From Tiny Tech to Populism: Latest Issue of PreView Scans the Global Risk Horizon

jason-dailyBy Jason Daily, Director
Risk and Compliance




Imagine a DNA-programmed nanoparticle capable of hacking cancer cells, a plankton-sized carbon tube that can remove pollutants from water, or food packaging that changes color in the presence of dangerous bacteria. Nanotechnology, with a market predicted to reach almost $13 billion by 2021, has the potential to change the world, and every industry — from healthcare to the military — has a stake in its advances.

Use of Nanomaterials by Industry

With that potential, of course, comes risk. Nanotech may be applied in controversial ways — such as surveillance, or weapons capable of attacking people, plants or livestock at the molecular level. The technology is not visible to the naked eye, raising concern among some, who worry that self-replicating nanobots could destroy the planet if not properly controlled.

Nanotech is only one of the macro-level trends we’re watching as part of Protiviti’s ongoing PreView global risk series. We evaluate emerging risks according to the five global risk categories established by the World Economic Forum. In the January edition, in addition to nanotechnology, we consider the risk of a global water crisis and the “morality” of thinking machines, and we look ahead at the risk of marching populism and what cybersecurity means on a national and global scale.

WEF Global Risk Categories

The flip side of risk is opportunity. While governments and industries grapple with the shortage of fresh, clean water, particularly in developing countries, opportunities for water applications of nanotechnologies abound. As artificial intelligence increasingly replaces humans in making key decisions, opportunities to improve the underlying algorithms can translate into market share and increased profits for the early movers. And finally, with cyber the new warfare, governments and companies have an opportunity to stake a claim in the cybersecurity space by designing products, as well as policies, that protect both digital assets and societal freedoms.

Several of the topics in our current issue are a continuation from previous issues. This trend will continue, as the risks we are keeping an eye on evolve over time and their implications change, sometimes quickly. Whether continuing or newly emerging, such as populism, all of these risks are fascinating to follow, and imperative to take into consideration in mapping long-term business strategies. That’s probably one reason why our PreView series is among our most popular publications.

I encourage you to both read and share our latest issue with your board and executives, to spark discussion and help ensure these emerging risks are part of risk discussions. And, we encourage a discussion here as well. Tell us what you think in the comments.

Navigating Risk and Complexity by Integrating Contract and Supplier Management

chris-monk-croppedBy Christopher Monk, Managing Director
Supply Chain




Most organizations spend between 30 and 70 percent of their revenues procuring third-party goods and services. This level of expenditure can present significant opportunities to drive operational performance, value and innovation if managed effectively – or it can pose a significant risk if left unmanaged. To realize the former, contracts that govern these transactions and the management of these contracts – and the supplier relationship as a whole – must be viewed as an end-to-end, dynamic process, with risk considerations at the center of it.

I recently spoke about this at a webinar Protiviti co-presented with Determine, Inc. and the International Association for Contract and Commercial Management (IACCM) titled “Improving Business Outcomes by Managing the Link Between Suppliers and Contract Management.” Without summarizing the entire discussion here, I want to call out below the aspects of contract and supplier risk management I consider the most important, along with advice on how to avoid common mistakes.

Sourcing and Supplier Selection

Selecting the right supplier is all about striking the right balance between time, cost and quality – and most importantly, risk. The likelihood and impact of various risks – operational, legal, reputational, compliance, etc. – stemming from a particular supplier need to be understood and addressed before or at the time the contract I signed. In an end-to-end process, it also means that the company needs to consider the four factors of time, cost, quality and risk past the sourcing process and into the drafting of the contract, as well as throughout the lifespan of the contract and the ongoing management of the risk and performance of the supplier.

Contract Management

Often, companies spend countless hours and resources drafting an extensive contract only to end with no clear hand-off and no clear accountability as to who is managing the contract. In an end-to-end process, the hand-offs at each point are clearly defined, taking advantage of workflow and master data to connect contracting process activities and provide validation, or linkage between the supplier profile and the resulting contract. A contract performance plan (CPP) can help summarize the key terms of the contract, including which elements need to be monitored and measured, against what criteria and by whom.

Supplier Performance and Risk Management

The deal is done, now what? Now, whoever is responsible for managing the contract has to track the supplier’s performance and ongoing risk exposure. Performance is easier to manage as long as the contract is well-written and clearly defines scope, objectives and deliverables. Risk, on the other hand, is dynamic and needs to be monitored and managed continuously.

To manage supplier risk effectively, it helps to differentiate between contract owner and supplier relationship owner, each of whom owns the risks respective to the particular contract or the relationship overall. When it comes to managing risk, the contract itself is not enough to rely on, as the risk environment on the day the contract gets signed is not necessarily the same as the risk environment several weeks or months later. For this reason, it is important to have ongoing visibility into the supplier and contract. All facets of contract and supplier risk and performance need to be accessible by the business. An effective way to manage supplier risk is through exception management – with alerts and thresholds when action is needed, as well as with dynamic workflows, based on either event- or milestone-driven activities.

As with many other areas, the effectiveness and value derived from supplier relationships hinges on the successful intersection of people, processes and technology. The processes and organizational structure outlined above must be fully enabled by technology that allows for robust and scalable contract and supplier management processes. Technology was covered in detail during the webinar, so I recommend listening to the entire discussion online.

From Factory Workhorse to Factotum, Robotic Automation Is Evolving to Serve the Head Office

shawn seasongoodBy Shawn Seasongood, Managing Director
Business Performance Improvement



Introduced in the 1960s to perform simple manufacturing tasks, robotic automation has evolved into a jack-of-all-trades, moving into the head office to streamline and accelerate a variety of business processes as part of a global digital transformation.

Robotic process automation (RPA) and robotic desktop automation (RDA) use software for tasks such as processing sales and financial transactions, managing data, communications between different systems, access management, monitoring and reporting.

Visionary companies plan ahead so that they can face the future with confidence. That’s why many are considering robotic automation as a way to build efficiencies in performance and cost management. Protiviti’s Business Performance Improvement Services team examined this trend in our recently published white paper, Looking Deeper into Robotic Automation: Considerations and Case Studies for Robotic Process and Desktop Automation.

The benefits of robotic process automation are clear. Robots can eliminate human error, operate 24/7/365, and complete simple tasks with minimal overhead. The level of integration of robotic automation is flexible. A robot can work autonomously (RPA), or alongside a human (RDA).

RPA is specifically used for back-office tasks, including credit decisions, loan underwriting, insurance underwriting, insurance claims adjudication, payment processing, pricing, customer service, accounting data entry, procurement, purchase order creation and the issuance of online access credentials.

RDA is used in retail operations, call centers, and other back-office activities in which each employee uses automation to accelerate tasks. Examples include automated connectivity to eliminate separate logins across multiple systems, instantaneous consolidation and display of customer relationship data, validations to ensure compliance and completion, and productivity and utilization metrics. RDA is intended to minimize the burden of manual tasks on employees, freeing them to focus on more complex strategic and value-adding tasks.

As with any worthwhile solution, successful robotic automation requires careful planning and prioritization. Companies will achieve the greatest cost savings by automating high-volume tasks that are time-consuming for humans.

The best way to begin a robotic automation program is to map a prioritized process end to end and identify potential streamlining opportunities. To determine whether a process is a good candidate for automation, first determine whether the process contains logical elements that can be programmed into a software solution. The ideal automatable process is repeatable, sustainable, and mature enough to provide ample institutional knowledge. Data availability is key. Ideally, data should be available in existing IT systems with little or no manual intervention. Finally, determine the business value of such an investment. The best processes to automate are those that would generate the highest amount of net resource savings (total expected process cost savings over a reasonable time horizon less investment). Processes can be ranked high, medium or low based on their ability to meet the above criteria and considering the risks of implementation.

Robotic automation is not immune to challenges. Some of the most common include:

  • Failure of executive ownership to drive cross-functional implementation
  • Failure to effectively manage or sustain the new system
  • Failure to effectively redeploy resources freed by automation
  • Failure in user acceptance

These challenges can all be addressed with effective program management, including a comprehensive change-management plan and user-acceptance testing to ensure that the software will perform as promised and will be utilized effectively.

In today’s fast-moving and increasingly connected global marketplace, companies need to evolve continuously to remain relevant and on the leading edge. Robotic automation is an increasingly significant strategy for achieving those goals. I’d be interested in reading about ways your organization either has, or is planning to, incorporate RPA and RDA. Feel free to share in the comment section below.

Achieving Excellence in Customer Experience

Jason GoldbergBy Jason Goldberg, Director
Financial Services Business Performance Improvement



Most organizations strive to ingrain in their employees a set of organizational values – behaviors and attitudes – that are the guiding principles for all employee actions. These values are often expressed as brand promises – statements about what an organization is, what it stands for, and what it will deliver to its customers. Brand promises can be implied as well as expressed, if customers are used to a particular level of service based on their previous interactions with the company.

Brand promises work best when they are realistic and actionable, targeted to the organization’s customer base and clearly linked to every customer interaction across the organization.

The ability to meet brand promises at every customer interaction, however, eludes too many organizations. Brand promises are often set from the top of the organization, and performance metrics for executives are often tied to them, but when it comes to brand behaviors being practiced at the point of customer interaction, the results are not always consistent or satisfactory, causing some customers to leave the interaction disappointed and frustrated.

The problem is often magnified in companies undergoing changes. As organizations grow, they often reach a state where they develop competing priorities, such as a need to cut spending to reach profitability targets, or a mandate to introduce a new product or benefit to compete in the marketplace.

Executives often fail to question whether changes across the organization will impact their ability to deliver on the existing brand promise. The impact is not limited to marketing or product functions. Any change to any function should be considered in terms of its downstream customer impact. Every function, from marketing, product, risk, operations and finance to human resources and compliance, has a role in fulfilling the brand promise, and each function must own its impact on the customer experience.

Take for example, a bank’s underwriting department, which, as a result of a recent audit, is now required to perform manager-level reviews of a greater percentage of applications prior to approval. If the leaders collectively fail to ask for more underwriting managers, the approval timeline for applications will increase, and the trickle-down impact will likely be severe. If the product and marketing teams at individual branches are not informed about this change, customer complaints will begin to build and customer satisfaction will suffer.

The solution requires ownership by the entire organization. Below are seven strategies to avoid setting brand promises that are untenable and to avoid brand promise erosion when organizational changes happen.

  1. Set the Tone from the Top. Brand promises are often built by a chief marketing officer or branding executive in conjunction with a branding agency, but every executive function should be involved in this effort to confirm that the positioning is feasible. Once alignment exists around the brand promise, the CEO must set the tone. It is imperative for employees to be empowered to deliver on the brand promise at every customer interaction.
  2. Appoint a Chief Customer Officer. A chief customer officer is part marketer, part ombudsperson, part efficiency expert and part operations expert – and fully committed to the customer journey. The best CCO is often someone experienced across various functions who can support the customer-journey design from multiple perspectives. This customer champion must be willing and able to to converse with peers from across the organization to ensure alignment with the brand promises, develop and lead efforts to assess impacts on the customer journey, and influence every other function to achieve the end goal of delivering the brand promises.
  3. Designate a Customer Committee. It is common for organizations to have corporate committees, often aligned with executive functions, to support efforts ranging from compliance to risk to finance. A customer committee, consisting of cross-functional senior executives, will similarly support the customer experience effort and provide it with the emphasis it deserves.
  4. Engage in Customer Journey Mapping. Create a cross-functional team consisting of product, marketing, risk, technology, operations, finance, human resources and other key functions to engage in exercises that map the actual customer experience: what customers are trying to do, what they are feeling, what is going on behind the scenes in operations and technology, what moments of surprise, delight or unnecessary friction exist, and which interactions meet or fail to meet the brand promises. Then, develop a target customer journey that meets the brand promises with the appropriate level of friction, and chart a road map to achieve it, thinking about impacts on people (customers and employees), process, product and technology. The customer journey map should be owned by the chief customer officer and each key stakeholder in the journey, and should be revisited each time a change to people, process, product or technology is considered.
  5. Measure Customer Satisfaction and Close the Feedback Loop. Many, if not most, organizations have invested in customer satisfaction monitoring of one type or another and implemented scoring methodologies with which to keep track. However, monitoring alone won’t move the needle on customer satisfaction. Key to the success of customer satisfaction monitoring are 1) implementation of a feedback loop, and 2) understanding drivers behind changes in macro-level satisfaction scores. Qualitative information about a poor experience (a low score) from a customer is an indicator that something has gone wrong. When multiple survey responses are similar, that’s an indicator that a process is broken. It is important that organizations not only monitor feedback but also assign owners of the feedback loop for each key step in the journey. When a customer provides negative feedback, the journey owner must reach out to the customer, acknowledge the issue and commit to a response, then investigate, engage in internal communication, develop a plan to rectify problems (if needed) and follow up with the customer.
  6. Align Meaningful Customer Goals Across the Organization. Companies should develop meaningful and consistent customer satisfaction metrics for employees that tie directly to compensation. A technology metric, such as system uptime for example, does not correlate to customer experience. Although system uptime is clearly a requirement for customer satisfaction, it is too narrow. Rather, develop organization-wide metrics that apply to all employees and allow them to relate the requirement to their own tasks.
  7. Leverage Independent Testing. Independent testing is crucial to ensure that what you have prescribed is actually occurring. Independent testers should be given tasks tied to discrete journeys and asked to report back on exactly what happened and how they felt as a result of the experience, providing a fact-based method for comparing the interaction against the journey map and brand pillars, as well as qualitative feedback that uncovers gaps between the experience and the brand promises.

Achieving excellence in customer experience is a result of every employee living the organization’s brand promise. Getting there requires significant enterprisewide commitment, including the implementation of the steps listed above, but it can reap significant rewards in the form of satisfied customers, happier employees, greater revenues and improved profitability.

So You’ve Gone Public – What’s Next?

Steve HobbsBy Steve Hobbs, Managing Director
Public Company Transformation



Once a company is public, the event is often celebrated and the organization emits a collective sigh of relief. But then the next daunting question looms: “What’s next?” Recently, I had the opportunity to discuss this very topic on a podcast with my colleague Andrea Spinelli, a director in our Business Performance Improvement practice. The key aspects of a post-IPO environment, which we discuss in more detail during the podcast, include:

  • Transition from “project” to “process.” Now that the pre-IPO scramble is in the past, companies need to focus on designing, operating or enhancing processes within the organization to meet the financial reporting and other requirements for public companies.
  • Forecast the business. Forecasting can be a fairly complicated and difficult process that is often overlooked when a company is considering its IPO readiness – but it is something public companies are expected to do competently.
  • Invest in technology. There is a higher expectation for increased capability maturity from a public company. This expectation runs throughout the organization and includes the technology automation required to manage the business. Manual processes, for example, are more prone to error and create data and other integrity risks, and technology is key to minimizing those risks.

The podcast discussion provides insight on these points and more, and is of interest to both pre- and post-IPO companies. I urge you to listen at the link below when you have time, and send us a comment if you like.

Podcast: So You’ve Gone Public – What’s Next?


The Company You Keep: A Case for Supplier Codes of Conduct

Bernie DonachieBy Bernie Donachie
Managing Director, Supply Chain Practice




Las Vegas tourism promoters used to promise, “What happens in Vegas, stays in Vegas.” It’s much harder to make such a claim these days, when even the most benign shenanigans are only a smartphone video away from global critique. Corporations are being held accountable, as well – not only by regulators, but by citizen journalists, activists, whistleblowers and customers, empowered by social media and the internet.

Companies are aware of this, and 92 percent have adopted formal codes of conduct for their organizations, according to a 2015 survey by Protiviti and the Economic Crime and Justice Studies Department at Utica College. According to that same survey, however, only a small fraction of those companies hold their vendors to the same standard, or even conduct reasonable due diligence on business practices – and that’s a problem.

In today’s collaborative economy, regulators (and consumers) recognize that companies are outsourcing everything from labor to IT infrastructure, and are holding the companies accountable for their vendors’ behavior. Witness the massive fines levied against global conglomerates under the Foreign Corrupt Practices Act. Consider recent personal data breaches attributable to third-party security lapses. In every instance, the corporation, and not only the vendor, was held accountable – especially in the court of public opinion.

Clearly, there is a case to be made for adopting – and enforcing – a supply chain “code of conduct,” establishing clear and communicated expectations for how suppliers will conduct their business – especially vendors authorized to act as agents on behalf of the organization. After all, it’s the company’s reputation and brand image that is at stake.

Codes of conduct are designed to prohibit any number of ethical lapses, including conflicts of interest, self-dealing, bribery and other inappropriate actions. They can be brief, although most are fairly detailed. A code of conduct is characteristically very concrete, delineating specific required and prohibited behaviors and practices. It differs from a code of ethics, which tends to deal more with principles and values and is difficult to enforce – although a code of ethics is often specified as a requirement of the code of conduct.

A code of conduct would typically address things like:

  • Human rights – requiring vendors to treat their workers with dignity and respect and provide proof of a penalty-free reporting mechanism for employees to report violations. This provision typically includes anti-discrimination, anti-harassment, compensation and hours, as well as prohibitions against forced labor and child labor.
  • Health and safety – including workplace temperatures, noise levels, ventilation, lighting, toilet facilities, safe working facilities and drinkable water.
  • Environment – setting standards for environmental sustainability.
  • Ethics – promoting fair trade and prohibiting corruption, unfair competition and conflicts of interest.
  • Other critical items, including financial integrity, confidentiality, regulatory compliance and social responsibility.

In the increasingly connected global economy, it is critical for organizations to look beyond fiscal imperatives and hold suppliers to the same ethical conduct expected of employees, management and directors. Of course, a code of conduct is only going to be as good as the intentions of the vendors who sign on to it. That’s where third-party audit comes in. And that’s a topic for another day.

PreView: Checking the Rearview Mirror and Looking Ahead

In risk management, like driving, the safest way forward is to keep your eyes on the road ahead. Every now and again, however, it’s a good idea to check your mirrors. That’s the premise behind the latest issue of PreView, Protiviti’s ongoing series on emerging risks. In our first ever “look-back” edition, we revisit some of the risks we’ve highlighted since we initiated the series in early 2014. We often advise our clients to do a look back on their risk assessments, so it is appropriate for us to take our own medicine. Risks evolve, and checking to see whether we were on track with our predictions is worth the time and effort.

A little background: PreView is a “big picture” publication that focuses on macro-level emerging risks, classified according to the World Economic Forum’s five global risk categories – economic, technological, environmental, societal and geopolitical. Protiviti’s Risk and Compliance Solutions team scans the risk landscape and selects risks they believe have the potential to fundamentally change the profile portrayed in those risk categories.

The risks we revisited in the latest issue include municipal financial instability, Big Data, mobile banking and social media lending. Here, in short, is how these risks have evolved:

Municipal Financial Instability – In December 2014, we warned of municipal instability stemming from a decline in investor appetite for municipal bonds following a wave of defaults. We also warned of a pending debt crisis in Puerto Rico.

Update: Puerto Rico has defaulted on its debt in a case that is currently before the U.S. Supreme Court. At issue: The unprecedented possibility of a state-level debt restructuring – previous restructurings in the United States have all been at the municipal level. What to watch for: If the Supreme Court allows Puerto Rico to restructure its state debt, the bond market will turn a wary eye on the State of Illinois, which is experiencing its own financial crisis.

Big Data – In 2014, “big data” and machine-to-machine communication via the Internet of Things were all the buzz, and we cautioned against over-investing in data analytics without a clear quantification of benefits. We also called for strong data governance, security and management.

Update: Big Data and data analytics have moved from the fringe and into the mainstream due in part to the rapid expansion and dropping costs of data storage, cloud infrastructure and high-speed Internet bandwidth. Using this readily available data strategically promises to fundamentally change everything, from pizza delivery to health care. Big Data also has become the backbone of modern cybersecurity. And 79 percent of business leaders agree that companies that do not adopt Big Data will lose their competitive position and may face the possibility of extinction.

Mobile banking – In our first two issues of PreView, we noted the increasing popularity of mobile banking and suggested that successful financial institutions in the future would be those that found a way to integrate mobile banking and other banking options with traditional brick-and-mortar branch operations to allow customers to choose from multiple ways to conduct their banking.

Update: Trends have continued to show that consumers are interested in an “omni-channel” experience, where they can choose among different banking options, depending on their needs. In addition, nontraditional competitors such as PayPal, Amazon Payments and others continue to disrupt the market and threaten the relationship between the consumer and his or her bank. Cybersecurity and regulatory compliance remain key risks.

Social media lending – In January 2014, we predicted that an individual’s reputation on social media platforms, rather than their traditional credit score, could become a growing basis for lending. In addition, we anticipated that social media lending would create unique and complex fair-lending compliance issues and increase reputation risk with consumers. Lastly, we stated that social media disclosures and behavior might provide lenders with a source for validating information and a predictive profile of creditworthiness in the underwriting process.

Update: We hit two out of three right, as social media lenders in the United States entered and left the market, failing to pass the fair-lending standard. Target customers for this service today seem to be young entrepreneurs outside the United States who are shut out of traditional lending by a lack of a comprehensive credit history.

I know that this short overview doesn’t come close to doing these topics justice. For a more in-depth analysis and bibliographic links, download our Volume 3, Issue 1. In our next edition, we’ll continue to look forward: Technology enabled disruption in financial services, natural resources sustainability and competition, political shifts and climate change effects on the economy are among the topics on our radar. We hope you stay engaged with us to navigate these risks.