For Emerging Tech Firms, More Action Today on Risks and Controls Means Less Pain Tomorrow

Noah Kessler, Managing Director Technology Audit
Anthony Chigazola, Director San Francisco Technology Industry Leader

Growth is a top focus for emerging technology companies. But that pursuit can become so all-consuming that these businesses often pay little or no attention to laying a solid corporate governance foundation to sustain their long-term success. That includes implementing sound processes to manage risks and internal controls and teaching their employees to be risk-aware.

There are other reasons emerging technology companies tend to push risk and control identification and management to the back burner. For one, they may think they don’t need to worry about these activities until they become more established or start planning for an initial public offering (IPO). They also may believe that risk and control solutions, and guidance from the experts who provide them, are only available to larger and more mature companies.

However, it is never too early for startup companies to adopt flexible and scalable approaches for identifying and managing risks and controls. Not only are highly innovative and cost-effective risk and control solutions available to these organizations today, but they also can be designed to evolve as the businesses grow.

What Can Happen When Risks and Controls Are an Afterthought

When emerging technology firms think and act proactively to address corporate governance, risks and internal controls, they will be well-positioned to gain an edge on their competition — both established companies and “born digital” firms. They also will be better prepared to meet potential challenges on the horizon and avoid making the types of costly mistakes that become all too clear with hindsight. Attempting to solve significant risk and control issues after they become real problems is a costly endeavor that undermines a company’s ability to stay nimble and focused on innovation.

Three Areas Tech Startups Can Target for Improvement — Starting Today

Emerging technology companies that want to begin building a corporate governance foundation, and identify and better mitigate risks, can look to the following three areas as a start:

  • Cybersecurity: IT attacks are not only becoming more frequent but also more sophisticated and stealthy. For example, periodic penetration testing conducted by an independent resource across various IT assets, including the application and network layers, can help tech startups identify security gaps and other vulnerabilities. It also will help them stay informed about adversaries’ latest techniques for compromising users and systems. Reviewing their current state of cybersecurity also allows emerging technology firms to set and prioritize opportunities for improvement so they can work toward their desired state.
  • Data security and privacy management: Protecting systems and sensitive data — the so-called “crown jewels” — helps companies avoid costly breaches, loss of intellectual property, business disruption and reputation damage. Proactive and formal measures, including acceptable use policies and records retention and destruction processes; activities such as continuous monitoring; and strong IT security controls for protecting confidential information, are all necessary for ensuring data security and privacy management. Independent experts can assist fast-growing companies with implementing solutions that make the most sense for their business, and can test the effectiveness of these measures.
  • Management of vendor, client and third-party risks: While recent research by our company suggests that organizations in all industries are making progress toward improving how they manage vendor, client and third-party risks, including cybersecurity risks, there is still room for improvement. Technology startups have an opportunity to develop effective, scalable and compliant programs for these risks from the outset. They can also take steps to ensure they are not presenting risks to those they collaborate with or provide services to. Here again, startups can look to reputable resources for assistance with developing vendor risk management programs, performing customer due diligence, effectively responding to client security assessment questionnaires, and more.

Steps That Can Provide More Protection Today — and Lead to More Opportunities Over Time

Emerging technology companies should embrace leading practices, even for issues they may not be facing now but likely will in time. Doing so will help to position them for long-term success, and potentially ease future pain by allowing them to avoid certain potential risks. They also will be better prepared to handle risks that are likely inevitable, such as cyber risks and new regulations.

Adopting flexible and scalable solutions for cybersecurity, data security and privacy management, and vendor, client and third-party risk management will also help technology startups to keep moving, innovating and growing fast — all while building the corporate governance structure needed to support their future success. And if pursuing an IPO is among their goals, they will have already made an invaluable head start on the long and arduous public company transformation process.

If your business is an emerging technology company that seeks to take a proactive approach to addressing risks and controls, subscribe to our technology industry blogs to receive more tips and insights in the future.


Add comment