Julia Rowan answers your management, leadership and team development questions I am an experienced manager who is comfortable with delegating work and trusting my team to get on with it. This allows me to keep a strategic focus. I moved to a new organisation recently and find that my manager and other senior leaders expect me to have detailed knowledge of the work of my direct reports. I do not want to get sucked into operational detail. How do I stay high level while keeping my seniors happy? I always put options on a continuum of ‘do nothing’ (i.e. comply) to ‘the nuclear option’ (i.e. leave), and then identify the options in between.  Before you begin, reflect carefully on what is important for you so that you can shape a clear and positive message. Watch the language – are you ‘getting sucked into the operational detail’ or ‘on top of the data’? My guess is that this is a cultural issue, and if you want to effect change, you need to remain credible. Reflect on what the seniors need: do they need you to have information at your fingertips to save them time? To make important decisions? Are there trust issues around work done by more junior people? Is there something else?  Working this out will help you to meet seniors where they are (not where they ‘should’ be). Ask your manager for their support in meeting expectations while contributing at a higher level (focus on both/and rather than either/or). Bring the same question to your team and get their input and solutions. Reflect on your own expectations – you may need to give a little.  Identify the colleague who navigates this most effectively – ask them how they do it. Build the profile of your team: bring them to meetings. Find a reason to host an event at which your team members share their insights, demonstrate their capabilities and build relationships with your seniors. There may be practical solutions. Could you contact seniors before meetings to check if there are issues they want to discuss? Maybe you could create a shared folder where updated information is posted (either so that you can access it quickly – or colleagues can access it). There are a few options in between. There are many more. Just be open to looking for them. Two colleagues who don’t get on keep trying to drag me into their issues. I feel caught in the middle. In such cases, tapping into our sincerity often gives us the clarity and courage to address tough issues. My guess is that you want to support both without siding with either. Imagine one of your colleagues is sitting in front of you. What would you most like to say? It might be “I am uncomfortable as I feel stuck in the middle” or “That sounds difficult. How can I help you to address this with him?” or “It can be hard to work with someone whose style is so different”.  Try it and see what comes out. Then whittle that down to a sincere and helpful response. Julia Rowan is Principal Consultant at Performance Matters Ltd, a leadership and  team development consultancy. To send a question to Julia, email julia@performancematters.ie.

Audit committees face increasingly complex risks in modern business, according to the latest KPMG survey. Arlene Harris speaks to Niall Savage about the four main risks and how committees can mitigate them KMPG recently published the results of its Global Audit Committee (AC) Institute survey, which collates the views of 768 AC members and chairs, of which 31 were operating in Ireland.  Niall Savage, Partner and Head of Audit Markets at KPMG, says the survey results indicate that, while it may seem at odds with its traditional role, the AC and its members continue to have a “bellwether role for the business as they scan the risk horizon”.  Consequently, ongoing geopolitical issues, cyber threats, the rise of artificial intelligence (AI) and considerations around environmental, social, and governance (ESG) will remain top of the AC agenda in the coming months. “The traditional and essential role of an AC is overseeing the numbers, controls and, as its title suggests, the audit process – both internal and external,” he says. “So its priority is more in the monitoring than the advising. This work is critical for ensuring financial transparency, confidence and compliance but does not encompass the broader aspects of business. “However, given the typical composition of the AC, the external non-executives with wide-ranging experience, the effective AC Chairperson draws upon the insights of their members to identify and advise on risk areas and strategies to address them.  “The findings suggest that the things driving the agenda of the AC are big-picture risks that underpin their organisations’ strategies. And four key themes – geopolitical, cyber, AI and ESG – were identified as foremost in the minds of AC members.” Indeed, these four themes don’t come without challenges, but there are ways in which ACs can navigate them in their role, supporting the board and management. The effects of risk on the market “Volatility by its nature creates uncertainty in the market, making it difficult for businesses and their stakeholders to make strategic operational and investment decisions,” says Savage. “For example, consumer sentiment in uncertain times can fall rapidly, with non-essential purchases frequently deferred, impacting large parts of the consumer market and leisure industries. “Geopolitical volatility can also undermine investor confidence, cutting off access to finance and creating barriers for businesses through restricted access to markets, currency fluctuations and shifts in trade policies. There is also a heightened risk of supply chain disruption.” In the last 12 months, ACs have been faced with:  post-lockdown uncertainty, which is driving cashflow forecasts (and risks) of how to meet consumer demands; geopolitical conflicts, such as the Russian invasion of Ukraine, necessitating a rapid response to secure the safety of people and assess the impact on the business in addition to instability in Latin America and the Middle East; rapid and often unexpected inflation across energy, wheat and other commodities, which created unforeseen risks of business failure if these could not be passed on easily; increased interest rate rises and global financial market fluctuations in response to inflation, which changed base case forecasts for investment decisions, funding, and potentially going concerns; ongoing global trade tensions, including those between the US and China, with increasing tariffs, which had ripple effects on global supply chains; and the fallout from COVID and Brexit, which continued to affect the global economy. Geopolitical risks “It is difficult to predict what the next 12 months have in store, but some key actions for AC members to manage these risks include engaging with management and stakeholders to understand their assessment of geopolitical risks and existing strategies to mitigate those risks, and asking management to provide timely updates on geopolitical developments and the organisation’s risk mitigation efforts,” said Savage.   “Also, understanding the geopolitical risks that can impact the organisation and monitoring global political developments, regional tensions, trade disputes, regulatory changes and other geopolitical factors that may have implications for the organisation. “And, staying informed about current events and diplomatic developments that can impact the organisation’s operations – along with knowing if the organisation is especially exposed to certain regions or risks, should the AC consider recruitment or training to ensure that they have the expertise to address any challenges they face, is also important.” Savage also suggests assessing an organisation’s exposure to geopolitical risks, understanding management’s approach to contingency planning, and understanding the full list of regulatory compliance requirements and whether the organisation has processes in place to identify, monitor and adhere to applicable regulations.  ACs must also consider with management the need for scenario planning to model impact and respond to geopolitical events. Cyber risks Advances in modern technology have also brought about a growing number of cyber threats, and in the past 12 months, many Irish businesses and organisations have reported data leaks and thefts as cybercriminals become more sophisticated and professional in their approach to both getting access to systems through ransomware and social engineering but also monetising this access.  As firms try to protect themselves from this, the list of targets and potential weaknesses continues to grow with the proliferation of the internet of things (IoT), which may not have the same level of security and is, therefore, easier to compromise. “For those engaged in public work, there is an additional political dimension and risk to cybercrime with nation state targeting for political gain, which has seen recent coverage of European Commission staff removing certain apps from their phone restrictions on Telco suppliers due to concerns over security,” says Savage. “But there are some essential actions that ACs can take, which include understanding the cyber risk landscape, the type of threats it faces, potential vulnerabilities and the impact of a cyber incident.  “They can also evaluate the organisation’s cybersecurity governance and strategy while focusing on risk assessment, incident response, training and vendor competence. It is important to be informed – stay on top of cybersecurity initiatives and maintain open lines of communication to address any concerns or gaps identified.” He would also encourage organisations to consider engaging external cybersecurity experts or conducting independent audits/penetration testing to assess the effectiveness of these controls, to ensure the AC is informed of cybersecurity incidents and evaluate the organisation’s response and promote cybersecurity awareness through training and incident reporting and ensure that appropriate cybersecurity risk reporting mechanisms are in place. AI risks The advent of AI has brought a new set of risks to business. “Although long discussed and the subject of many films (Terminator 2 springs to mind), the potential impact of AI really hit home late last year with the launch of ChatGPT, which was quickly followed with spectacular claims of cost savings, entire professions wiped out and of course the danger of ‘the rise of the machines’,” says Savage. “Clearly, there are significant risks and opportunities for businesses and ACs to deal with, many of which are ‘unknown unknowns’ to combat this and assess risk.” In the face of this new business landscape, “ACs should understand the concerns and opportunities for people, customers, suppliers and regulators. They should try to understand how best to get the right level of knowledge, evaluate the existing risk management framework to assess whether additional controls are needed, consider policies around the implementation and use of AI and review critical AI implementation projects.” ESG risks The final issue Savage addresses is ESG, which he says has been an “alphabet soup of regulation” for the past few years – and KPMG research indicates compliance with standards is only one of the ESG risks occupying the minds of AC members.  “There is a broader menu of risks to consider, which impact reputation, performance and financial success,” he says. “Failure to address these can lead to reputational damage and financial implications. So, AC members should consider the potential reputational risks associated with the company’s ESG performance and how they are managed. Climate change risks can impact the value of assets, and non-compliance can result in fines or penalties.”  To address these risks, it is important for ACs to understand and work closely with all stakeholders including management and internal auditors. Areas of focus should: ensure the AC has the necessary expertise to effectively assess ESG risks – this may involve recruiting or training existing committee members; engage with investors, regulatory bodies and industry associations to understand their expectations and perspectives on ESG; develop a list and understanding of ESG risks relevant to the company across climate change, labour, data and inclusion and diversity; review how data is currently captured and analysed and how reporting is verified; look at the existing risk management practices and policies and assess the key controls and how the risks are currently monitored and reported; benchmark these to peer groups and industry standards to ascertain whether they align with recognised frameworks; and seek regular updates on ESG initiatives and consider external assurance on related reporting.  “There are more insights to the survey, and it is interesting to benchmark different priorities across the regions, priorities around finance team talent, the need for in-person time with management and a focusing agenda to maximise effectiveness,” says Savage. “However, by elaborating on and identifying some common-sense actions on the four critical themes – geopolitical, cyber, AI and ESG – we have supported AC members for the next, hopefully, less volatile, 12 months.”  

The NATO summit was not only about Ukraine. It was about the role of the past and how it affects NATO and the EU, writes Judy Dempsey By the time you read this, we’ll have all moved on from the NATO summit that took place in the Lithuanian capital of Vilnius in July towards other persistent topics.  There’s Ireland’s housing crisis; the worry that Donald Trump might beat President Joe Biden in the 2024 election for the White House; and Russia’s continuing war against Ukraine, to name a few. The list is long. But a common threat runs through these issues: the enduring role of the past and how societies in the 21st century have to deal with it. The past is a compass. It offers the way to the future if there is a political willingness to deal with history. The past can also be distorted.  That sense of the past was clear when attending the NATO summit.  The summit’s conclusions fell short – for some, way too short – by failing to offer Ukraine membership of the US-led military alliance once the war was over.  Lithuania and the other two Baltic States, Estonia and Latvia, but also Poland and the Czech Republic, were disappointed. They believed that Biden and German Chancellor Olaf Scholz, who led the opposition against a membership date, did not have the political courage or historical compass to offer Ukraine at least a timetable.  The bottom line is that, for different reasons, this decision was about Russia.  Biden, who is facing re-election and simmering unpopularity with American support for Ukraine, does not want to drag NATO into a direct confrontation with Russia. Germany thinks the same but is not committed to admitting Ukraine to NATO. Yet, this war has given Germany a big chance to lead Europe and create a strong NATO caucus inside the alliance. Germany demurred.  This brings us to Lithuania.  It has been a staunch ally of the Belarussian opposition and an unremitting supporter of Ukraine. For Lithuania, it is about Kyiv defeating Russia. But it is more than that. Lithuania and the other Baltic States see the war in Ukraine through the prism of Russia but in a special way, distinct from Western Europe.  For Lithuania, this is about Russia trying to regain control over the countries of Eastern Europe, which include not only Ukraine but also Belarus, Moldova, Georgia and Armenia.  Lithuania also sees Russia aiming to create a new cordon sanitaire between the EU/NATO countries and Eastern Europe – a kind of updated version of the Cold War divisions of Europe.  In the view of the Central Europeans, Russia’s imperial ambitions must be stopped. Eastern Europe must not be turned into a grey Russian-controlled zone. The prospects for instability would be too high and dangerous. Germany and the United States, for their part, see the war in Ukraine through the prism of Russia as a nuclear power and threat – as if Russia is not already threatening the security of Europe. They do not see it in terms of the past but in terms of realpolitik. For Central Europe, the past is the legacy of the violent Soviet occupation of the region that must not be repeated in Ukraine.  The past for Western Europe is how, with huge American support, today’s EU was built. It was a peace project constructed upon the ruins of World War Two. This peace project is now being challenged by Russia. The war in Ukraine is about two different European narratives. It is time to reconcile them.  Judy Dempsey is a Non-Resident Senior Fellow at Carnegie Europe and Editor-in-Chief of Strategic Europe  

As we approach the final months of 2023, three Chartered Accountants take a moment to contemplate the hurdles Ireland has surmounted and share their aspirations for the remainder of the year Sinéad Nolan Financial Accountant AXA Insurance The economy is fine on paper (GDP and domestically); however, housing is a major issue, in both affordability and availability. The cost-of-living crisis is only exacerbating a problem that was already there for young professionals starting off their careers. Paying rent is a continuous challenge, as is looking for an affordable house to purchase. The interest rates keep rising, and house prices don’t seem to be reducing. Many in the country felt the challenge of paying bills in the wintertime. On top of that, there has been a lot of uncertainty with the war in Ukraine.  On the plus side, there has recently been slight moderation in the price of energy and in inflation, and the pleasant weather in June was a bonus! (Less pleasant in July, admittedly.) Also, the unemployment rate in the Republic of Ireland fell to a record low of 3.8 percent in May. To help, my employer has hosted many financial wellness webinars, which, given the current economic crisis, have been great.  We also received a well-being day off, not to mention personal interaction is happening in the office again – we are attending social events, which is brilliant.  As for the rest of the year, I hope the housing crisis settles, and there is more support given to first-time house buyers from the Government. I joined the Young Professionals Committee in July after attending the wonderful Pride BBQ in June. I am looking forward to organising and hosting events, and connecting with other members of the Institute. The Young Professionals Committee is a great networking platform, so I am very excited to get stuck in with it. Jim Stafford Consultant Friel Stafford I work every day at the coalface, advising companies and individuals who are dealing with financial challenges, and thus I appreciate the issues facing the economy.  While there is an economic brew of uncertainty caused by inflation, geopolitical issues, etc., the biggest impact we have seen this year has been the dramatic increase in interest rates, which has shaken some people to the core.  We have observed a noticeable increase in Members Voluntary Liquidations from businesspeople who are deciding to ‘cash in their chips’ now rather than face future uncertainty.   One of the positives that I have always enjoyed when working with people under financial pressure is recognising the levels of resilience people have. On the ‘resilience spectrum’, I am delighted to see some clients who bounce back stronger than ever.   The highlight for me personally this year was the sale of Friel Stafford to Ifac, which will enable us to provide restructuring services such as the Small Company Administrative Rescue Process (SCARP) across Ifac’s 30+ offices.  The association with Ifac has moved us into the top ten accountancy firms in Ireland, which has opened the doors to certain types of work, making it easier for us to attract and retain talent.  A big development during the year was the growth of artificial intelligence (AI). While there is great potential for generative AI to change the workplace, there is also huge scope for more sophisticated fraud.  Looking to the year ahead, a big challenge for some businesses will be the ending of the Revenue warehousing scheme, which was a valuable lifeline for many.  We expect to see an increased number of SCARPs next year.  Another big challenge for some firms will be the Companies Registration Office and the Corporate Enforcement Authority increasing their enforcement activity on companies that are struck off. Gordon Naughton  Chief Executive Officer Tactive   January represented a strange and uncertain time for the Irish and global economy. Many initiatives were placed on hiatus due to significant inflationary, economic and geopolitical concerns.  In January, it was startling to see how quickly the mood had shifted from November and December. Since then, the business community and consumers have learned to live with these concerns and are in a positive state of mind.  Currently, the Irish economy is showing tremendous resilience, with the overall tax intake and consumer spending being unexpectedly high. It seems the country is forging ahead. However, if the past three years are a barometer for future challenges, predicted and day-to-day issues tend to be easy to deal with. It’s the unpredicted challenges that can pose the most difficulty.  My key lesson from this period is that businesses need to be agile, efficient and have contingency plans for the three main ways an economy can move – up, down or steady on.  Luckily, I have great clients, a good support structure and network that has brought me through any uncertainty. I am so lucky to work from home and spend time with my wonderful family.  Continuous learning is a facet of my life, as I simply like reading and expanding my knowledge. This year I obtained a black belt in Lean, which has helped me professionally and personally.  As for the rest of 2023, I hope to continue to work with outstanding clients.   

In today’s rapidly changing world, organisations are embracing inclusive leadership. Karin Lanigan explores what it means, why it matters, and the essential traits of effective inclusive leaders As a result of recent seismic and lasting changes in the workplace, many organisations are now adopting an inclusive approach to leadership. What is inclusive leadership, and why does it matter? A complex and diverse world We are operating in an increasingly complex world that is constantly evolving. The pace and enormity of the changes taking place require a different approach to leadership: inclusive leadership. A new leadership style is required To be an effective leader now requires a move away from a traditional style of leadership to an inclusive leadership approach. This doesn’t mean that the conventional aspects of leadership are defunct. In fact, the core fundamentals of leadership still apply. However, moving to inclusive leadership involves a change from an autocratic, top-down, centralised leadership approach to a more decentralised, democratic, shared and participative process involving employees across all levels of the organisation. Traits of an inclusive leader An inclusive leader is aware of their own biases and proactively seeks out, encourages and considers different perspectives to facilitate better decision making and more effective collaboration. They strive to ensure that colleagues are treated equally, feel a sense of belonging and value, and work in a psychologically safe space where they can contribute and are supported to achieve their full potential. There is no doubt that inclusive leadership is now a critical capability. The core skills and competencies that are typically exhibited by inclusive leaders include: Self-awareness. Inclusive leaders have a strong awareness of their own biases and blind spots. Similarly, a high level of emotional intelligence enabling the effective management of emotions, their own and those of others, is fundamental.  Empathy. Being an inclusive leader requires having both the willingness and capacity to comprehend and acknowledge the emotions and viewpoints of others. Cultural intelligence. Inclusive leaders aim to establish a workplace that welcomes and values all cultures, allowing everyone to make meaningful contributions. This requires a sense of curiosity and a willingness to learn about different cultures and their traditions. Communication. Clear and effective communication supports an inclusive leadership style. Inclusive leaders look to understand and adapt their communication style to be understood by a diverse audience.  Collaboration. Inclusive leaders foster an environment that is psychologically safe, enabling every member to contribute their ideas and innovations to achieve better outcomes. Commitment and courage. Inclusive leaders are role models, challenge the status quo, and advocate for others.   Why does inclusive leadership matter? Much research has been conducted to assess the benefits of inclusive leadership. The results point to increased staff engagement, attraction and retention; improved workplace relations, communication and collaboration; enhanced transparency resulting in higher levels of trust; better decision-making and problem-solving arising from more varied insights and contributions; and increased innovation and creativity by bringing diverse skills and perspectives together. Ultimately, inclusive leaders significantly enhance employee engagement, performance and overall business results. There is no doubt that inclusive leadership is now a critical and unique capability and one that can support career progression and the achievement of personal and corporate potential.  Karin Lanigan is Head of Member Experience at Chartered Accountants Ireland

The Digital Services Act aims to better protect users in the online world, but its requirements will impose many new obligations on service providers, say Mary Loughney, Shane O’Neill and Filipa Sequeira The increased use of digital technology dramatically raises the chances of end users being exposed to illegal or harmful online content. Regulations and laws are catching up with the fast-paced world of emerging digital services and online platforms to ensure online services’ security, accountability and openness.  The Digital Services Act (DSA), an EU regulation, aims to modernise the digital landscape and defend users’ rights. What digital services does the DSA cover? The DSA encompasses a broad range of online intermediaries, including internet service providers, cloud services, messaging platforms, marketplaces and social networks.  Hosting services, such as online platforms (a hosting service provider that “stores and disseminates to the public information, unless that activity is a minor or purely secondary feature of another service”), social networks, content-sharing platforms, online marketplaces and travel/accommodation platforms, have specific due diligence obligations.  The DSA’s most significant regulations target very large online platforms, with a substantial societal and economic impact reaching a minimum of 45 million EU users, representing 10 percent of the population.  Similarly, very large online search engines with over 10 percent of the EU’s 450 million consumers will have greater responsibility for combating illegal content on the internet. Key provisions of the DSA The DSA outlines specific responsibilities for online platforms, including big platforms, intermediaries and hosting service providers.  Due to their significant societal impact, the Act introduces categories called Very Large Online Platforms (VLOP) and Very Large Online Search Engines (VLOSE), which are subject to stricter regulations and audit requirements.  An independent audit must cover all the obligations imposed on VLOPs and VLOSEs by the DSA, including the duties to remove illegal content, provide users with transparency about how their data is used and prevent the spread of disinformation.  The following focus areas are central to the DSA’s requirements: Due diligence around safety and content moderation: The DSA lays out guidelines to address illegal content, such as hate speech, terrorist propaganda and fake goods. Online platforms must set up efficient content moderation systems and offer ways for users to report unlawful content. This may involve using automated tools for detection and removal. User rights and transparency about terms of service, consent, algorithms and advertising practices: Companies must offer more transparency about how their platforms operate, including their terms of service, algorithms and advertising practices. This will help users to understand how their data is being used. Users’ ability to control their privacy settings and flag harmful content: Companies must provide users with tools to manage their privacy settings and flag harmful content. This will help users to protect their personal data and keep themselves safe online. Companies are also required to respond to flagged content within a reasonable timeframe. Measures to prevent the spread of disinformation: Companies must take steps to prevent the spread of disinformation, such as by labelling sponsored content and providing users with access to reliable information. This may involve working with fact-checking organisations or other companies to share information about disinformation. Accountability for the content hosted on platforms: Companies must be accountable for the content hosted on their platforms. This means they must be able to remove illegal content promptly and co-operate with law enforcement authorities. With these provisions in mind, a sensible place to begin your journey may involve conducting a maturity assessment using a risk-based approach so the organisation is aware of the risks that require mitigation: Maturity assessment: The risk assessment should consider a range of factors, such as the nature of the platform, the type of content hosted and the potential for harm to users. Address DSA requirement gaps: As a result of the risk assessment, organisations should identify their exposed risks and implement necessary measures, which include enhancing content moderation tooling, increasing transparency and enabling more robust end-user control mechanisms. Compliance reporting: Organisations would be required to comply with third-party external audits. While that audit would evaluate the platform’s systems and processes, compliance reporting may also include information on overall risk mitigation efforts. The challenging aspects of the DSA’s audit requirements To ensure compliance with the DSA’s provisions, digital service providers, predominantly VLOPs and VLOSEs, will be subject to independent audits. The audit must be conducted in accordance with the methodology and templates established in the delegated regulation, and the audit should review whether the VLOP or VLOSE: has a clear and transparent policy on how it addresses illegal content; has a system in place for detecting and removing illegal content and preventing the spread of disinformation; and provides users with adequate transparency about how their data is used. The audits will evaluate the platform’s efforts to deal with illegal content, the openness of content moderation procedures, adherence to DSA requirements, and the efficiency of user reporting mechanisms. The platform’s practices for data security and privacy will also be examined.  It will be challenging for online intermediaries to comply with some DSA requirements.  Accurate classification of digital services The DSA distinguishes between different types of digital services, such as intermediaries, hosting services and online platforms. Assigning the correct classification to a specific service can be complex, especially for hybrid platforms with multiple functionalities. Accurately defining the obligations and responsibilities associated with each classification requires careful analysis. Removing illegal content in a timely manner The DSA requires the removal of unlawful content in a timely manner after being made aware of its existence. Implementing effective content moderation mechanisms while respecting freedom of expression and avoiding over-removal or under-removal of content is a complex task. Developing sophisticated algorithms and human review processes to strike the right balance poses significant technical and operational challenges.  Further transparency about how content is moderated  The DSA requires more transparency about how online intermediaries moderate content. This includes providing information about the criteria used to moderate content, the processes used to make decisions and the appeals process available to users who flag moderation issues.  It can be difficult to require online intermediaries to disclose sensitive information about their internal operations. Additional steps to protect users’ privacy rights  The DSA requires additional steps to protect users’ privacy and enhance users’ rights. This includes transparency, user control over content and redress mechanisms.  These new provisions can be challenging to implement as they require online intermediaries to change their business practices significantly.  Implementing user-friendly interfaces and operative-complaint resolution mechanisms to ensure seamless user experiences can be technically complex and resource intensive. Compliance with new rules on targeted advertising  The DSA introduces new rules on targeted advertising. These rules prohibit online intermediaries from using sensitive personal data to target users with ads, and they require online intermediaries to give users more control over the ads they see.  Co-operation with authorities The DSA emphasises co-operation between platforms and regulatory authorities.  Ensuring information sharing, responding to legitimate requests and establishing effective communication channels with various national authorities across the EU pose many challenges. Maintaining confidentiality and data protection while complying with these requirements can be tricky. Interpretation of the DSA The interpretation of the DSA may evolve as it undergoes the legislative process. As such, there are themes associated with how one might expect an audit will be conducted: Transparency: The audits must be conducted transparently. Accountability: The audits are designed to ensure that VLOPs and VLOSEs are accountable for compliance with the DSA. Effectiveness: The audits must effectively identify and address any compliance gaps. Proportionality: The audits must be proportionate to the size and complexity of the VLOPS and VLOSEs. Flexibility: The delegated regulation allows auditors to adapt the audit methodology to the specific circumstances of the VLOP or the VLOSE. These are just some specific requirements that are tricky and complicated to implement. However, the DSA is essential to creating a safer and more accountable online environment. Best practice The table above displays exemplary and tactical actions that could be considered when enhancing users’ privacy rights and transparency about terms of service, consent, algorithms and advertising practices. In addition to these specific steps, companies should consider implementing several general best practices: A well-defined risk management framework: Establishing ongoing risk assessment activities will help companies identify and mitigate user risks. A culture of compliance: This will help ensure that all stakeholders are aware of the DSA requirements and committed to complying with them. A robust process for responding to incidents: This will help companies to respond quickly and effectively to any incidents that may arise. An oversight process for monitoring and reporting on compliance: This will help companies track their progress and identify areas where they may need to improve. A trustworthy online environment The DSA represents a significant step toward regulating online platforms and digital services within the EU. By introducing audit requirements, the DSA enhances transparency, accountability and user protection in the digital world. Independent audits will serve as a mechanism to ensure compliance with the DSA’s provisions, thereby fostering a safer, fairer and more trustworthy online environment. Mary Loughney is Director and Head of Technology Risk Consulting at Grant Thornton  Shane O’Neill is Partner and Head  of Technical Change, Financial Services Advisory at Grant Thornton  Filipa Sequeira is Senior Consultant of Financial Services Advisory at Grant Thornton