 9 million members, more than 40 percent of whom are women in their 30s.

4. Marketing experiences are becoming more personally relevant. McDonald’s in Japan, for example, has developed expertise in the use of Twitter and other blogging platforms to promote new products and promotions by leveraging its huge fan base to talk about how much they love the company’s food. While this fan promotion is sometimes spontaneous, it’s often facilitated and encouraged by providing these fans with free meals. In this way, paid- and owned-media efforts (such as blog and Twitter campaigns) make consumers so enamored of McDonald’s products that the company generates a significant amount of earned media.

5. The evolution of new kinds of media means that consumers are engaging more often in real-time conversations, particularly on social networks and other digital platforms. One consumer electronics company, for example, has recognized the significance of every review or rating posted about its products. It now responds to all comments within 24 hours: positive feedback gets a thank you, an invitation to become a Facebook friend, and special offers; negative reviews get explanations of how to fix issues, instructions on how to navigate an interface more easily, or follow-up questions to learn more about what the consumer didn’t like. Some hotel chains, recognizing the importance of travel sites (such as the popular TripAdvisor), likewise encourage satisfied guests to post comments online, while employing staff to follow and answer negative comments.

For more details please see McKinsey’s study.

52% of executives said their company will increase security spending over the next year

Lokcpick 101
Image by SerialK via Flickr

According to the 2011 Global State of Information Security Survey (conducted by PricewaterhouseCoopers in conjunction with CIO and CSO magazines), out of 12,800 executives from 135 countries, 52% said their company will increase security spending over the next year. Yet many executives said their company’s business partners (52%) and suppliers (50%) have been weakened by economic conditions, a substantial increase from 43% and 42%, respectively, in 2009.

Security executives said their companies also have been impacted by spending restraints, often resulting in the stalling or degradation of some fundamental security capabilities such as conducting personnel background checks and the use of vulnerability scanning tools. Additionally, 47% of respondents said their organization had reduced security-related funding for capital expenditures and 46% said their company had reduced security-related operating expenditures.

The top factors driving information security spending this year are economic conditions (reported by 49% of respondents), business continuity and disaster recovery (40%), company reputation (35%), internal policy compliance (34%) and regulatory compliance (33%).

The only spending driver to show substantial increases this year is “client requirement,” the study found. Client requirement moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment. The rise of client requirement demonstrates the continuing strategic importance and integration of the security department to the business.

Not surprisingly, due to the cost-cutting initiatives taken by most global actors, the 2011 Global State of Information Security Survey also found a significant shift in the ongoing evolution of the CISO’s reporting channel, which has moved away from the CIO in favor of the company’s senior business decision-makers such as the CFO and the CEO.

Risks of social networking and a new role for insurance

The 2011 Global State of Information Security Survey revealed that many companies are unprepared to deal with the potential risks of social networking and other Web 2.0 applications: 60% of respondents said their organization has yet to implement security technologies supporting Web 2.0 exchanges such as social networks, blogs or wikis, according to the survey.

Additionally, 77% of respondents said their organization has not established security policies that address the use of social networks or Web 2.0 technologies. This lack of action on social networking and Web 2.0 technologies can expose organizations to a variety of risks, including loss or leakage of information, damage to the company’s reputation, illegal downloading of pirated material, and identity theft.

The survey also found that many companies are using an additional tool (insurance) to protect the organization from theft or misuse of assets such as sensitive data or customer records: 46% of respondents said their organization has an insurance policy. Additionally, 17% of respondents said their company has made a claim and 13% said their company has collected on a claim.

In Europe, the focus on information security is far more muted, the survey found. Europe now trails other regions in maturity across many security capabilities. Like North America, Europe continues to suffer poor visibility into security events and, as a result, may be unaware of the true impact of events on the business. While 68% of European respondents say their organizations place a high level of importance on protecting sensitive customer information, the responses from other global regions are higher, including Asia (80%), North America (80%), and South America (76%).

Industry specific highlights and further regional information are available here

Why confronting corruption makes sense

Detail from Corrupt Legislation. Mural by Elih...
Image via Wikipedia

Management and staff become distracted and demoralised as they investigate what went wrong and respond to legal, regulatory and enforcement actions. In some recent cases, costs have soared into the billions, significantly affecting earnings.

In addition to the external fallout, as customers and partners distance themselves from a troubled company, there are daunting internal costs. Failing to actively prevent corruption allows employees and third parties to rationalize stealing from the company. Companies with anti-corruption programmes that enable bribe payments are also highly susceptible to theft and financial statement manipulation.

Companies that do not take steps to assess and manage corruption risk stand a greater chance of being caught in the anti-corruption net. With the passing of the Foreign Corrupt Practices Act (FCPA) in 1977, the US took the early initiative in enforcement. Under the act, any company listed on a US exchange or with significant operations in the US is subject to the rules and regulations of the US Department of Justice, regardless of where corruption occurs geographically. More recently, enforcement has become a more global affair, with the US working closely with authorities in other countries. In the last years, at least 20 of the 37 government signatories to the 1997 OECD Convention on Combating Bribery of Foreign Public Officials began one or more investigations into corruption, up from 12 in 2006.

Looked at logically, bribes do not make good business sense. They may not alter the situation in any way and there is no contract to enforce if the services paid for are not rendered. Having paid once, a company also opens the door to future and perhaps larger demands and becomes susceptible to blackmail. “If you pay someone $1,000 for a service, do you think the next time they will only ask for $1,000?” says Albert Wong, head of policy and external relations at Shell International. He tells his staff to avoid this slippery slope by refusing the first demand.

While companies cannot control how governments and competitors behave, there are tools available to help level the playing field. One example is the so-called “integrity pact,” where all parties sign an enforceable agreement not to engage in corruption. Our survey highlights the importance of getting everyone to play by the same rules. Almost 45% of respondents say they currently avoid certain markets or opportunities because of corruption risks and almost 40% say they have lost bids because of corrupt officials.

A global PwC report shows that:

• Almost 80% of respondents say their company has some form of programme in place to prevent and detect corruption, but only 22% are very confident that it identifies and mitigates the risk of corruption.
• Slightly less than half say their programme is clearly communicated and enforced, while 28% say there are problems with either the communication or the enforcement of their anti-corruption programme.
• Rigorous risk assessment, a crucial step in programme design, is overlooked by more than half of those surveyed, and only 25% perform proactive risk assessments or monitoring.
• Only 40% of respondents believe their current controls are effective at identifying high-risk business partners or suspect disbursements.

The potential of corruption may always be present; however, companies can learn from others and set up a robust and proactive anti-corruption programme to mitigate their risk.

You may find more about confronting corruption here.

Restructuring checklist #1

Business drivers

• Which parts of the business are growing? Which are shrinking? How do you respond to both?
• Does your business evolution require new capabilities? If so, do you have a strategy for putting these capabilities in place?
• What is the acceptable pay-back time for any restructuring programme in your business?

Organisational redesign

• What should your future organisation look like in its customer-facing activities?
• Should you explore alternative channels of distribution to optimise customer reach?
• Is there scope to rethink your support structures? Are they providing you with the mix of cost efficiency, speed and customer orientation that your business requires? Have you benchmarked these features against your competitors?
• Is there an opportunity to rethink your operating principles to reduce costs through virtual teamwork, outsourcing and/or centres of excellence?

Cross-jurisdictional consistency

• Is your business operating in multiple jurisdictions? If so, have you thought through the differing legal requirements which restructuring activities prompt in these locations?
• Do you have an overarching commitment to consistent treatment of employees?
• Have you consulted appropriately at international level as well as at local levels?

Maintaining engagement

• How do you plan to maintain engagement levels in your business? Have you considered the retention challenges that may be prompted by restructuring?
• Are the challenges and associated time-frames you are setting out for your business attainable?
Do you have clear measures in place to ensure that you can respond swiftly to downturns in engagement levels within your business?

You may also want to read:
10 guiding questions to help restructuring initiatives
Restructuring checklist #2
Restructuring checklist #3