The IPO Market Appears to Be Heating-up – Are You IPO-Ready?

By Steve Hobbs, Managing Director
Public Company Transformation

 

 

 

If the past month is any indication, the lull of 2016 is in the rear view mirror and we’re headed into an uptick in the IPO market. As more well-known and highly anticipated companies are going public, there are rumors of who might be next. With that said, history has shown the public offering windows opens and close quickly, and in order to take advantage of a healthy market, when IPOs tend to fare best, companies must be prepared when the market is ready. Below are several points on getting a company IPO-ready:

Prioritize. When the market is hot, it’s easy to want to ride the wave. But, trying to skip ahead or take shortcuts could put an IPO at risk. Conversely, shifting full focus to IPO readiness activities can cause the day-to-day business to suffer. In cases like this, working with partners to help prioritize activities and plan the IPO can be a good decision as it frees up time for management to focus on the business while keeping all strategic initiatives in sight.

Set the tone.  As every C-suite executive knows, major transformations, like launching an IPO and operating in the public realm, require a great deal of both internal and external communication. Public companies operate in a fishbowl of disclosure and regulatory compliance. Therefore, executives need to set a positive tone early on to ensure that every single person in an organization – not just the functions at the center of an IPO – is aware and supportive of the process. The executive team must promote a compliance infrastructure not just as a system of controls, but as a tool for growth and scalability.

Scale your infrastructure. The internal infrastructure of the company must be able to support and withstand the transformation requirements of going public. With new requirements and regulations, companies need to review their financial reporting applications and systems to identify and correct scalability issues.

Think cybersecurity. IT security should not be an afterthought to growth. Organizations need to scrutinize their IT systems for readiness and security, particularly when selecting and implementing an enterprise resource planning (ERP) system. We now hear almost daily of major cyberattacks against public companies. When customer data and/or company IP are at risk or actually compromised, shareholders and regulators take notice.

Learn from others. The basic requirements for transforming a company from private to public rarely change. A new legislation or new requirements might pop up but, at the end of day, every CEO who has taken their company public has a similar story to tell – one of hard work, sleepless nights and serious commitment to the goal. It’s important to take the time to hear these stories from the frontlines, understand what CEOs and CFOs say they wish they had done differently, what they could have avoided, or what wasn’t worth the trouble. To this end, I invite you to join us at our upcoming webinar with executive Vice President and CFO of GOGO, Norm Smagley, who will be sharing his stories from the frontlines.

To learn more, also check out our IPO FAQ guide, available for a free download here.

Answer Fundamental Questions and Beware of Overconfidence Before Moving to the Cloud

By Rick Childs, Managing Director
Consumer Products and Services Industry Leader

 

 

 

For any business, migrating to the cloud is an essential step in the digitization journey. The baseline cloud benefits, such as reduced costs, greater efficiency and enhanced customer service, are important objectives to strive for, of course. The latter is especially attractive to consumer products and services companies. But there are many considerations, in addition to the benefits, that businesses must keep in mind when shifting to the cloud if they are serious about achieving true digital transformation.

To begin with, companies must have a thoughtful — and even an aspirational — strategy behind any cloud migration project if they are to realize measurable value from it. Protiviti’s white paper, Cloud Adoption: Putting the Cloud at the Heart of Business and IT Strategy, emphasizes this key point: Executives need to recognize cloud adoption as a strategic business issue, not an IT issue. To ensure that such a move will enable true business and IT transformation, executives must have clarity on what they expect the cloud to accomplish for the organization. They also need to understand their digitization priorities within their specific industry and regulatory contexts.

Consumer products and services companies leading the cloud race

Cloud adoption is accelerating across all industries, but for consumer products and services companies the pace is quicker. According to Protiviti’s latest annual Technology Trends and Benchmark Study, nearly two in three companies today are now focused on investing in cloud adoption. For consumer products and retail companies that participated in the study, that number is 80 percent. These businesses also reported that they are currently focusing on and investing in digitization.

Interestingly, despite being on the forefront of cloud adoption, consumer products and services companies don’t appear to be overly concerned about risks that may accompany such a dramatic move. Executives from these businesses who responded to the Executive Perspectives on Top Risks for 2017 survey from Protiviti and North Carolina State University’s ERM Initiative did not cite the following as a top five risk for their industry, even though it was fourth on the overall list of top risks in the survey:

Rapid speed of disruptive innovations and/or new technologies may outpace our organization’s ability to compete and/or manage the risk appropriately, without making significant changes to our business model.

On the surface, this finding seems positive: Consumer products and services companies believe they have a handle on this top risk. However, it might also be a signal of overconfidence. And overconfidence is a risk in and of itself, and could potentially undermine the success of any digital project. To help those feeling confident test their preparedness, a recent issue of The Bulletin suggests that executives ask themselves the following questions:

  • Directionally, do we know as an organization where we’re going and why?
  • Are we prepared for the journey we are undertaking?
  • Do we possess the ability, will and discipline to cope with change along the way?

Pondering these questions can help organizational leaders think more critically about their goals, the risks associated with the changes they want to undertake, and whether they fit within the risk appetite of the company. Answering these questions will also help them to think more critically about what to move the cloud, how and when, to realize the most value for the company.

For example, back-office operations are often overlooked as potential candidates for cloud migration in favor of more customer-facing functions. This oversight could result in the business missing out on some significant benefits, like building greater resiliency into its core operations. The inverse is another common mistake: Rushing to migrate a back-office function and then realizing, too late, that the legacy technology supporting it can’t be cloud-enabled. Yet another pitfall is jumping on the cloud bandwagon before properly considering privacy, security or compliance issues.

Even more questions to consider

In addition to the “soul-searching” questions above, organizations should seek to answer some other key questions to help them develop their cloud strategy:

  • Why should we adopt the cloud?
  • What are the business needs, and what are the outcomes we expect?
  • What are the use cases?
  • What portions of the business should we move to the cloud, how, and when?
  • Which cloud model is most appropriate for this initiative and for our organization (e.g., private, public, hybrid, or multi-cloud)?
  • What is the economic and operational value proposition?
  • How would this project impact IT’s approach to its current business model?
  • What vendors should we work with?

The bottom line of this discussion can be summed up in a word: preparation. Well-placed confidence, clear business-driven goals and a well-thought-out strategy will position organizations to execute their cloud migration project successfully, achieve the desired value from them, and be another step ahead in their digital transformation journey.

No More Waiting Game for Manufacturers: Industry 4.0 Is Already Here

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

 

 

 

The term “Industry 4.0” isn’t new to manufacturers. What is new, for many of these businesses, is the recognition that the next wave of the Industrial Revolution is already breaking. There is no more time for “Let’s wait and see what this means for our business.” No manufacturer can afford to sit on the sidelines and watch as their industry is transformed by major innovations in digital technology — from cloud computing to big data analytics to advanced robotics to the Internet of Things (IoT). They must be in the game. And to be in it, they must transform their operations digitally.

Embracing big data analytics is an important step on the path to smart manufacturing. It has the potential to affect every step of the manufacturing process. Ultimately, advances in big data analytics are expected to augment the interconnectivity of equipment on the factory floor as part of a larger movement toward the IoT and greater manufacturing intelligence.

That’s a pretty big deal. Yet manufacturers, generally, have been slow to adopt big data analytics, especially in manufacturing operations. This is not necessarily due to lack of interest, or worry about costs, privacy, security or even change itself. The real hindrance is a combination of several significant roadblocks that many manufacturers must overcome before they can implement and execute big data analytics successfully.

These common barriers include:

  • Unwieldy data and processes — Manufacturers facing this problem can take comfort in knowing it’s an issue that plagues most any company pursuing digital transformation. Certainly, there is no shortage of data being produced by the business. The challenge is figuring out how exactly to bring together that ever-ballooning volume of raw data from different systems and sources so it can be analyzed and turned into actionable insights for the business.
  • Disparate systems — This barrier relates to the one above, obviously. Integrating data is complicated by inaccessibility. It is often the case that a business’s legacy technologies have not been designed to facilitate open access to data. The complexity of a typical IT ecosystem makes it very difficult to mine quality data and convert it into a workable format for analysis.
  • Expertise shortage — Finding specialized talent to work with big data — especially professionals with knowledge of the manufacturer’s business and industry — can be a tremendous hurdle. Manufacturers are finding that talent is in very short supply, and extremely competitive to recruit and retain. Over time, as the industry becomes more digitized, manufacturers are likely to face talent shortages in even more areas of their business.

Again, these are just some of the roadblocks manufacturers face. They are not trivial, and companies will find that some are quite persistent. But a manufacturer that wants to be a relevant player in Industry 4.0 must address them sooner than later.

Make sure big data projects have a purpose

As manufacturers work to overcome big data analytics obstacles they must not forget an important aspect of their effort: keeping their business strategy in focus. I will come back to this subject and offer a few tips for success in this area in a future post, but the one I want to mention here is extremely important: Identify a specific use case.

Manufacturers should not just “do” big data analytics because they are under pressure to evolve their operations. Any big data initiative should have a clear purpose. Lack of purpose is often the root cause of a company’s struggles to harness its data effectively and turn it into meaningful insights.

Some may consider it an upside that the manufacturing industry has not moved as quickly as other industries to jump on the big data bandwagon. And it is true that manufacturers that have so far taken a “wait and see” approach with big data analytics and similar digital innovations have the benefit of learning from the missteps of early adopters, and can develop a strategy for success based on lessons learned. But they must make their move now, or they risk falling too far behind the digital curve and becoming obsolete in Industry 4.0.

 

 

2017 Technologies Driving GRC Change

By Scott Wisniewski, Managing Director
GRC Tech Advisory Solutions

 

 

 

Digital transformation was probably one of 2016’s top buzzwords, meaning many different things to different analysts, journalists and vendors. For me, it represents real and significant investments in modernizing IT infrastructures, including those that support GRC activities and processes.

Consider the trends we’re immersed in. Enterprises are adopting cloud and mobile technologies at an extraordinary rate in the hopes of driving greater productivity and collaboration, and organizations of all sizes are launching data initiatives involving the collecting and analyzing of massive amounts of data in order to drive better business decisions and improve customer experience. At the same time, the rapidly evolving regulatory environment, such as the EU’s impending Global Data Protection Regulation (GDPR), is putting pressure on legal, compliance, security and IT departments to invest in a range of new data initiatives, consulting services and technologies.

In response to the trends, organizations are rethinking their GRC infrastructures, hoping to gain a much broader and deeper understanding of risk drivers and the bigger GRC picture. Further, to make GRC work effectively in increasingly complex and highly distributed organizations, GRC leaders recognize they must embed GRC into the everyday activities of the business.

The combined impact of all these activities will make 2017 the year that GRC practitioners will:

  • Acknowledge that effective GRC cannot be achieved via a single technology or application. Instead it will depend on a new, complete architecture. A single GRC application today may expose operational risk, but it cannot develop and present the type of complete GRC picture that regulators and boards are now demanding. Developing such a picture requires the combination of traditional GRC applications and new tools to:
    • Extract data from internal systems, such as information security and ERP
    • Consume external content, such as regulatory content feeds
    • Incorporate performance metrics, such as sales and financial results
    • Collect and consolidate market and credit risks as well as the risks identified by business intelligence tools and other analytics

With all these new tools in place, organizations will finally be able to build new presentation layers that provide a complete – and far more useful – picture of their GRC profile.

  • Take advantage of increased information sharing and collaboration to improve governance. As part of their digital transformations, many enterprises are focused on developing new and more effective ways to share information and collaborate. The ability to manage and track this activity will enable GRC programs to incorporate affirmative governance components, such as corporate culture and business achievements. It will also enable the embedding of GRC program elements, such as activities assigned to Line 1 business owners, into the enterprise applications they access every day, encouraging them to more consistently follow governance best practices as they engage in their daily activities.
  • Improve risk decision-making by using data analytics. Thanks to an array of new technologies – in-memory computing, visualization tools, mobile reporting services, etc. – organizations can now rapidly aggregate and analyze huge volumes of data from systems across the enterprise. Data scientists are also developing new methodologies and business rules to aggregate and optimize data for analytics more effectively. As a result, organizations will finally be able to automate many GRC tasks, such as risk scoring assessments, thereby automatically exposing potential risk hot spots that previously went undetected until the damage was done.

I have never been more optimistic about the evolution of GRC. As assurance professionals, lines of business and IT work together to implement new strategies and new supporting technologies, we will transform GRC from mere operational risk management to a function that can protect organizations while actually helping them to be more successful.

Compliance News Roundup: The Clearing House AML Recommendations, CFPB on Alternative Data and More

Protiviti published its March issue of Compliance Insights this week. We sat down with Steven Stachowicz, Managing Director with Protiviti’s Risk and Compliance practice, to discuss some of the highlights. Listen to our podcast below, or click on the “Continue Reading” link to read the interview.

 

In-Depth Interview, Compliance Insights [transcript] Continue reading

From the GAM Conference: Changing Priorities, Analytics in Auditing and More

This week, Protiviti is joining the best and brightest thought leaders from Fortune 500 companies at The Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, FL. For nearly 40 years, GAM has been the premier experience for internal audit leaders to explore emerging issues and exchange leading practices for positive outcomes. The theme for the 2017 conference is Fostering Risk Resilience. Two Protiviti leaders, Brian Christensen and Jordan Reed, will be conducting panel discussions on stakeholder expectations and the Internet of Things, respectively. We are covering these events and more from the conference here on our blog and on Protiviti’s social media platforms. Subscribe to our blog and follow us on Twitter for timely podcasts and analysis of this year’s conference topics.

 

On Day 2 of the conference, Protiviti Managing Director Jordan Reed shared some thoughts on the panel discussion titled “The Internet of Things: What Does This Mean to Internal Audit?” Jordan led the panel together with Jeff Rowland, Vice President, Audit Services at USAA. Below in Jordan’s own words are highlights from the discussion. For more on why the Internet of Things matters, and the risks and expectations arising from it, read the recently published Protiviti white paper (download).

Share on Twitter

Also hear Protiviti Managing Director and The Protiviti View blog host Jim DeLoach share his view on stakeholder expectations as reflected in the Global Internal Audit CBOK Stakeholder Study.

Share on Twitter

Finally, Protiviti Managing Director Matt McGivern discusses the current state of data analytics in internal auditing, including findings from Protiviti’s latest internal audit survey. Listen below.

Share on Twitter

The Four C’s in Overseeing Internal Audit

This week, Protiviti is joining the best and brightest thought leaders from Fortune 500 companies at The Institute of Internal Auditors’ 2017 General Audit Management (GAM) Conference in Orlando, FL. For nearly 40 years, GAM has been the premier experience for internal audit leaders to explore emerging issues and exchange leading practices for positive outcomes. The theme for the 2017 conference is Fostering Risk Resilience. Two Protiviti leaders, Brian Christensen and Jordan Reed, will be conducting panel discussions on stakeholder expectations and the Internet of Things, respectively. We are covering these events and more from the conference here on our blog and on Protiviti’s social media platforms. Subscribe to our blog and follow us on Twitter for timely podcasts and analysis of this year’s conference topics.

 

By Brian Christensen, Managing Director
Internal Audit Global Leader

 

 

 

In 2016, The Institute of Internal Auditors and Protiviti conducted the world’s largest ongoing study of the internal audit profession — the Global Internal Audit Common Body of Knowledge (CBOK) study — to ascertain expectations from key stakeholders, including board members, regarding internal audit performance. Several imperatives for internal audit emerged from the responses of the participants in the study. Among them: focus more on strategic risks, think beyond the scope of the audit plan, and add more value through consulting.

Continue reading