Irish organisations face geopolitical tensions, pandemic aftermath and new work norms. Boards must intensify governance, risk and compliance focus for resilience amid rapid change, says Ivan O’Brien Irish organisations are operating in a rapidly changing business environment. The war in Ukraine, the lingering aftermath of the pandemic and the shift to new ways of working all give rise to unknown risks, including cybersecurity threats. Boards must respond with an intensive focus on governance, risk and compliance (GRC) to achieve organisational goals during increasing uncertainty. Boards should view these challenges as opportunities to verify the effectiveness of existing GRC arrangements, foster continuous improvement efforts and drive progress toward a holistic GRC management system environment that helps drive long-term value and resilience. Keep reporting on track The board’s role is to monitor management’s performance against the organisation’s strategic objectives and understand how risk and uncertainty impact the organisation’s ability to achieve those objectives. Regular, timely and comprehensive management reporting allows the board and the audit committee to continuously monitor the design’s appropriateness and the GRC systems’ effectiveness. The COVID-19 pandemic, in particular, has demonstrated the importance of GRC systems for addressing critical situations, such as health risks, business interruptions, breakdowns in supply chains and financial losses. As a result, organisations have had to act fast and, in many cases, rethink their operational resilience approach. Data breaches pose regulatory and reputational risks to Irish and European organisations. Organisations with insufficient security solutions to protect their systems, networks and data can be fined up to €20 million or 4 percent of their annual global turnover under the General Data Protection Regulation (GDPR). The need for integrated GRC systems Overall, the events of the last several years have highlighted the necessity for organisations to adopt integrated GRC systems to achieve organisational goals, effective emergency management and a culture of integrity during times of uncertainty. By adopting integrated GRC systems, organisations are more likely to respond and recover effectively from crises and transform potential problems into business advantages. Failure to adopt an integrated approach to GRC can undermine the board’s ability to provide adequate oversight on risk and controls and lead to potential exposures that could jeopardise the organisation’s ability to continue as a going concern. This needs to be supported by an effective exchange of GRC-related information within the organisation through a board risk or GRC committee, for example. There is guidance available to boards who wish to improve GRC performance. In April 2021, the International Organization for Standardization (ISO) published a new certifiable standard for compliance management systems – ISO 37301. The standard explains how organisations should implement GRC management systems to satisfy international legal norms and regulations. Implementing ISO 37301 provides assurance that risks are regularly assessed, business partners are screened, and the organisation has a working system to raise concerns. It is committed to improving its systems to deal with non-conformance. Boards can also use the COSO Enterprise Risk Management Framework to evaluate their organisation’s approach to risk management. Developed by the Committee of Sponsoring Organizations of the Treadway Commission, the principles-based framework enables boards to identify all the components of a comprehensive enterprise risk programme. Building resilience Regardless of the model employed, effective GRC management systems rely heavily on the expertise of the internal audit and risk management functions. The scale and increasing complexity of the current risk landscape demands knowledge sharing at every level of the organisation. Boards should, therefore, challenge management to invest in the resources and technological tools required to improve shared risk intelligence throughout the business, to build an even more resilient organisation capable of driving long-term value and withstanding the challenges that lie ahead. Ivan O’Brien is Consulting Partner and Head of Risk at EY

Amid fierce competition, businesses must harness the cloud’s potential cost reduction. FinOps aligns spending with goals, yet pitfalls in adoption must be sidestepped, advises Liam Cotter Cloud computing continues to revolutionise how businesses innovate and grow in today’s hypercompetitive global environment. While the race to the cloud has catapulted businesses into a new realm of speed and agility, few are cashing in on the cloud’s promise to drive down costs – and the challenges are mounting amid the proliferation of multi-cloud environments. The problem is typically a case of too much spending and too little oversight. Businesses are struggling to effectively manage a critical new resource vastly different from the legacy environment it replaces. There is no question that organisations need a radical new approach to managing their cloud spending. The answer? FinOps. With FinOps (the combination of ‘Finance’ and ‘DevOps’), teams from IT, finance and business units collaborate on data-driven spending decisions. Transparency is prioritised, and everyone takes ownership of their cloud usage. FinOps aligns cloud spending with business objectives and helps cross-functional teams work harmoniously to enhance financial control and predictability, reduce friction, and deliver products and services faster in today’s consumer-centric digital economy. However, there are five critical mistakes organisations make when embracing the power of cloud capabilities. 1. The lack of a clear, strategic vision that aligns KPIs with outcomes Success on the FinOps journey inevitably requires measuring, reporting, analysing and optimising cloud spending. Taking a strategic approach to FinOps means keeping objectives and key performance indicators (KPIs) front and centre at all times – continuously revisiting, adjusting and evolving them as required. Businesses should monitor and respond to new business data and make changes, particularly in today’s fast-evolving environment, where the rapid pace of change continues to accelerate. 2. Not understanding costs and trends at a granular level You can’t measure what you can’t see, making a precise, granular view of cloud costs and trends critical to your business. It’s not enough to know your cloud spend at any moment – positioning your business to manage and reduce costs continually is essential. Amid a lack of data that continually delivers timely cloud spend and usage insights, businesses often make significant cloud investments while unsure what they are accomplishing or how to manage costs. Observability is essential to success – gaining visibility into where your cloud spend is going, monitoring activity at a granular level, and responding as needed as workloads and objectives change. This visibility can empower your data teams with precise allocation, real-time budgeting information and accurate forecasting for cost governance. 3. Not using appropriate tools, technologies and tagging FinOps’ success, apart from calculating and gathering timely data, also requires visibility of assets through IT asset management and the use of appropriate tools, technologies and tagging, including automation capabilities. Unfortunately, many businesses with multi-cloud environments use tools and capabilities provided by their cloud vendors with little to no benefit. Improper and inconsistent tagging of resources and a lack of appropriate automation can hinder success. Trend-based forecasting is an appropriate method for simpler situations in which past trends will likely continue. It helps answer questions such as “What would monthly cloud spend be in a future month given the spending trend observed to date?” 4. The lack of collaboration between finance and engineering teams A successful cloud journey relies on FinOps and the engineering team working closely together. While FinOps can manage processes and budgeting, this will likely not prove successful if engineering doesn’t agree to take the right actions. Cross-training of teams and organisational change management to create a highly collaborative approach among diverse teams is critical for FinOps to deliver ongoing value. 5. Not taking action, communicating and optimising Your business may have the necessary metrics, tools and technologies for a successful FinOps journey and be well-positioned to identify problems as they arise. However, a strategic action plan is essential; one that provides appropriate guidelines that bring the required players together to understand the problem and its implications, manage the issue and set the course for a future strategy that can optimise processes and costs. An intelligent approach is to manage by the numbers. These are the components required to help build a governance programme that positions you to do so: Reports and dashboards: Ensure all stakeholders have access to appropriate reporting and dashboards for their role and provide rapid, at-a-glance views into current cost trends and forecasts. Resource hierarchy: Structure cloud resources in a resource hierarchy that is granular enough for management and cost allocation using folders, projects, tags, labels, etc. Budget alerts: Set budget notifications that are triggered automatically when resources or costs ramp up beyond a predetermined threshold to help prevent unexpected activity impacting budgeted spending. Automated actions: Configure automated actions to throttle resources or cap costs to help prevent unwanted activity and overspending. Standard reviews: Establish standard review cadences between IT and finance to review historical spending and develop future action recommendations. FinOps’ success requires bringing engineering and finance stakeholders together to plan, measure, report, analyse and optimise costs. It’s not enough to simply implement new tools, communicate a few expectations and occasionally meet for updates. A holistic operating model should be designed, implemented, orchestrated and evolve as new tools, techniques, ways of working and other factors emerge with time. Liam Cotter is a Management Consulting Partner at KPMG

As back-to-school season approaches, employers can aid parents with flexible work options that foster work-life balance and increased productivity, explains Gemma O’Connor The back-to-school season is nearly underway as kids and parents prepare for the new school year. This can be a busy time for working parents, particularly for parents of children facing a milestone like starting primary or secondary education. So, what can employers do to help staff balance their home and work lives? Communicate with your staff Most employees should be able to predict when they might need extra flexibility to help their children settle into their new surroundings. Different employees will have different requests depending on their child’s level of education. As each employee will have different requirements, there is no silver bullet for managing this situation other than to ensure that you listen to staff and make efforts to accommodate any supports they request. Consider flexible work options If an employee requests flexibility during back-to-school season, consider it and what solution might work best for both parties. Some solutions could include: Working from home on certain days; Early finishes/late starts on certain days; Compressed hours; and Staggered hours. While you have no obligation to grant requests for flexibility, a blunt refusal to accommodate working parents increases the likelihood of alienating employees. Employees who feel let down by their employer are also likely to spread the news of their bad experiences, resulting in reputational damage and hindering your recruitment and retention efforts. Treat people fairly If only working parents are granted flexible work options during the school year, you also risk frustrating employees who don’t receive comparable benefits just because they don’t have children. It’s important to avoid granting privileges to parents only. If you provide benefits to working parents based on promoting work-life balance, you should extend the same flexibility to staff who need to care for an elderly parent or a spouse who’s ill, for instance. If you operate your workplace on the basis that everyone will need flexibility at one time or another, all staff will buy in and the organisation will avoid employee unrest that could develop if only working parents enjoy flexible work options. Prepare for new workers’ statutory rights The Work Life Balance Miscellaneous Provisions Act 2023 has been partially in force since 3 July. Once fully in force, this new piece of employment legislation will introduce five statutory rights for employees to foster a better work-life balance and to support staff with caring responsibilities. In summary, the Act introduces the following rights: Five days’ unpaid leave for medical care purposes for parents of children under 12 and carers; Five days’ paid leave for victims of domestic violence; The right to request flexible working for parents and carers; The right to request remote working for all employees; and The right to breastfeeding breaks extended to two years from the date of the child’s birth. Employers should be ready to receive requests from employees in line with this employment law scheduled to come into effect in full this autumn. Find balance Recognising the needs of working parents during the back-to-school period is crucial for fostering a supportive and inclusive work environment. Working parents often encounter added responsibilities as schools reopen, from adjusting schedules to managing childcare. By understanding these challenges and providing flexibility, employers can mitigate stress, enhance employee well-being and maintain productivity. Acknowledging the unique demands of working parents (and extending the same benefits to non-parent employees) promotes a harmonious balance between professional duties and family responsibilities. Gemma O’Connor is Head of Service at Peninsula Ireland

In the digital age, cyber threats redefine business acquisitions. Mark Butler explores four reasons for prioritising cyber security due diligence, ensuring informed decisions and resilience When considering the purchase of a business, it is essential to conduct a comprehensive assessment of potential risks. Technology risks, particularly cyber threats, have become increasingly significant in today’s digital age. Therefore, prioritising cyber security as part of the due diligence process is crucial to gain a complete view of potential risks, allowing you to make informed decisions and plan accordingly. There are four compelling reasons why a cyber security audit should be a priority in the due diligence process when buying a business. 1. Assessing the business’s technology infrastructure The technology infrastructure of a business plays a vital role in its operations. Cyber security due diligence provides valuable insights into the robustness of the existing infrastructure, including networks, systems, software and hardware. By assessing the vulnerabilities and weaknesses within the technology stack, you can better understand the potential risks and associated costs of upgrading or securing the infrastructure post-acquisition. This knowledge allows you to make informed decisions about the integration process and develop a strategic technology roadmap. 2. Safeguarding sensitive data During a business acquisition, you gain access to the target company’s data, including client information, intellectual property, financial records and employee data. Conducting cyber security due diligence allows you to evaluate the effectiveness of existing security measures that protect this sensitive information. Identifying vulnerabilities and potential data breaches early on can help you implement necessary safeguards and protect the integrity and confidentiality of critical data assets. 3. Mitigating financial and legal risks A cyber security breach can have significant financial and legal consequences for a business. By conducting due diligence, you can identify potential risks that may result in financial loss, such as data breaches, regulatory non-compliance or legal liabilities. Understanding these risks beforehand enables you to negotiate appropriate terms in the acquisition agreement, allocate resources for remediation, and potentially even adjust the purchase price to account for any necessary investments in cyber security. 4. Maintaining business continuity and reputation A successful business acquisition hinges on maintaining continuity and preserving the target company’s reputation. A cyber security incident can disrupt operations, damage customer trust and tarnish the brand image, resulting in financial losses and decreased market value. You can identify potential threats and develop a robust incident response plan by conducting cyber security due diligence. This proactive approach ensures that the necessary measures are in place to minimise the impact of any cyber security incidents and protect the business’s continuity and reputation. Cyber security has become an essential aspect of business risk management in today’s interconnected world. When buying a business, prioritising cyber security within the due diligence process allows you to comprehensively assess technology risks, safeguard sensitive data, mitigate financial and legal risks, assess the technology infrastructure, and maintain business continuity and reputation. The due diligence process is a critical time to ensure you fully understand all potential issues, especially technology, allowing you to address risks and, in turn, plan to deal with them proactively. Mark Butler is Managing Partner at HLB Ireland

In today’s entrepreneurial landscape, high-quality professional services, especially in accountancy, are in demand beyond the allure of technology ventures. John Carolan outlines key strategies to build a successful accountancy practice Technology businesses may seem the default entrepreneurial dream, but there is plenty of demand for high-quality professional services firms in today’s market too, especially accountancy. After all, even the tech founders need accountants. Building a thriving accounting firm requires strategic planning, consistent effort and a focus on client satisfaction. All Chartered Accountants know that accounting is about people as much as it is about numbers. If you’re thinking of going out on your own, there are a few key actions to take to build a successful practice. 1. Define your niche and value proposition Like in any marketing process, you must identify underserved areas and gaps in the market. Once you’ve established that, it is crucial to define your niche and develop a unique value proposition. Identify the specific areas of accounting in which you excel and target your marketing efforts towards those areas, allowing you to establish yourself as an expert in the field and making it easier to attract clients who are seeking specialised services. 2. Cultivate strong client relationships The cliché that “people buy from people” is true. Building lasting relationships with your clients is vital for the success of your accounting firm. Happy clients become referral partners and can play a big role in you building a profitable firm. Implement a client-relationship management system to track interactions, preferences and feedback. Clients who trust and value your services are more likely to refer your firm to others, contributing to the growth of your business. Invest time and effort in understanding your clients’ needs and delivering personalised solutions. It’s also vital to schedule regular check-ins with clients to discuss their evolving needs and deal with any issues. Regularly communicate with your clients, provide them with timely updates, and be proactive in addressing their concerns. Building strong client relationships will not only help retain existing clients but also attract new ones through positive word-of-mouth. 3. Embrace technology and automation Technology plays a significant role in the modern accounting landscape. To build an accountancy practice, it is essential to leverage automation tools to streamline your processes, enhance efficiency and deliver higher-quality services. Research and invest in accounting software that suits your firm’s needs and provides automation capabilities that integrate with other systems, such as payroll and invoicing, to improve accuracy and reduce manual errors. Automation can also free up your time, allowing you to focus on more value-added activities such as strategic planning and client advisory services. In addition, train your staff to use the software effectively to maximise its benefits and stay updated with the latest technological advancements in the accounting industry to remain competitive. 4. Develop a strong online presence Having a strong online presence is crucial for any business, including accounting firms. It’s also important to realise your clients are not going to compare you only with their experiences of other accounting firms. They’re going to compare you with their online experiences. A well-designed and user-friendly website serves as a platform to showcase your expertise, share informative content and attract potential clients. Invest in professional web design, ensure your website is mobile-friendly and optimise your website content with relevant keywords to improve search engine rankings. Remember to actively engage in social media platforms and create valuable content, such as blog posts or webinars, to establish yourself as a thought leader in the industry. 5. Invest in continuous learning and professional development To stay ahead in this evolving profession, it is crucial to invest in continuous learning and professional development. Future-proof yourself and your firm by staying up to date on relevant trends. Encourage your staff to pursue relevant certifications, attend industry conferences and seminars, and engage in ongoing training programmes. By staying updated with the latest accounting regulations, industry trends and technologies, your firm can deliver superior services and maintain a competitive edge. It’s also worthwhile to build your own group of trusted advisors of Chartered Accountants. There is a willingness to share best practices and a good chat in professional networks. And the tried and tested market intelligence you gain access to is worth its weight in gold. John Carolan is the founder of Solve Outsource

As businesses contend with rapid transformation introduced by artificial intelligence, learning how to lead and empower your workforce through the uncharted terrain of technological disruption is critical, says Patrick Gallen The world around us is changing at a pace that appears to be exponential at the very least. The inception of advanced artificial intelligence (AI) learning systems such as Open AI’s ChatGPT has allowed the technology to take centre stage on the world podium, not entirely for the right reasons. While presenting itself with a wealth of benefits, such as instant data and content generation, many fear that the uncharted growth of AI may pose risks to our way of living. Irrespective of views, however, one thing remains clear: the age of AI has begun, and it has already made its mark on the corporate workforce. ­ The advent of such technologies has already begun to disrupt businesses across all areas, from day-to-day internal operations to automating tasks that once took hours of calculation. As companies start to tread through these exciting times, their employees must be guided effectively through the change process. Support holistic learning In a recent podcast, Michelle Weise, author of Long Life Learning: Preparing for jobs that don’t even exist yet, outlined the main topics that prepare companies and their employees for industry changes that are or are yet to come to the fore. First, it is argued that firms should create a learning ecosystem that supports employees as holistic learners with a diverse education history, allowing them to better adapt to prospective change. Leaders must act as role models for their employees, allowing them to raise alternative viewpoints or spark debate before concluding a decision. Sharing views across all levels and offering constructive feedback can bridge knowledge gaps and strengthen employee rapport. Leaders should also use these opportunities with their employees to seek upward feedback, allowing them to identify how they can assist their workforce more effectively. Don’t fear AI Weise also outlines that firms should teach their employees to be “dangerous” enough to exploit emerging technologies to avoid falling behind. Take Nokia and Blackberry, two hallmark examples of companies that failed to adapt to change in time. With the emergence of advanced AI learning systems, companies and employees should challenge the technology, not fear it. Educating employees about the purpose of AI and its benefits will be vital to ensure a common ground between leader and employee. Workshops, seminars and upskilling will be critical to the change process. Understand your employees’ skillsets In addition, Weise discusses the importance of understanding your employees’ skills at a granular level. The abrupt introduction of ChatGPT has shifted the corporate mindset from “what we already know” to “what we need to know”. By gaining a deeper understanding of your employees’ competencies, firms can identify those more competent in tech and AI, allowing them to assist individuals who may struggle with the change process more than others. Firms should encourage their knowledgeable employees to take on a trainer’s role, allowing them to share their skillsets and competencies with other employees. Facilitating and promoting internal training with employees can create a continuous learning and development culture, further catalysing the change process.    With the rapid development of AI in the last several months, the corporate workforce has been turned on its head. The very way in which we work was transformed overnight, prompting urgent change at a global scale. Leading your workforce in a way that promotes understanding, cohesion and growth will help firms adapt to the uncertain world of AI and what lies ahead. Patrick Gallen is Partner of People and Change at Grant Thornton