Organisations adopting AI to streamline processes must provide clear guidance to staff on the dos and don’ts of using the technology, writes Moira Grassick Artificial intelligence (AI) has gone mainstream this year. It seems that everyone has a story about how they have used ChatGPT, the generative AI tool, to make their personal or working life easier. From an employer’s perspective, the rapid progress of AI raises difficult questions, however. Although a chatbot on the company website can be a valuable tool for interacting with customers, there are tricky ethical questions and business risks to consider here. Employers are grappling with issues such as whether staff should be permitted to use AI to make their jobs easier, data protection concerns, and whether the outputs generated by AI tools are accurate enough to rely on. For employers, the key risk to assess is the scale of any damage their business might suffer if staff do not use the technology correctly. Many people are familiar with the US lawyer who used ChatGPT to help him prepare a case with disastrous results. The lawyer cited several cases in court filings that were fabricated by AI. The lawyer didn’t consider that the technology would generate fictitious precedents and was unaware that it might produce inaccurate information. To avoid the embarrassment of making a similar mistake, employers can take some prudent actions to protect their business against the risks posed by employees using AI tools. Develop an AI policy To avoid an embarrassing situation like the one suffered by the hapless US lawyer, your business should consider developing an AI policy. This policy can address specific risks affecting your business. Some of the most common issues arising from the use of AI in the workplace are: Protection of confidential client and employee information While many of the tasks that typically involve the use of AI do not pose any obvious risks, employees must be aware that sensitive company data should not be accessed by AI tools. AI tools analyse vast amounts of data to generate responses to queries, and it’s important that no personal information about your employees or customers is disclosed. If an employee submits confidential information to ChatGPT or any other AI tool, your business is exposed to a range of privacy, commercial and data protection risks. Your AI policy needs to clearly define what types of data employees can submit to AI tools. Intellectual property risks You also need to consider intellectual property risks. If your business publishes content online, it is important to ensure that AI-generated content is not subject to copyright. AI tools typically do not cite the sources of the content they create. Instead, the AI tool may generate output by using existing content that appears on the internet rather than producing original work. Organisations, therefore, cannot check if the publication of AI-generated content will breach someone else’s intellectual property rights. If AI generates someone else’s content, and an organisation publishes it as its own, it is open to reputational damage for plagiarism. Safeguarding the organisation With AI becoming mainstream, now is the time to start preparing your AI policy. To get the most out of AI technology, you must inform staff about how to use the tools responsibly. With a strong policy in place, you can ensure your business can reap the benefits of this powerful new technology while safeguarding your operations against confidentiality, intellectual property and data protection risks. Moira Grassick is Chief Operating Officer at Peninsula Ireland

Safeguarding your organisation’s systems and data against cybersecurity risk is crucial. Mark Butler explores how you can use training to help fortify your defences Safeguarding sensitive information and data is now of paramount concern for businesses across the globe. Irish businesses are no exception. For example, the Health Service Executive was the victim of a high-profile cybersecurity breach in 2021. Virgin Media Television also suffered an “unauthorised attempt” to access its systems in February 2023, disrupting its services. As the adage goes, “A chain is only as strong as its weakest link.” Typically, that link often happens to be an unwitting employee. That’s where comprehensive cybersecurity training and awareness programmes come into play, serving as the bedrock of a resilient defence strategy against cyber threats. Creating a culture of security Effective cybersecurity training and awareness programmes are not just a checkbox exercise; they are the building blocks of a cybersecurity culture that must permeate every corner of an organisation. The entire business ecosystem benefits when employees are well-informed and empowered to recognise and respond to potential threats. There are several steps organisations can take to ensure cybersecurity best practice. 1. Addressing diverse threats The first step in crafting a robust cybersecurity training programme is recognising that threats are diverse and constantly evolving. Tailor training modules to address various risks, including phishing and social engineering. Irish businesses should collaborate with cybersecurity experts to develop engaging, scenario-based training that mimics real-world situations. This approach allows employees to practise identifying and responding to phishing attempts and other threats in a controlled environment. 2. Password management Password hygiene is a fundamental pillar of cybersecurity. Educate employees about the significance of strong, unique passwords and the criticality of regular updates. Encourage the use of password managers to simplify this process and discourage the reuse of passwords across multiple accounts. By instilling good password practices, businesses can significantly reduce the risk of unauthorised access. 3. Identifying and avoiding phishing attempts Phishing attacks remain a pervasive threat, often exploiting human psychology to trick employees into divulging sensitive information. Train employees to scrutinise emails, especially those requesting personal or financial data, by encouraging them to verify the legitimacy of requests through alternative means of communication before taking action. Emphasise the tell-tale signs of phishing, such as mismatched URLs, generic greetings and urgent demands. 4. Navigating digital safety Safe internet usage is not a mere suggestion but a core principle of cybersecurity. Provide guidelines for secure browsing, avoiding suspicious websites and refraining from downloading attachments or clicking on links from unknown sources. Equip employees with the knowledge to identify malicious websites and teach them to recognise secure connections through the HTTPS protocol. 5. Continuous learning and simulated exercises Effective cybersecurity training is not a one-time event; it’s an ongoing process. Regularly update training materials to reflect new threats and techniques employed by cybercriminals. Implement simulated phishing exercises to assess employees’ ability to apply their training in real-world scenarios. These exercises not only evaluate readiness but also serve as valuable learning experiences. Knowledge is power Fostering a culture of cybersecurity hinges on implementing comprehensive training and awareness programmes. Businesses can significantly reduce the risk of breaches and data loss by equipping their team with the tools to recognise and respond to threats. Investing in cybersecurity education is an investment in the long-term resilience and success of the organisation. In a digital landscape, knowledge is power, and empowered employees are the first defence against cyber threats. Mark Butler is the Managing Partner at HLB Ireland

Following the release of two new standards by the International Sustainability Standards Board, Linda McWeeney outlines what companies can do now to prepare for their application The International Sustainability Standards Board (ISSB) has released two sustainability standards. It will be for jurisdictional authorities to decide whether to mandate use of the International Financial Reporting Standards (IFRS) Sustainability Disclosure Standards, consistent with the approach taken for IFRS Accounting Standards issued by the IASB. These will be effective for annual reporting periods on or after 1 January 2024. The main aim of the new ISSB sustainability standards (S1 and S2) is that, initially, companies will provide reasonable and supportive information with regard to sustainability. The ISSB has provided reliefs and guidance. Year one requirements Even though there will be a requirement to provide sustainability reporting information along with the financial statements, companies can hold off on this reporting in year one and align it with their half yearly reporting where necessary.  There will also be no requirement for comparative information in year one. Companies using different methods can continue to use these methods for measuring scopes for the first year and will continue to align methods with the Greenhouse Gas (GHG) Protocol.    S1 and S2 will not be entirely new to many companies as they have been developed and built on the Task Force on Climate-related Financial Disclosures (TCFD) framework and Sustainability Accounting Standards Board (SASB) standards.   Investors and regulators demand and need high-quality, comparable information about risks and opportunities in relation to climate change in particular.   TCFD disclosure recommendations The TCFD sets out disclosure recommendations based upon core elements around which companies operate. These are: Governance Strategy Risk management Metrics and targets The disclosure recommendations are structured around these four elements. This information should help investors understand how the relevant reporting organisations think about and assess climate-related risks and opportunities: Governance Companies need to describe the board’s oversight of climate-related risks and opportunities.   Processes need to be in place to identify climate-related issues and boards need to be kept informed regularly on these issues. Climate needs to be part of the company’s strategy, policies, plans, budgets, goals and targets. Strategy Companies need to be able to describe the climate-related risks and opportunities and their impact on the organisation’s businesses, strategy, and financial planning. Risk management Processes need to be in place for identifying and assessing climate-related risks. How significant climate-related risks are in relation to other risks should be discussed and analysed. Boards should consider regulatory requirements related to climate change and how to mitigate and control material risks. Metrics and targets Metrics used by the organisation to assess climate-related risks and opportunities in line with its strategy and risk management process should be disclosed.  GHG emissions should be calculated in line with the GHG Protocol methodology to allow for aggregation and comparability across organisations and jurisdictions.  Reporting on emissions Companies are required to report on emissions. Direct emissions are generated from sources owned and controlled by the reporting company – e.g., transport fuels, heating fuels and fugitive gases or emissions of GHG associated with particular manufacturing processes. These emissions are classified as scope 1.   Indirect emissions are also generated as a consequence of the activities of the reporting company—but occur at sources owned or controlled by another company. These include scope 2 and scope 3 emissions.  Scope 2 includes the emissions associated with the purchase of electricity, heat, steam and cooling. Companies can identify these energy uses on the basis of utility bills or metered energy consumption at facilities within the inventory boundary.  The ISSB has agreed that a company disclosing scope 2 emissions would use the locations-based approach, which emphasises the connection between consumer demand for electricity and the emissions resulting from local electricity production.  Within a particular geographic boundary and over a specified time period, electricity output is aggregated and averaged.   Scope 3 emissions include entire value chain emissions. The majority of total corporate emissions fall under this scope from the goods it purchases to the disposal of the products it sells. While Scope 1 and 2 emissions are within the control of the company as they are operational, scope 3 emissions raise business development and strategy questions pertaining to products and services.   Companies using different methods can continue to use these methods for measuring scopes for the first year and will continue to align methods with the GHG Protocol.      Companies can also continue to be guided by the Global Reporting Initiative (GRI) and European Sustainability Reporting Standards (ESRS) to help assess and take responsibility for their impacts and contribute to a more sustainable future using a multi-stakeholder and investor-focused approach. Next steps The standards will be effective for annual reporting periods on or after 1 January 2024 and individual jurisdictions will decide whether and when to adopt the IFRS Sustainability Disclosure Standards. The ISSB has stated that it is working closely with jurisdictional standard setters to maximise interoperability between its standards and incoming mandatory reporting frameworks including the European Commission with their European Sustainability Reporting Standards (ESRS), and the US Securities and Exchange Commission. Linda McWeeney is Non-Executive Director and Senior Lecturer in Accounting and Finance at Technological University Dublin

In a world where social connections fuel success, extroverts hold a natural edge. Jean Evans explains how they can supercharge their networking through authentic and considerate interactions Extroverts have a natural advantage when it comes to networking. They thrive in social situations and are energised by interacting with others. Extroverts get their energy from other people. Extroverts are the quintessential social butterflies. They can easily dominate a room and a conversation. This can be intimidating for people who identify as shy or as shy introverts. However, even for extroverts, effective networking requires some strategies and considerations. Leverage your strengths Extroverts have a natural ability to engage in conversations and connect with people. They should use their outgoing personality to their advantage by initiating conversations and showing genuine interest in others to make them comfortable. Become an active listener While extroverts enjoy talking and sharing their thoughts, it’s important to remember that networking is a two-way street. Extroverts should practise being active listeners, asking open-ended questions, and giving others their full attention to build meaningful connections. Offer help and support Extroverts can make a lasting impression by being genuinely helpful and supportive to others by sharing their knowledge, expertise or resources whenever possible. When people genuinely desire to help others, they increase the likelihood of being remembered and having a favour reciprocated. Follow up After meeting someone, the extrovert should take the initiative to follow up and nurture the connection. Send a personalised email, connect on social media or schedule a coffee meeting to continue the conversation. Effective networking requires ongoing effort and relationship-building. Attend to body language Extroverts can easily express their enthusiasm and energy through their body language. However, they should also be mindful of subtle non-verbal cues, such as maintaining eye contact, smiling and having an open posture. These signals convey approachability and engagement. Numbers matter Setting a goal and being intentional about attending networking events is crucial. Extroverts can manage meeting more people without depleting their internal battery, but successful networking is not about meeting as many people as possible. It’s about having meaningful conversations that can lead to further meetings.  You don’t want to meet more people than you can realistically follow up with after the event. Meet only three to five people per event. Networking as a long-term investment Remember that effective networking is a long-term investment, and it’s about building genuine connections rather than collecting business cards.  Networking is a marathon and not a sprint. Extroverts can leverage their social nature by making meaningful connections and expanding their professional network. Jean Evans is Networking Architect at NetworkMe

Despite mounting scepticism, financial trends suggest that ESG is here to stay even if it is under a new name. Dan Byrne explains why You’d be forgiven for doubting the staying power of the environmental, social and governance (ESG) movement given the current wave of negativity. After all, the stories of pushback are mounting.  Granted, most are coming from the US. Republicans and fiscal conservatives are openly hostile to the term. They are led by people such as Texas Governor Greg Abbott and Florida Governor/presidential contender Ron DeSantis, who dismiss the concept as “woke capitalism”, restricting business and harming profits.  But the old saying still has weight: “If America sneezes, the world catches a cold.” It’s enough negativity to make investors more wary of ESG, and boards wonder whether they need to bother with it. Is this backlash a legitimate threat to ESG? Not from where we’re standing. Follow the money The main reason ESG will survive the backlash is that the money simply isn’t following the rhetoric. ESG critics can be as loud as they want, but they’re not making the corporate world think differently.  Two-thirds of respondents to a 2023 Bloomberg survey expect firms to continue incorporating ESG metrics into their business.  Meanwhile, financial services firm Morningstar Inc. has released new data showing that the success of anti-ESG funds has fallen dramatically from its peak in the third quarter of 2022. This peak was minor compared with the total value of ESG assets.  In other words, ESG priorities remain fixed, and the money working against them is dwindling.  The only thing likely to suffer from this wave of negativity is the actual term: ‘ESG’. Rechristening ESG The true measure of the longevity of ‘ESG’ is that many in the pro-ESG camp are willing to part ways with the term. Larry Fink, head of BlackRock Inc, has said he no longer uses it because of how politicised it has become. Even McDonald’s has done away with it. Meanwhile, the same two-thirds of respondents to the Bloomberg survey said that while firms would keep pursuing ESG, they would stop using the acronym.  But none of these groups are abandoning the principles underpinning ESG.  You might call it the one potential victory of the anti-ESG brigade: a rechristening – purely because firms are worried about reputational risk. Before the current backlash, it was estimated that the value of ESG assets would reach US$50 trillion by 2025. At the start of this year, they were estimated at $41 trillion and growing.  If, in five years, we’re calling ESG something different, it probably won’t dent the underlying principles that investors, consumers and many politicians care so vocally about. So, while the ESG backlash may be loud, we’re not seeing any evidence that its principles are losing ground.  Hence, directors and other corporate leaders hearing the noise from the US and thinking the concept is almost irrelevant should think again.  ESG remains ESG, even if its name changes. Dan Byrne is a journalist with the Corporate Governance Institute

Diversity is not just about race and gender. Andrea Dermody explores the benefits of embracing neurodiversity in the workplace, fostering inclusivity for all employees Research indicates that a significant portion of the global population – 15 to 20 percent – are neurodivergent, with distinct cognitive processes. This encompasses conditions such as attention deficit disorders, autism, dyslexia and dyspraxia, adding a unique dimension to workplaces. Despite growing emphasis on diversity, equity and inclusion (DE&I), the employment prospects and support for neurodivergent individuals remain inadequate. As a result, neurodivergent individuals often experience higher rates of unemployment compared with the general population. However, when organisations attract and retain neurodiverse talent, the benefits can be far-reaching. Benefits of a neurodiverse workforce A neurodiverse workforce can bring many benefits to an organisation: Increased creativity: Neurodiverse individuals often have unique perspectives and ways of thinking, which can lead to innovative ideas and solutions. Enhanced problem-solving skills: Neurodiverse individuals may approach problems differently from their neurotypical counterparts, which can lead to more effective problem-solving and decision-making. Improved productivity: By tapping into the strengths of each individual on the team, a neurodiverse workforce can be more productive and efficient. Deloitte research suggests that teams with neurodivergent professionals in some roles can be 30 percent more productive than those without them. Better employee retention: When organisations embrace neurodiversity, it creates a more inclusive and welcoming environment leading to higher employee satisfaction and retention rates. Enhanced customer relationships: A neurodiverse workforce can help an organisation better understand and meet the needs of diverse customers, leading to improved customer relationships and increased sales. Attracting and retaining neurodiverse employees To ensure the success of neurodivergent workers, Deloitte suggests the following three approaches: Revisit the hiring process: Consciously hire from diverse sources and consider how the hiring process can be made fairer by reducing artificial intelligence or natural human bias. The interview process may also require tweaking. Consider moving from abstract questions to accessing specific skills and experience, and do not assume that everyone will connect the dots the same way. Create a conducive work environment: Everyone has different working styles, but managers should consider how individuals work best and what accommodations can be made. This may be as simple as adjusting communication styles, providing workplace mentors, or considering how flexible work policies can be expanded. Provide tailored career journeys: Many organisations do not have specific policies to support neurodivergent talent. Clearer policies ensure that everyone understands them in the same way, and unspoken rules that some neurodivergent workers might otherwise miss should be codified. Tailored career paths should therefore recognise the goals, capabilities and strengths of the individual – whether neurodivergent or neurotypical. The halo effect What’s clear is that what organisations do to provide an inclusive environment for their neurodivergent workforce can have a halo effect on the entire workforce. These ‘universal accommodations’ are adjustments that benefit all employees, jobseekers or customers and make the workplace a better, safer, more inclusive place for everyone. Andrea Dermody is a diversity and inclusion consultant at Dermody