Latest news

Kevin Empey explores the three phases of flexible work adoption, from foundational steps to future-focused strategies As we enter a new year, there is still a noticeable gap between desired employer policy and employee practice and expectations as to how flexible work arrangements should operate. This gap narrowed in 2023, with both employers and employees taking steps to make flexible working fit-for-purpose more standard practice, but the evolution of more flexible work models is far from over. The employment market in 2024 looks set to be split between two types of employers. First, there will be the employers who continue to be open about how and where work is done with an eye to emerging influences such as artificial intelligence (AI) and the four-day work week. Second, there will be those who revert to more ‘fixed’, pre-COVID work models and mindsets with minor concessions to demands for some form of hybrid working offering.  While other business and employment priorities take over the agenda in 2024, it doesn’t mean flexible work design is done and there is further change ahead.  In our experience, there are three distinct phases in the transition to flexible work models and how organisations are adapting to new and emerging realities. Phase 1: Base camp Some organisations (not many) are still in the early stages of settling on their flexible working vision. They are continuing to lay the groundwork for establishing new work models that cater to evolving work patterns and demands as well as organisational priorities. This phase involves embracing the basics, getting the framework up and running and also considering their flexible working strategy for frontline roles and work that cannot be done remotely. Phase 2: Integration Most businesses find themselves in this second phase. They have spent 12 to 24 months adapting to their declared approaches (the ‘what’) and are now in a position to refine and integrate their flexible models (the ‘how’) with the demands of their business. This involves addressing specific challenges encountered in recent months, bridging gaps between employer policies and employee preferences, and adapting legacy processes and definitions of productivity. The opportunity presented by this phase is to ensure that work redesign will be an ongoing expectation and reality and is just not about getting hybrid right. The risk of this phase is that employers allow poor habits and practices to set in and that the expectation and need for ongoing reform and improvement is not made clear.   Employees are also considering whether their employer’s flexible working models align with what they want. Continued flexibility and ongoing dialogue will be critical to keeping people on board.  Phase 3: Beyond hybrid Organisations that have reached this stage have moved beyond the hybrid conversation. They have integrated hybrid working into a broader flexible work model. Their experiences and approaches provide valuable insights into how this transition can best be managed. A critical theme in this phase is the shift in narrative, where the focus is not solely on the hybrid debate but on achieving work flexibility and adaptability more broadly across the organisation. This will include open work design conversations involving AI solutions, four-day work week options and other influences on how and where work can be done better and faster. This encompasses reforming processes, enhancing employee experiences, reconfiguring workplaces and aligning change with ongoing cultural and transformational agendas. In this phase, the emphasis also shifts to enabling teams to drive changes and improvements collaboratively rather than imposing them from the top down. Furthermore, continuing support for managers to lead ongoing change becomes paramount in ensuring sustained success. It is also quite common to see some organisations shift from one phase to another and back again, as they re-set strategies and solutions with employees and their people leaders. The future agenda  As we move forward into 2024 and beyond, the perspective is shifting beyond the mere transition to hybrid working models. Building on recent hybrid working experiences and fostering a culture of adaptability and agility will be transformative for both employers and employees, narrowing the gap between what employers offer and employees want. The journey towards a flexible and adaptive workplace is ongoing and will continue at pace, with new chapters and milestones on the horizon. Those organisations that prioritise learning from recent experiences and adapting to change as an ongoing habit will be best-equipped to succeed and minimise the employer/employee gap. Kevin Empey is the Managing Director of WorkMatters

Trusted data is becoming a cornerstone of competitiveness as more organisations embrace analytics and AI. Eoin O'Reilly explains why Data plays a crucial role in almost every aspect of our lives. How our food is produced, how we interact with public services, how we manage our finances, how healthcare is delivered—all are critically dependent on data and how organisations use it. While the ability to leverage data is rapidly becoming a competitive differentiator for organisations, their challenge lies in the degree to which they can trust the data they use. Trust in information is becoming increasingly important as a new wave of artificial intelligence (AI) innovation blurs the lines between internal and external data. Published in December, The EY Ireland Trusted Data Report 2023, surveyed eight public and private sector organisations to establish how far advanced they are on data usage, AI adoption and data trust. Irish organisations demonstrated a strong understanding of the need for trust across the data lifecycle, the survey found, while progress had been made on key elements of the trust journey. Data that isn’t subject to continuous oversight cannot be fully trusted. It must be subject to constant verification and validation from the point of collection all the way along its journey to its use in analytics and AI. Data trust continuum As organisations embrace the increased use of analytics and AI, more must be done to extend and formalise the data trust continuum. With the rise of AI and generative AI (GenAI), in particular, the issue of data trust has assumed even greater significance. A breach of trust at any point on the continuum can have potentially devastating consequences for the organisation and society. Strong governance and data management are critical for data trust. There needs to be a more holistic approach to building data trust in organisations. This starts with determining how data aligns with business strategy and runs through to data control across the data lifecycle and its responsible use. Organisations need to develop a comprehensive framework that balances strategic vision with the appropriate management of risks and controls. EY’s survey reveals that organisations are at various points on their data trust journeys, with the strategic focus shifting to how data can be leveraged to add value to the business. They have robust data governance and compliance frameworks in place, but there is acceptance that these are merely the starting point on their journey along the data trust continuum. Irish organisations recognise and appreciate the crucial importance of data trust for their business operations. While there is a significant variation in the data maturity of organisations, they understand the need for continuous management and data monitoring at every point along the trust continuum. They are taking a wait-and-see attitude to AI, but they must take care that this does not mean they miss out on valuable opportunities. Eoin O'Reilly is Partner and Head of Data, Analytics & AI at EY Ireland. You can more about the EY Ireland Trusted Data Report 2023 here.

With tech-enabled fraud on the rise in Ireland, businesses must carefully assess and manage potential risks, writes Sara McAllister Ireland is a hub for data storage and technology organisations and, as such, we are at the fore of innovation and transformation. There is a flipside, however. As this industry grows and technology evolves, so too do risks associated with fraud. Businesses and organisations in Ireland have become a greater target for fraudulent activity by criminals looking to exploit vast amounts of data created, shared and uploaded every single second. The challenge now is how best to identify, monitor and manage this risk. The National Risk Assessment 2023, published by the Irish government earlier this year, points to Ireland being especially vulnerable due to the scale of technological infrastructure developed here. Its exploitation by bad actors could cause significant disruption. A rise in the volume of fraudulent attacks carried out in Ireland speaks to the appetite of those looking to exploit weaknesses in infrastructure, industry or organisations. With this heightened focus on Ireland, business and organisational leaders here may find themselves under pressure to assess, manage and prepare for risks attached to operations, both in-house and outsourced. Artificial intelligence As new technologies come on stream, the focus on risk reduction will need to move at a faster pace. Advances in artificial intelligence (AI) have helped scale businesses via real-time automation, but this technology comes with its own risks. Ultimately, it is a double-edged sword. On the one hand, AI has been a game-changer in areas like audit and forensics, allowing businesses to deploy ‘needle in a haystack’ algorithms to identify anomalies and exposures. This is one of the reasons we are seeing an improvement in the detection of fraudulent activity. On the other hand, AI has allowed bad actors to identify new opportunities to carry out fraudulent attacks, penetrating weaknesses in the new and novel AI technology businesses are learning to use. Hybrid and remote work Most businesses have introduced remote and hybrid working processes in recent years, and many will continue to review these policies in line with changing business needs. A key consideration in this context is the risk associated with social engineering threats, which rely on human error and can be much more difficult to detect than other fraud-related risks. Where employees work remotely, evidence suggests they are less likely to consider the legitimacy of communications they receive by email, for example, and may be more inclined to respond to fraudulent requests that appear to have been sent by colleagues or superiors within their organisation, creating vulnerabilities across entire business networks as a result. Security training and awareness is the first line of defence against social engineering, yet many organisations fail to sufficiently consider the risks associated with employees working on-site and remotely. Fraud trends Several other trends are raising concern for businesses, too, beyond AI and hybrid working. Synthetic identity theft uses legitimate and fabricated information to exploit vulnerabilities and remains problematic for businesses as it is increasingly difficult to detect. Account takeover fraud remains prevalent and, as the number of personal online and social media accounts increase, so too do attacks by criminals attempting to gain access to personal data or bank details, often through stolen information. Crypto currency fraud, albeit less mainstream, also fundamentally exploits technology control weaknesses to attempt to steal coins, such as Binance Smart Chain, Ethereum and Bitcoin. Necessary risk assessment The heightened risk landscape is part of a changing cybersecurity picture where digital technology is constantly being attacked and weaknesses are identified and accessed by criminals to exploit data and information for their own gain. Fraud risk must always be a key factor for consideration when managing shared infrastructure, data breaches, preventing unauthorised access and engaging with third-party providers, among others. Industry and political stakeholders are acutely aware of the challenges in this space. Without the proper risk assessment, governance and control mechanisms in place, any single attempt at fraud could potentially put a business at the centre of a perfect storm with a highly damaging aftermath.  Sara McAllister is Partner and Head of Business Risk Services at Grant Thornton

Female representations on Irish boards is up, but more progress is needed in the key decision-making roles of CFO, CEO and Chair, writes Meliosa O’Caoimh Female representation on the boards of Irish companies is improving, but progress is slower at the senior leadership level – particularly in key decision roles, such as Chief Financial Officer, Chief Executive and Chair.  This is according to the new annual report of the Balance for Better Business Review Group, which shows a 21 percent rise in female representation in ISEQ-listed companies over a five-year period. Now in its sixth year, the report also puts the current proportion of women on the boards of ISEQ 20 companies at 39 percent, exceeding the 33 percent target set for 2023.  The percentage of women on boards across other listed companies stands at 28 percent, also above the 25 percent target set for 2023. Private companies with Irish ownership have remained steady at 22 percent since 2021, up from 17 percent in 2019. Seeing a consistent year-on-year increase in gender balance on boards marks important progress, and the companies driving this change should be proud. Companies with more diverse boards are shown to outperform those with less diversity.  Progress at the senior executive level is also critical to both business success and safeguarding the board-level talent pipeline, however. Achieving gender balance in senior roles across all areas of decision-making is dependent on robust and business-led strategies, including succession planning, career pathways and the monitoring of progress through targets and data. Balance for Better Business is an independent business-led review group established by the Government. Its latest annual report included the results of research commissioned by the 30% Club with the support of the Department of Enterprise, Trade and Employment.  Two roundtable discussions on both the financial services sector and executive search were held as part of its research. The financial services roundtable brought together representatives from industry to focus on the challenge of achieving greater gender balance in roles with profit and loss or revenue-generating responsibilities.   Research in Ireland revealed that challenges emerge as early as a professional’s very first career choices and can have an impact across an organisation’s career processes and work design. Specific actions highlighted in this research include: extending graduate recruitment gender targets to include graduate first-role placements; mandated job rotation as part of early career development; and  replacing outdated stereotypical business development approaches with initiatives that are more appropriate to a modern workforce and gender-balanced customer base.   The research also highlighted the value of tracking targets and gender progress across each business area, rather than simply focusing on the company average, to demonstrate where action can be taken.  The executive search roundtable, hosted in partnership with Ibec, focused on the current processes for Chair and board appointments as well as C-suite appointments at the highest level.  Here, it was found that large private companies are more likely to have succession plans in place, while smaller organisations are less likely to benefit from existing succession plans.  Key recommended actions for boards and C-suites included:  adopting the 30% Club/Ibec Resourcing Code as the standard for nomination committees covering board and executive leader appointments;  advocating for succession planning in all roles across all boards; and  the adoption of ‘pathway to board’ type career resources.  Meliosa O’Caoimh is Chair of 30% Club Ireland

In the transformative era of 1920s Ireland, the Institute’s benevolent fund emerged as a pillar of aid. Now celebrating 95 years, CA Support remains a vital resource for Chartered Accountants facing hardship The 1920s was a time of immense significance, upheaval and formation in Ireland’s history. With the country’s independence in its infancy, this was a time when many important structures, proclamations, institutions, organisations and charities were born, including Chartered Accountants Ireland’s benevolent fund.  Founded in 1928, a time when there was no state welfare or support, benevolent funds were originally set up to assist those who worked within industries or professions who needed financial help for themselves and their families. In former decades, grants were primarily offered to widows to help them care for children and afford daily necessities. And while society has evolved and shifted, after 95 years, CA Support has proven to be as relevant today as it was then by continuing to be a trustworthy and reliable support system for thousands of Chartered Accountants and their families. It could be you It is a common misconception that financial professionals are always in good financial health due to their professional background. Like anyone in society, accountants come from all walks of life and can struggle financially for many reasons. Those who bravely contact CA Support are dealing with extreme hardships and burdens. Some common issues people present to CA Support with are:  redundancy; critical illness; bereavement of a loved one; marriage breakdown; domestic violence impacts; childcare and back-to-school costs;  household bills; and cost-of-living pressures. CA Support provides financial relief to about 100 beneficiaries every year. These are real people who are your professional peers, colleagues, friends and family who have found themselves in situations that have cost them their livelihood, financial security and family safety through no fault of their own.  Unfortunately, we can’t foresee what lies ahead in life, and for CA Support’s beneficiaries, it was almost inconceivable that they would ever need such support. Strengthening CA Support’s future Like most registered charities, CA Support relies on the generosity and goodwill of the Chartered Accountancy community. Without the kindness of members and organisations on the island of Ireland, CA Support would simply not be celebrating this milestone.  With your continued backing, CA Support hopes to support all those in our community for another hundred years.  If you are able to do so, you can donate to CA Support:  Online via the Chartered Accountants Ireland website or iDonate page at: idonate.ie/cause/casupport; By credit/debit card over the phone on 01 5233949/ 01 6377342 or 086 0243294; or By posting a cheque made out to CA Support at Chartered Accountants Ireland, 47–49 Pearse Street, Dublin 2.

Retailers face escalating cyber security challenges during peak events such as Cyber Monday. Will O’Brien outlines four steps to protect customer data this holiday season In the retail sector, cyber security often lags behind other sectors regardless of the retailer’s size or value. In the short-term, this can lead to some initial minor inconveniences, but if left unattended, it can manifest into serious issues that impact the organisation’s brand, reputation and customer loyalty. The security challenge During the peak Christmas consumer events of Black Friday and Cyber Monday, the retail sector sees a sharp uptake in business. As a result, its value to malicious actors also increases. To leverage this busy period, cybercriminals use unsophisticated phishing campaigns to gain access and steal data. when a retailer’s ‘accounts and billing’ function is in full swing during the holiday season, for example, they are more likely to fall victim to a phishing attack. While some retailers have reasonable controls in place to protect against these attacks, many rely heavily on insecure third parties to fulfil critical business functions. According to PwC’s 2023 Digital Trust Insights Survey, supply chain risks have become a big focus for regulators and organisations, with senior executives in Ireland identifying increased regulatory scrutiny as one of the top five impacts on their business since 2022. Without conducting the correct level of cybersecurity due diligence on third parties, retailers can open themselves up to cyber-attacks by providing third parties with access to their data. If these third parties fall victim to cyber-attacks, the organisation’s data – through payroll, accounts and shipping, for example – may be at risk. Despite the third party being at fault, the data controller (the organisation) is subject to fines and reputational impact. Defending consumer data Organisations can protect their digital assets by understanding the retail-specific cyber threats and associated remediation activities. 1. Education and awareness  Your people are your first line of defence against phishing campaigns. All staff should be educated on security procedures and aware of attack methods. A robust cybersecurity education and awareness programme is the best way to achieve this. You should tailor this programme for your organisation by identifying the critical threats and customising the content to address these threats. 2. Third-party risk management Third-party risk management (TPRM) is the process of analysing and minimising the cybersecurity risks associated with outsourcing to third-party vendors or service providers. It involves effective selection, due diligence, contracting, ongoing monitoring and the correct termination processes. 3. Malware and ransomware prevention Anti-malware and ransomware detection technologies can help to reduce the risk of a severe cyber attack likely to cause operational, reputational and financial damage to your organisation. Detection and response tools can be used to identify malware and limit the blast radius of the attack, for example. 4. Incident management and response With organisations facing more regulations than ever, the capacity to respond to a data breach quickly and effectively has never been so important. Senior executives should test their incident response capabilities and muscle memory with simulated strategic and tactical tabletop exercises. Incident response plans should be enhanced based on the learnings from these exercises. This documentation can include communication statements, runbooks for technical responses to ransomware, and breach notification processes for notifying the Data Protection Commission of a personal data breach. Implementing these controls can help to mitigate the financial and reputational impact of a security breach. Prioritisation You cannot eliminate cyber risk, but prioritising retail-specific cyber threats can help to mitigate the potential risks and damage. An effective cybersecurity programme will ensure that you can prepare, withstand, recover and learn from malicious attacks and security events online. Will O’Brien is Director of Cyber Practice at PwC