Starting something new or jumping into an old routine after a break can be tough, but Bryan Rankin is here to ease the transition with some information you should know before the new academic year with Chartered Accountants Ireland begins A warm welcome from the Education Department to all our new and returning  students. We hope you find your studies with us challenging, stimulating and rewarding.  For starting students, here is what you can expect in the coming weeks and how you might get off on the right foot. The basics Chartered Accountants Ireland's (the Institute) first year of studies is Chartered Accountants Proficiency One (CAP1) and commences on Friday, 22 September 2023.  Chartered Accountants Proficiency Two (CAP2) will start this year on Friday, 06 October 2023.   Your education is primarily provided online through on-demand learning content and live webinars supplemented by hard-copy textbooks.  This online model allows you considerable flexibility to study when and where it suits you and to balance your work, study and personal commitments.  At the same time, the model is self-directed, so it requires your preparation, commitment and tenacity.  All your learning content is hosted on the Institute's online learning platform, the Learning Hub. It’s where you’ll find all the materials to support your education.   Each subject is broken up into several 'sessions’ covering specific areas of the course. Each session includes slides, video recordings, question and solution packs and plenty of other educational materials.   The week before your programme commences, we’ll email you details on accessing the Learning Hub. Previous students have found the platform easy to navigate and the content very accessible.  Learning  The Institute places a lot of emphasis on ‘active learning’, demonstrating what you’ve learned by attempting questions. You should expect to start working on questions from day one.   It’s a good idea to get into the habit of writing your attempted solutions in Word, as the exam platform you’ll be using in the summer (Cirrus) is similar. Make sure to review the solutions provided with each set of questions carefully.   A lot of the new material will be taught through the Learning Hub, but live webinars are equally important. They are a vital component of every subject and give an important structure to the academic year.   Webinars are two hours long and take place, on average, twice a week, often including Saturday mornings.  For all information on when your live webinars will occur, please check out your programme timetables, available on the Chartered Accountants Ireland website in the ‘Current students’ section.  Our live webinars do not equate to a teaching lecture. Instead, the purpose of the live webinar is to cover the practical application of learning principles.  In the webinar, lecturers will bring you through solutions to exam-standard questions and discuss where students sometimes struggle.  You’ll also be able to ask the lecturers a question through the ‘chat’ function in the live webinar platform. Before every webinar, you’ll be required to have studied the corresponding sessions in the Learning Hub, understood the concepts underpinning the webinar and practised some questions.  If you join a webinar without any preparation, you will find it of very little value and a frustrating experience.  To kick off each of the three academic programmes –  CAP1, CAP2 and FAE – we’ll ask you to attend an induction-style, one-hour lunchtime live webinar.   The CAP1 induction webinar will be on Friday, 22 September, and the CAP2 equivalent on Friday, 06 October.    This webinar is your chance to meet your programme team, during which we’ll talk you through all aspects of your Chartered Accountancy studies and exams.  Given its importance, all students are expected to join this introductory live webinar. Textbooks Our education follows an online model, but you can also expect to receive a full set of academic textbooks from us to support your studies.  Again, approximately two weeks before the start of your programme, we will email you with details of the dispatch of your textbooks, and we’ll confirm your preferred (usually your nominated home) address details.   Networking events You will also have the opportunity to meet fellow students and programme lecturers at one of our in-person induction and networking events in six locations around the island.  These popular events are a great way to learn more about what’s involved in your education programme while also meeting fellow students. Event dates will be available on the Institute’s website.  If you have any queries before starting your education programme with us, please don’t hesitate to email us at studentqueries@charteredaccountants.ie. Bryan Rankin is Head of Student Operations at Chartered Accountants Ireland

Exam prep, study and practising in exam-day conditions are all important to acing your exams. Caelainn McGonigle knows it's important to take care of yourself, as well During your Chartered education, stress is unavoidable. When you experience high levels of stress, it can present itself by impacting physical and mental health.  Below are several steps to mitigate these stressors and give ourselves the best opportunity to excel when it counts. Sleep When we are stressed, it's easy to think of sleep as “time-consuming”, but allowing our mind and body to rest is critical to our success.  By the time we reach exam week, countless hours will have been spent preparing by attending lectures, revising notes and attempting sample papers. Without achieving seven to nine quality hours of sleep a night, we risk restricting our exam performance on the day.  If you encounter difficulties resting in the lead up to your exams, attempt to close the books an hour earlier and reduce screen time before bed. Exercise and fresh air Taking a break to move your body and relish the fresh air enables your mind and body to relax and reset.  Exercise, whether walking, running or cycling, can moderate our stress levels and improve sleep quality.  When heading outside, you might prefer to enjoy the silence of the outdoors, or need a little motivation to move your body, such as listening to a podcast or music – either is excellent for your mind and body as long as you are getting your heart pumping. Nutrition Maintaining nutritional balance in your meals can be taxing when stressed. It can lead us to over-indulge in meals and snacks, or forgo them all together. We must uphold a nutritious diet to aid focus levels and sustain energy.  Meal planning in advance of high-stress periods, like exam week, along with keeping enjoyable snacks to hand, is a sure way to remain fuelled when working hard.  Positive mindset during exams Stress can amplify our emotions. Preserving a positive mindset and prioritising being gentle with ourselves is critical.  It's important to remember the efforts you have made to reach exam season. The groundwork is complete, and it’s time to flaunt what we have learned.  Exams are important, but maintaining our health is a necessity. If you struggle with positivity, try subscribing to a “quote of the day” app or social media page – it may give you the boost you need at just the right time! Reach out If stress is increasing faster than you can handle, reach out to a fellow student, friend or family member.  Alternatively, the amazing Thrive team and the Chartered Accountants Ireland Wellbeing Hub are on hand to offer help and support throughout our journey.  We have excelled through stressful situations in the past. Accept that stress is unavoidable but manageable, and you haven’t come this far only to come this far. Caelainn McGonigle is PR Officer with CASSI and a trainee with Gilroy Gannon

Derarca Dennis sheds light on the pivotal role CFOs and the finance function play in shaping organisations and the growing significance of talent management in their evolving roles The EY Ireland CFO Survey 2023 has found that CFOs and the finance function are playing an increasingly strategic role in their organisations. They are engaging more with other business areas, requiring new skills and an increased focus on talent management. While automation and advanced data analytics capabilities will undoubtedly be critically important in supporting the future role of the finance function, talent retention must remain a key area of focus if it is to fulfil its potential. Forty percent of the CFOs surveyed said their priority for driving growth in the coming year is investing in upskilling existing talent in their organisations, while 34 percent said investing in new talent would be a priority. Investing in diverse talent Continued investment in diverse talent will be imperative given the finance function’s evolving and increasingly business-critical role. The changing nature of finance reporting requires CFOs to master a diversity of skills, especially a deep understanding of non-financial factors. It requires them to make profound changes in the composition of finance teams. Future finance teams will augment their traditional finance skills with environmental, social and governance (ESG) professionals while also containing data analysts, supply chain experts and process engineers. Finance teams will, of course, be finance experts at their core, but they will also draw upon a diverse talent pool to enable the function to play its full role as a strategic partner in the overall business. On a continuous learning curve A culture of continuous learning that empowers employees to work at their best and realise their potential is a proven talent retention strategy. Not only does it deliver increased job satisfaction, but it opens up new career opportunities within the organisation. However, organisations must also seek to automate the dull, repetitive tasks traditionally undertaken by the finance function, allowing finance professionals to focus on more value-added work. Where tasks cannot be automated, CFOs can fill capability gaps by sourcing the required skill sets through professional service partners. These organisations can offer a range of services from basic accounting activities, record-to-report activities and control monitoring and testing, to day-to-day treasury operations, typically on a managed service basis, leaving the finance function to focus on business strategies, forecasting and stakeholder management. Future-fit CFOs To thrive in the evolving landscape, CFOs must consider a holistic approach, which involves: talent management strategies aimed at upskilling existing employees and attracting and retaining recruits; acquiring the diverse skills that will make the finance function fit for its increasingly strategic role in the organisation; leveraging existing capability within other departments to support the finance function; outsourcing or co-sourcing elements of the finance function to external partners on a managed service basis; and stemming employee turnover by ensuring that processes are future-ready and efficient enough to retain talent interest and engagement. A diverse finance function is the future The changing role of CFOs in Ireland and their teams makes it imperative to focus on people management and acquiring and retaining diverse skill sets. Finance functions of the future will encompass a wide array of professionals whose skill sets will contribute to the organisation’s strategic growth. Ultimately, driving greater value for the organisation hinges upon empowering talented individuals with efficient, automated and data-driven processes across financial and non-financial domains. Derarca Dennis is Assurance Partner at EY Ireland

Organisations adopting AI to streamline processes must provide clear guidance to staff on the dos and don’ts of using the technology, writes Moira Grassick Artificial intelligence (AI) has gone mainstream this year. It seems that everyone has a story about how they have used ChatGPT, the generative AI tool, to make their personal or working life easier. From an employer’s perspective, the rapid progress of AI raises difficult questions, however. Although a chatbot on the company website can be a valuable tool for interacting with customers, there are tricky ethical questions and business risks to consider here. Employers are grappling with issues such as whether staff should be permitted to use AI to make their jobs easier, data protection concerns, and whether the outputs generated by AI tools are accurate enough to rely on. For employers, the key risk to assess is the scale of any damage their business might suffer if staff do not use the technology correctly. Many people are familiar with the US lawyer who used ChatGPT to help him prepare a case with disastrous results. The lawyer cited several cases in court filings that were fabricated by AI. The lawyer didn’t consider that the technology would generate fictitious precedents and was unaware that it might produce inaccurate information. To avoid the embarrassment of making a similar mistake, employers can take some prudent actions to protect their business against the risks posed by employees using AI tools. Develop an AI policy To avoid an embarrassing situation like the one suffered by the hapless US lawyer, your business should consider developing an AI policy. This policy can address specific risks affecting your business. Some of the most common issues arising from the use of AI in the workplace are: Protection of confidential client and employee information While many of the tasks that typically involve the use of AI do not pose any obvious risks, employees must be aware that sensitive company data should not be accessed by AI tools. AI tools analyse vast amounts of data to generate responses to queries, and it’s important that no personal information about your employees or customers is disclosed. If an employee submits confidential information to ChatGPT or any other AI tool, your business is exposed to a range of privacy, commercial and data protection risks. Your AI policy needs to clearly define what types of data employees can submit to AI tools. Intellectual property risks You also need to consider intellectual property risks. If your business publishes content online, it is important to ensure that AI-generated content is not subject to copyright. AI tools typically do not cite the sources of the content they create. Instead, the AI tool may generate output by using existing content that appears on the internet rather than producing original work. Organisations, therefore, cannot check if the publication of AI-generated content will breach someone else’s intellectual property rights. If AI generates someone else’s content, and an organisation publishes it as its own, it is open to reputational damage for plagiarism. Safeguarding the organisation With AI becoming mainstream, now is the time to start preparing your AI policy. To get the most out of AI technology, you must inform staff about how to use the tools responsibly. With a strong policy in place, you can ensure your business can reap the benefits of this powerful new technology while safeguarding your operations against confidentiality, intellectual property and data protection risks. Moira Grassick is Chief Operating Officer at Peninsula Ireland

Safeguarding your organisation’s systems and data against cybersecurity risk is crucial. Mark Butler explores how you can use training to help fortify your defences Safeguarding sensitive information and data is now of paramount concern for businesses across the globe. Irish businesses are no exception. For example, the Health Service Executive was the victim of a high-profile cybersecurity breach in 2021. Virgin Media Television also suffered an “unauthorised attempt” to access its systems in February 2023, disrupting its services. As the adage goes, “A chain is only as strong as its weakest link.” Typically, that link often happens to be an unwitting employee. That’s where comprehensive cybersecurity training and awareness programmes come into play, serving as the bedrock of a resilient defence strategy against cyber threats. Creating a culture of security Effective cybersecurity training and awareness programmes are not just a checkbox exercise; they are the building blocks of a cybersecurity culture that must permeate every corner of an organisation. The entire business ecosystem benefits when employees are well-informed and empowered to recognise and respond to potential threats. There are several steps organisations can take to ensure cybersecurity best practice. 1. Addressing diverse threats The first step in crafting a robust cybersecurity training programme is recognising that threats are diverse and constantly evolving. Tailor training modules to address various risks, including phishing and social engineering. Irish businesses should collaborate with cybersecurity experts to develop engaging, scenario-based training that mimics real-world situations. This approach allows employees to practise identifying and responding to phishing attempts and other threats in a controlled environment. 2. Password management Password hygiene is a fundamental pillar of cybersecurity. Educate employees about the significance of strong, unique passwords and the criticality of regular updates. Encourage the use of password managers to simplify this process and discourage the reuse of passwords across multiple accounts. By instilling good password practices, businesses can significantly reduce the risk of unauthorised access. 3. Identifying and avoiding phishing attempts Phishing attacks remain a pervasive threat, often exploiting human psychology to trick employees into divulging sensitive information. Train employees to scrutinise emails, especially those requesting personal or financial data, by encouraging them to verify the legitimacy of requests through alternative means of communication before taking action. Emphasise the tell-tale signs of phishing, such as mismatched URLs, generic greetings and urgent demands. 4. Navigating digital safety Safe internet usage is not a mere suggestion but a core principle of cybersecurity. Provide guidelines for secure browsing, avoiding suspicious websites and refraining from downloading attachments or clicking on links from unknown sources. Equip employees with the knowledge to identify malicious websites and teach them to recognise secure connections through the HTTPS protocol. 5. Continuous learning and simulated exercises Effective cybersecurity training is not a one-time event; it’s an ongoing process. Regularly update training materials to reflect new threats and techniques employed by cybercriminals. Implement simulated phishing exercises to assess employees’ ability to apply their training in real-world scenarios. These exercises not only evaluate readiness but also serve as valuable learning experiences. Knowledge is power Fostering a culture of cybersecurity hinges on implementing comprehensive training and awareness programmes. Businesses can significantly reduce the risk of breaches and data loss by equipping their team with the tools to recognise and respond to threats. Investing in cybersecurity education is an investment in the long-term resilience and success of the organisation. In a digital landscape, knowledge is power, and empowered employees are the first defence against cyber threats. Mark Butler is the Managing Partner at HLB Ireland

Following the release of two new standards by the International Sustainability Standards Board, Linda McWeeney outlines what companies can do now to prepare for their application The International Sustainability Standards Board (ISSB) has released two sustainability standards. It will be for jurisdictional authorities to decide whether to mandate use of the International Financial Reporting Standards (IFRS) Sustainability Disclosure Standards, consistent with the approach taken for IFRS Accounting Standards issued by the IASB. These will be effective for annual reporting periods on or after 1 January 2024. The main aim of the new ISSB sustainability standards (S1 and S2) is that, initially, companies will provide reasonable and supportive information with regard to sustainability. The ISSB has provided reliefs and guidance. Year one requirements Even though there will be a requirement to provide sustainability reporting information along with the financial statements, companies can hold off on this reporting in year one and align it with their half yearly reporting where necessary.  There will also be no requirement for comparative information in year one. Companies using different methods can continue to use these methods for measuring scopes for the first year and will continue to align methods with the Greenhouse Gas (GHG) Protocol.    S1 and S2 will not be entirely new to many companies as they have been developed and built on the Task Force on Climate-related Financial Disclosures (TCFD) framework and Sustainability Accounting Standards Board (SASB) standards.   Investors and regulators demand and need high-quality, comparable information about risks and opportunities in relation to climate change in particular.   TCFD disclosure recommendations The TCFD sets out disclosure recommendations based upon core elements around which companies operate. These are: Governance Strategy Risk management Metrics and targets The disclosure recommendations are structured around these four elements. This information should help investors understand how the relevant reporting organisations think about and assess climate-related risks and opportunities: Governance Companies need to describe the board’s oversight of climate-related risks and opportunities.   Processes need to be in place to identify climate-related issues and boards need to be kept informed regularly on these issues. Climate needs to be part of the company’s strategy, policies, plans, budgets, goals and targets. Strategy Companies need to be able to describe the climate-related risks and opportunities and their impact on the organisation’s businesses, strategy, and financial planning. Risk management Processes need to be in place for identifying and assessing climate-related risks. How significant climate-related risks are in relation to other risks should be discussed and analysed. Boards should consider regulatory requirements related to climate change and how to mitigate and control material risks. Metrics and targets Metrics used by the organisation to assess climate-related risks and opportunities in line with its strategy and risk management process should be disclosed.  GHG emissions should be calculated in line with the GHG Protocol methodology to allow for aggregation and comparability across organisations and jurisdictions.  Reporting on emissions Companies are required to report on emissions. Direct emissions are generated from sources owned and controlled by the reporting company – e.g., transport fuels, heating fuels and fugitive gases or emissions of GHG associated with particular manufacturing processes. These emissions are classified as scope 1.   Indirect emissions are also generated as a consequence of the activities of the reporting company—but occur at sources owned or controlled by another company. These include scope 2 and scope 3 emissions.  Scope 2 includes the emissions associated with the purchase of electricity, heat, steam and cooling. Companies can identify these energy uses on the basis of utility bills or metered energy consumption at facilities within the inventory boundary.  The ISSB has agreed that a company disclosing scope 2 emissions would use the locations-based approach, which emphasises the connection between consumer demand for electricity and the emissions resulting from local electricity production.  Within a particular geographic boundary and over a specified time period, electricity output is aggregated and averaged.   Scope 3 emissions include entire value chain emissions. The majority of total corporate emissions fall under this scope from the goods it purchases to the disposal of the products it sells. While Scope 1 and 2 emissions are within the control of the company as they are operational, scope 3 emissions raise business development and strategy questions pertaining to products and services.   Companies using different methods can continue to use these methods for measuring scopes for the first year and will continue to align methods with the GHG Protocol.      Companies can also continue to be guided by the Global Reporting Initiative (GRI) and European Sustainability Reporting Standards (ESRS) to help assess and take responsibility for their impacts and contribute to a more sustainable future using a multi-stakeholder and investor-focused approach. Next steps The standards will be effective for annual reporting periods on or after 1 January 2024 and individual jurisdictions will decide whether and when to adopt the IFRS Sustainability Disclosure Standards. The ISSB has stated that it is working closely with jurisdictional standard setters to maximise interoperability between its standards and incoming mandatory reporting frameworks including the European Commission with their European Sustainability Reporting Standards (ESRS), and the US Securities and Exchange Commission. Linda McWeeney is Non-Executive Director and Senior Lecturer in Accounting and Finance at Technological University Dublin

In a world where social connections fuel success, extroverts hold a natural edge. Jean Evans explains how they can supercharge their networking through authentic and considerate interactions Extroverts have a natural advantage when it comes to networking. They thrive in social situations and are energised by interacting with others. Extroverts get their energy from other people. Extroverts are the quintessential social butterflies. They can easily dominate a room and a conversation. This can be intimidating for people who identify as shy or as shy introverts. However, even for extroverts, effective networking requires some strategies and considerations. Leverage your strengths Extroverts have a natural ability to engage in conversations and connect with people. They should use their outgoing personality to their advantage by initiating conversations and showing genuine interest in others to make them comfortable. Become an active listener While extroverts enjoy talking and sharing their thoughts, it’s important to remember that networking is a two-way street. Extroverts should practise being active listeners, asking open-ended questions, and giving others their full attention to build meaningful connections. Offer help and support Extroverts can make a lasting impression by being genuinely helpful and supportive to others by sharing their knowledge, expertise or resources whenever possible. When people genuinely desire to help others, they increase the likelihood of being remembered and having a favour reciprocated. Follow up After meeting someone, the extrovert should take the initiative to follow up and nurture the connection. Send a personalised email, connect on social media or schedule a coffee meeting to continue the conversation. Effective networking requires ongoing effort and relationship-building. Attend to body language Extroverts can easily express their enthusiasm and energy through their body language. However, they should also be mindful of subtle non-verbal cues, such as maintaining eye contact, smiling and having an open posture. These signals convey approachability and engagement. Numbers matter Setting a goal and being intentional about attending networking events is crucial. Extroverts can manage meeting more people without depleting their internal battery, but successful networking is not about meeting as many people as possible. It’s about having meaningful conversations that can lead to further meetings.  You don’t want to meet more people than you can realistically follow up with after the event. Meet only three to five people per event. Networking as a long-term investment Remember that effective networking is a long-term investment, and it’s about building genuine connections rather than collecting business cards.  Networking is a marathon and not a sprint. Extroverts can leverage their social nature by making meaningful connections and expanding their professional network. Jean Evans is Networking Architect at NetworkMe

Despite mounting scepticism, financial trends suggest that ESG is here to stay even if it is under a new name. Dan Byrne explains why You’d be forgiven for doubting the staying power of the environmental, social and governance (ESG) movement given the current wave of negativity. After all, the stories of pushback are mounting.  Granted, most are coming from the US. Republicans and fiscal conservatives are openly hostile to the term. They are led by people such as Texas Governor Greg Abbott and Florida Governor/presidential contender Ron DeSantis, who dismiss the concept as “woke capitalism”, restricting business and harming profits.  But the old saying still has weight: “If America sneezes, the world catches a cold.” It’s enough negativity to make investors more wary of ESG, and boards wonder whether they need to bother with it. Is this backlash a legitimate threat to ESG? Not from where we’re standing. Follow the money The main reason ESG will survive the backlash is that the money simply isn’t following the rhetoric. ESG critics can be as loud as they want, but they’re not making the corporate world think differently.  Two-thirds of respondents to a 2023 Bloomberg survey expect firms to continue incorporating ESG metrics into their business.  Meanwhile, financial services firm Morningstar Inc. has released new data showing that the success of anti-ESG funds has fallen dramatically from its peak in the third quarter of 2022. This peak was minor compared with the total value of ESG assets.  In other words, ESG priorities remain fixed, and the money working against them is dwindling.  The only thing likely to suffer from this wave of negativity is the actual term: ‘ESG’. Rechristening ESG The true measure of the longevity of ‘ESG’ is that many in the pro-ESG camp are willing to part ways with the term. Larry Fink, head of BlackRock Inc, has said he no longer uses it because of how politicised it has become. Even McDonald’s has done away with it. Meanwhile, the same two-thirds of respondents to the Bloomberg survey said that while firms would keep pursuing ESG, they would stop using the acronym.  But none of these groups are abandoning the principles underpinning ESG.  You might call it the one potential victory of the anti-ESG brigade: a rechristening – purely because firms are worried about reputational risk. Before the current backlash, it was estimated that the value of ESG assets would reach US$50 trillion by 2025. At the start of this year, they were estimated at $41 trillion and growing.  If, in five years, we’re calling ESG something different, it probably won’t dent the underlying principles that investors, consumers and many politicians care so vocally about. So, while the ESG backlash may be loud, we’re not seeing any evidence that its principles are losing ground.  Hence, directors and other corporate leaders hearing the noise from the US and thinking the concept is almost irrelevant should think again.  ESG remains ESG, even if its name changes. Dan Byrne is a journalist with the Corporate Governance Institute

Diversity is not just about race and gender. Andrea Dermody explores the benefits of embracing neurodiversity in the workplace, fostering inclusivity for all employees Research indicates that a significant portion of the global population – 15 to 20 percent – are neurodivergent, with distinct cognitive processes. This encompasses conditions such as attention deficit disorders, autism, dyslexia and dyspraxia, adding a unique dimension to workplaces. Despite growing emphasis on diversity, equity and inclusion (DE&I), the employment prospects and support for neurodivergent individuals remain inadequate. As a result, neurodivergent individuals often experience higher rates of unemployment compared with the general population. However, when organisations attract and retain neurodiverse talent, the benefits can be far-reaching. Benefits of a neurodiverse workforce A neurodiverse workforce can bring many benefits to an organisation: Increased creativity: Neurodiverse individuals often have unique perspectives and ways of thinking, which can lead to innovative ideas and solutions. Enhanced problem-solving skills: Neurodiverse individuals may approach problems differently from their neurotypical counterparts, which can lead to more effective problem-solving and decision-making. Improved productivity: By tapping into the strengths of each individual on the team, a neurodiverse workforce can be more productive and efficient. Deloitte research suggests that teams with neurodivergent professionals in some roles can be 30 percent more productive than those without them. Better employee retention: When organisations embrace neurodiversity, it creates a more inclusive and welcoming environment leading to higher employee satisfaction and retention rates. Enhanced customer relationships: A neurodiverse workforce can help an organisation better understand and meet the needs of diverse customers, leading to improved customer relationships and increased sales. Attracting and retaining neurodiverse employees To ensure the success of neurodivergent workers, Deloitte suggests the following three approaches: Revisit the hiring process: Consciously hire from diverse sources and consider how the hiring process can be made fairer by reducing artificial intelligence or natural human bias. The interview process may also require tweaking. Consider moving from abstract questions to accessing specific skills and experience, and do not assume that everyone will connect the dots the same way. Create a conducive work environment: Everyone has different working styles, but managers should consider how individuals work best and what accommodations can be made. This may be as simple as adjusting communication styles, providing workplace mentors, or considering how flexible work policies can be expanded. Provide tailored career journeys: Many organisations do not have specific policies to support neurodivergent talent. Clearer policies ensure that everyone understands them in the same way, and unspoken rules that some neurodivergent workers might otherwise miss should be codified. Tailored career paths should therefore recognise the goals, capabilities and strengths of the individual – whether neurodivergent or neurotypical. The halo effect What’s clear is that what organisations do to provide an inclusive environment for their neurodivergent workforce can have a halo effect on the entire workforce. These ‘universal accommodations’ are adjustments that benefit all employees, jobseekers or customers and make the workplace a better, safer, more inclusive place for everyone. Andrea Dermody is a diversity and inclusion consultant at Dermody

Irish organisations face geopolitical tensions, pandemic aftermath and new work norms. Boards must intensify governance, risk and compliance focus for resilience amid rapid change, says Ivan O’Brien Irish organisations are operating in a rapidly changing business environment. The war in Ukraine, the lingering aftermath of the pandemic and the shift to new ways of working all give rise to unknown risks, including cybersecurity threats. Boards must respond with an intensive focus on governance, risk and compliance (GRC) to achieve organisational goals during increasing uncertainty. Boards should view these challenges as opportunities to verify the effectiveness of existing GRC arrangements, foster continuous improvement efforts and drive progress toward a holistic GRC management system environment that helps drive long-term value and resilience. Keep reporting on track The board’s role is to monitor management’s performance against the organisation’s strategic objectives and understand how risk and uncertainty impact the organisation’s ability to achieve those objectives. Regular, timely and comprehensive management reporting allows the board and the audit committee to continuously monitor the design’s appropriateness and the GRC systems’ effectiveness. The COVID-19 pandemic, in particular, has demonstrated the importance of GRC systems for addressing critical situations, such as health risks, business interruptions, breakdowns in supply chains and financial losses. As a result, organisations have had to act fast and, in many cases, rethink their operational resilience approach. Data breaches pose regulatory and reputational risks to Irish and European organisations. Organisations with insufficient security solutions to protect their systems, networks and data can be fined up to €20 million or 4 percent of their annual global turnover under the General Data Protection Regulation (GDPR). The need for integrated GRC systems Overall, the events of the last several years have highlighted the necessity for organisations to adopt integrated GRC systems to achieve organisational goals, effective emergency management and a culture of integrity during times of uncertainty. By adopting integrated GRC systems, organisations are more likely to respond and recover effectively from crises and transform potential problems into business advantages. Failure to adopt an integrated approach to GRC can undermine the board’s ability to provide adequate oversight on risk and controls and lead to potential exposures that could jeopardise the organisation’s ability to continue as a going concern. This needs to be supported by an effective exchange of GRC-related information within the organisation through a board risk or GRC committee, for example. There is guidance available to boards who wish to improve GRC performance. In April 2021, the International Organization for Standardization (ISO) published a new certifiable standard for compliance management systems – ISO 37301. The standard explains how organisations should implement GRC management systems to satisfy international legal norms and regulations. Implementing ISO 37301 provides assurance that risks are regularly assessed, business partners are screened, and the organisation has a working system to raise concerns. It is committed to improving its systems to deal with non-conformance. Boards can also use the COSO Enterprise Risk Management Framework to evaluate their organisation’s approach to risk management. Developed by the Committee of Sponsoring Organizations of the Treadway Commission, the principles-based framework enables boards to identify all the components of a comprehensive enterprise risk programme. Building resilience Regardless of the model employed, effective GRC management systems rely heavily on the expertise of the internal audit and risk management functions. The scale and increasing complexity of the current risk landscape demands knowledge sharing at every level of the organisation. Boards should, therefore, challenge management to invest in the resources and technological tools required to improve shared risk intelligence throughout the business, to build an even more resilient organisation capable of driving long-term value and withstanding the challenges that lie ahead. Ivan O’Brien is Consulting Partner and Head of Risk at EY

Amid fierce competition, businesses must harness the cloud’s potential cost reduction. FinOps aligns spending with goals, yet pitfalls in adoption must be sidestepped, advises Liam Cotter Cloud computing continues to revolutionise how businesses innovate and grow in today’s hypercompetitive global environment. While the race to the cloud has catapulted businesses into a new realm of speed and agility, few are cashing in on the cloud’s promise to drive down costs – and the challenges are mounting amid the proliferation of multi-cloud environments. The problem is typically a case of too much spending and too little oversight. Businesses are struggling to effectively manage a critical new resource vastly different from the legacy environment it replaces. There is no question that organisations need a radical new approach to managing their cloud spending. The answer? FinOps. With FinOps (the combination of ‘Finance’ and ‘DevOps’), teams from IT, finance and business units collaborate on data-driven spending decisions. Transparency is prioritised, and everyone takes ownership of their cloud usage. FinOps aligns cloud spending with business objectives and helps cross-functional teams work harmoniously to enhance financial control and predictability, reduce friction, and deliver products and services faster in today’s consumer-centric digital economy. However, there are five critical mistakes organisations make when embracing the power of cloud capabilities. 1. The lack of a clear, strategic vision that aligns KPIs with outcomes Success on the FinOps journey inevitably requires measuring, reporting, analysing and optimising cloud spending. Taking a strategic approach to FinOps means keeping objectives and key performance indicators (KPIs) front and centre at all times – continuously revisiting, adjusting and evolving them as required. Businesses should monitor and respond to new business data and make changes, particularly in today’s fast-evolving environment, where the rapid pace of change continues to accelerate. 2. Not understanding costs and trends at a granular level You can’t measure what you can’t see, making a precise, granular view of cloud costs and trends critical to your business. It’s not enough to know your cloud spend at any moment – positioning your business to manage and reduce costs continually is essential. Amid a lack of data that continually delivers timely cloud spend and usage insights, businesses often make significant cloud investments while unsure what they are accomplishing or how to manage costs. Observability is essential to success – gaining visibility into where your cloud spend is going, monitoring activity at a granular level, and responding as needed as workloads and objectives change. This visibility can empower your data teams with precise allocation, real-time budgeting information and accurate forecasting for cost governance. 3. Not using appropriate tools, technologies and tagging FinOps’ success, apart from calculating and gathering timely data, also requires visibility of assets through IT asset management and the use of appropriate tools, technologies and tagging, including automation capabilities. Unfortunately, many businesses with multi-cloud environments use tools and capabilities provided by their cloud vendors with little to no benefit. Improper and inconsistent tagging of resources and a lack of appropriate automation can hinder success. Trend-based forecasting is an appropriate method for simpler situations in which past trends will likely continue. It helps answer questions such as “What would monthly cloud spend be in a future month given the spending trend observed to date?” 4. The lack of collaboration between finance and engineering teams A successful cloud journey relies on FinOps and the engineering team working closely together. While FinOps can manage processes and budgeting, this will likely not prove successful if engineering doesn’t agree to take the right actions. Cross-training of teams and organisational change management to create a highly collaborative approach among diverse teams is critical for FinOps to deliver ongoing value. 5. Not taking action, communicating and optimising Your business may have the necessary metrics, tools and technologies for a successful FinOps journey and be well-positioned to identify problems as they arise. However, a strategic action plan is essential; one that provides appropriate guidelines that bring the required players together to understand the problem and its implications, manage the issue and set the course for a future strategy that can optimise processes and costs. An intelligent approach is to manage by the numbers. These are the components required to help build a governance programme that positions you to do so: Reports and dashboards: Ensure all stakeholders have access to appropriate reporting and dashboards for their role and provide rapid, at-a-glance views into current cost trends and forecasts. Resource hierarchy: Structure cloud resources in a resource hierarchy that is granular enough for management and cost allocation using folders, projects, tags, labels, etc. Budget alerts: Set budget notifications that are triggered automatically when resources or costs ramp up beyond a predetermined threshold to help prevent unexpected activity impacting budgeted spending. Automated actions: Configure automated actions to throttle resources or cap costs to help prevent unwanted activity and overspending. Standard reviews: Establish standard review cadences between IT and finance to review historical spending and develop future action recommendations. FinOps’ success requires bringing engineering and finance stakeholders together to plan, measure, report, analyse and optimise costs. It’s not enough to simply implement new tools, communicate a few expectations and occasionally meet for updates. A holistic operating model should be designed, implemented, orchestrated and evolve as new tools, techniques, ways of working and other factors emerge with time. Liam Cotter is a Management Consulting Partner at KPMG

As back-to-school season approaches, employers can aid parents with flexible work options that foster work-life balance and increased productivity, explains Gemma O’Connor The back-to-school season is nearly underway as kids and parents prepare for the new school year. This can be a busy time for working parents, particularly for parents of children facing a milestone like starting primary or secondary education. So, what can employers do to help staff balance their home and work lives? Communicate with your staff Most employees should be able to predict when they might need extra flexibility to help their children settle into their new surroundings. Different employees will have different requests depending on their child’s level of education. As each employee will have different requirements, there is no silver bullet for managing this situation other than to ensure that you listen to staff and make efforts to accommodate any supports they request. Consider flexible work options If an employee requests flexibility during back-to-school season, consider it and what solution might work best for both parties. Some solutions could include: Working from home on certain days; Early finishes/late starts on certain days; Compressed hours; and Staggered hours. While you have no obligation to grant requests for flexibility, a blunt refusal to accommodate working parents increases the likelihood of alienating employees. Employees who feel let down by their employer are also likely to spread the news of their bad experiences, resulting in reputational damage and hindering your recruitment and retention efforts. Treat people fairly If only working parents are granted flexible work options during the school year, you also risk frustrating employees who don’t receive comparable benefits just because they don’t have children. It’s important to avoid granting privileges to parents only. If you provide benefits to working parents based on promoting work-life balance, you should extend the same flexibility to staff who need to care for an elderly parent or a spouse who’s ill, for instance. If you operate your workplace on the basis that everyone will need flexibility at one time or another, all staff will buy in and the organisation will avoid employee unrest that could develop if only working parents enjoy flexible work options. Prepare for new workers’ statutory rights The Work Life Balance Miscellaneous Provisions Act 2023 has been partially in force since 3 July. Once fully in force, this new piece of employment legislation will introduce five statutory rights for employees to foster a better work-life balance and to support staff with caring responsibilities. In summary, the Act introduces the following rights: Five days’ unpaid leave for medical care purposes for parents of children under 12 and carers; Five days’ paid leave for victims of domestic violence; The right to request flexible working for parents and carers; The right to request remote working for all employees; and The right to breastfeeding breaks extended to two years from the date of the child’s birth. Employers should be ready to receive requests from employees in line with this employment law scheduled to come into effect in full this autumn. Find balance Recognising the needs of working parents during the back-to-school period is crucial for fostering a supportive and inclusive work environment. Working parents often encounter added responsibilities as schools reopen, from adjusting schedules to managing childcare. By understanding these challenges and providing flexibility, employers can mitigate stress, enhance employee well-being and maintain productivity. Acknowledging the unique demands of working parents (and extending the same benefits to non-parent employees) promotes a harmonious balance between professional duties and family responsibilities. Gemma O’Connor is Head of Service at Peninsula Ireland

In the digital age, cyber threats redefine business acquisitions. Mark Butler explores four reasons for prioritising cyber security due diligence, ensuring informed decisions and resilience When considering the purchase of a business, it is essential to conduct a comprehensive assessment of potential risks. Technology risks, particularly cyber threats, have become increasingly significant in today’s digital age. Therefore, prioritising cyber security as part of the due diligence process is crucial to gain a complete view of potential risks, allowing you to make informed decisions and plan accordingly. There are four compelling reasons why a cyber security audit should be a priority in the due diligence process when buying a business. 1. Assessing the business’s technology infrastructure The technology infrastructure of a business plays a vital role in its operations. Cyber security due diligence provides valuable insights into the robustness of the existing infrastructure, including networks, systems, software and hardware. By assessing the vulnerabilities and weaknesses within the technology stack, you can better understand the potential risks and associated costs of upgrading or securing the infrastructure post-acquisition. This knowledge allows you to make informed decisions about the integration process and develop a strategic technology roadmap. 2. Safeguarding sensitive data During a business acquisition, you gain access to the target company’s data, including client information, intellectual property, financial records and employee data. Conducting cyber security due diligence allows you to evaluate the effectiveness of existing security measures that protect this sensitive information. Identifying vulnerabilities and potential data breaches early on can help you implement necessary safeguards and protect the integrity and confidentiality of critical data assets. 3. Mitigating financial and legal risks A cyber security breach can have significant financial and legal consequences for a business. By conducting due diligence, you can identify potential risks that may result in financial loss, such as data breaches, regulatory non-compliance or legal liabilities. Understanding these risks beforehand enables you to negotiate appropriate terms in the acquisition agreement, allocate resources for remediation, and potentially even adjust the purchase price to account for any necessary investments in cyber security. 4. Maintaining business continuity and reputation A successful business acquisition hinges on maintaining continuity and preserving the target company’s reputation. A cyber security incident can disrupt operations, damage customer trust and tarnish the brand image, resulting in financial losses and decreased market value. You can identify potential threats and develop a robust incident response plan by conducting cyber security due diligence. This proactive approach ensures that the necessary measures are in place to minimise the impact of any cyber security incidents and protect the business’s continuity and reputation. Cyber security has become an essential aspect of business risk management in today’s interconnected world. When buying a business, prioritising cyber security within the due diligence process allows you to comprehensively assess technology risks, safeguard sensitive data, mitigate financial and legal risks, assess the technology infrastructure, and maintain business continuity and reputation. The due diligence process is a critical time to ensure you fully understand all potential issues, especially technology, allowing you to address risks and, in turn, plan to deal with them proactively. Mark Butler is Managing Partner at HLB Ireland

In today’s entrepreneurial landscape, high-quality professional services, especially in accountancy, are in demand beyond the allure of technology ventures. John Carolan outlines key strategies to build a successful accountancy practice Technology businesses may seem the default entrepreneurial dream, but there is plenty of demand for high-quality professional services firms in today’s market too, especially accountancy. After all, even the tech founders need accountants. Building a thriving accounting firm requires strategic planning, consistent effort and a focus on client satisfaction. All Chartered Accountants know that accounting is about people as much as it is about numbers. If you’re thinking of going out on your own, there are a few key actions to take to build a successful practice. 1. Define your niche and value proposition Like in any marketing process, you must identify underserved areas and gaps in the market. Once you’ve established that, it is crucial to define your niche and develop a unique value proposition. Identify the specific areas of accounting in which you excel and target your marketing efforts towards those areas, allowing you to establish yourself as an expert in the field and making it easier to attract clients who are seeking specialised services. 2. Cultivate strong client relationships The cliché that “people buy from people” is true. Building lasting relationships with your clients is vital for the success of your accounting firm. Happy clients become referral partners and can play a big role in you building a profitable firm. Implement a client-relationship management system to track interactions, preferences and feedback. Clients who trust and value your services are more likely to refer your firm to others, contributing to the growth of your business. Invest time and effort in understanding your clients’ needs and delivering personalised solutions. It’s also vital to schedule regular check-ins with clients to discuss their evolving needs and deal with any issues. Regularly communicate with your clients, provide them with timely updates, and be proactive in addressing their concerns. Building strong client relationships will not only help retain existing clients but also attract new ones through positive word-of-mouth. 3. Embrace technology and automation Technology plays a significant role in the modern accounting landscape. To build an accountancy practice, it is essential to leverage automation tools to streamline your processes, enhance efficiency and deliver higher-quality services. Research and invest in accounting software that suits your firm’s needs and provides automation capabilities that integrate with other systems, such as payroll and invoicing, to improve accuracy and reduce manual errors. Automation can also free up your time, allowing you to focus on more value-added activities such as strategic planning and client advisory services. In addition, train your staff to use the software effectively to maximise its benefits and stay updated with the latest technological advancements in the accounting industry to remain competitive. 4. Develop a strong online presence Having a strong online presence is crucial for any business, including accounting firms. It’s also important to realise your clients are not going to compare you only with their experiences of other accounting firms. They’re going to compare you with their online experiences. A well-designed and user-friendly website serves as a platform to showcase your expertise, share informative content and attract potential clients. Invest in professional web design, ensure your website is mobile-friendly and optimise your website content with relevant keywords to improve search engine rankings. Remember to actively engage in social media platforms and create valuable content, such as blog posts or webinars, to establish yourself as a thought leader in the industry. 5. Invest in continuous learning and professional development To stay ahead in this evolving profession, it is crucial to invest in continuous learning and professional development. Future-proof yourself and your firm by staying up to date on relevant trends. Encourage your staff to pursue relevant certifications, attend industry conferences and seminars, and engage in ongoing training programmes. By staying updated with the latest accounting regulations, industry trends and technologies, your firm can deliver superior services and maintain a competitive edge. It’s also worthwhile to build your own group of trusted advisors of Chartered Accountants. There is a willingness to share best practices and a good chat in professional networks. And the tried and tested market intelligence you gain access to is worth its weight in gold. John Carolan is the founder of Solve Outsource

As businesses contend with rapid transformation introduced by artificial intelligence, learning how to lead and empower your workforce through the uncharted terrain of technological disruption is critical, says Patrick Gallen The world around us is changing at a pace that appears to be exponential at the very least. The inception of advanced artificial intelligence (AI) learning systems such as Open AI’s ChatGPT has allowed the technology to take centre stage on the world podium, not entirely for the right reasons. While presenting itself with a wealth of benefits, such as instant data and content generation, many fear that the uncharted growth of AI may pose risks to our way of living. Irrespective of views, however, one thing remains clear: the age of AI has begun, and it has already made its mark on the corporate workforce. ­ The advent of such technologies has already begun to disrupt businesses across all areas, from day-to-day internal operations to automating tasks that once took hours of calculation. As companies start to tread through these exciting times, their employees must be guided effectively through the change process. Support holistic learning In a recent podcast, Michelle Weise, author of Long Life Learning: Preparing for jobs that don’t even exist yet, outlined the main topics that prepare companies and their employees for industry changes that are or are yet to come to the fore. First, it is argued that firms should create a learning ecosystem that supports employees as holistic learners with a diverse education history, allowing them to better adapt to prospective change. Leaders must act as role models for their employees, allowing them to raise alternative viewpoints or spark debate before concluding a decision. Sharing views across all levels and offering constructive feedback can bridge knowledge gaps and strengthen employee rapport. Leaders should also use these opportunities with their employees to seek upward feedback, allowing them to identify how they can assist their workforce more effectively. Don’t fear AI Weise also outlines that firms should teach their employees to be “dangerous” enough to exploit emerging technologies to avoid falling behind. Take Nokia and Blackberry, two hallmark examples of companies that failed to adapt to change in time. With the emergence of advanced AI learning systems, companies and employees should challenge the technology, not fear it. Educating employees about the purpose of AI and its benefits will be vital to ensure a common ground between leader and employee. Workshops, seminars and upskilling will be critical to the change process. Understand your employees’ skillsets In addition, Weise discusses the importance of understanding your employees’ skills at a granular level. The abrupt introduction of ChatGPT has shifted the corporate mindset from “what we already know” to “what we need to know”. By gaining a deeper understanding of your employees’ competencies, firms can identify those more competent in tech and AI, allowing them to assist individuals who may struggle with the change process more than others. Firms should encourage their knowledgeable employees to take on a trainer’s role, allowing them to share their skillsets and competencies with other employees. Facilitating and promoting internal training with employees can create a continuous learning and development culture, further catalysing the change process.    With the rapid development of AI in the last several months, the corporate workforce has been turned on its head. The very way in which we work was transformed overnight, prompting urgent change at a global scale. Leading your workforce in a way that promotes understanding, cohesion and growth will help firms adapt to the uncertain world of AI and what lies ahead. Patrick Gallen is Partner of People and Change at Grant Thornton

Julia Rowan answers your management, leadership and team development questions I am an experienced manager who is comfortable with delegating work and trusting my team to get on with it. This allows me to keep a strategic focus. I moved to a new organisation recently and find that my manager and other senior leaders expect me to have detailed knowledge of the work of my direct reports. I do not want to get sucked into operational detail. How do I stay high level while keeping my seniors happy? I always put options on a continuum of ‘do nothing’ (i.e. comply) to ‘the nuclear option’ (i.e. leave), and then identify the options in between.  Before you begin, reflect carefully on what is important for you so that you can shape a clear and positive message. Watch the language – are you ‘getting sucked into the operational detail’ or ‘on top of the data’? My guess is that this is a cultural issue, and if you want to effect change, you need to remain credible. Reflect on what the seniors need: do they need you to have information at your fingertips to save them time? To make important decisions? Are there trust issues around work done by more junior people? Is there something else?  Working this out will help you to meet seniors where they are (not where they ‘should’ be). Ask your manager for their support in meeting expectations while contributing at a higher level (focus on both/and rather than either/or). Bring the same question to your team and get their input and solutions. Reflect on your own expectations – you may need to give a little.  Identify the colleague who navigates this most effectively – ask them how they do it. Build the profile of your team: bring them to meetings. Find a reason to host an event at which your team members share their insights, demonstrate their capabilities and build relationships with your seniors. There may be practical solutions. Could you contact seniors before meetings to check if there are issues they want to discuss? Maybe you could create a shared folder where updated information is posted (either so that you can access it quickly – or colleagues can access it). There are a few options in between. There are many more. Just be open to looking for them. Two colleagues who don’t get on keep trying to drag me into their issues. I feel caught in the middle. In such cases, tapping into our sincerity often gives us the clarity and courage to address tough issues. My guess is that you want to support both without siding with either. Imagine one of your colleagues is sitting in front of you. What would you most like to say? It might be “I am uncomfortable as I feel stuck in the middle” or “That sounds difficult. How can I help you to address this with him?” or “It can be hard to work with someone whose style is so different”.  Try it and see what comes out. Then whittle that down to a sincere and helpful response. Julia Rowan is Principal Consultant at Performance Matters Ltd, a leadership and  team development consultancy. To send a question to Julia, email julia@performancematters.ie.

Audit committees face increasingly complex risks in modern business, according to the latest KPMG survey. Arlene Harris speaks to Niall Savage about the four main risks and how committees can mitigate them KMPG recently published the results of its Global Audit Committee (AC) Institute survey, which collates the views of 768 AC members and chairs, of which 31 were operating in Ireland.  Niall Savage, Partner and Head of Audit Markets at KPMG, says the survey results indicate that, while it may seem at odds with its traditional role, the AC and its members continue to have a “bellwether role for the business as they scan the risk horizon”.  Consequently, ongoing geopolitical issues, cyber threats, the rise of artificial intelligence (AI) and considerations around environmental, social, and governance (ESG) will remain top of the AC agenda in the coming months. “The traditional and essential role of an AC is overseeing the numbers, controls and, as its title suggests, the audit process – both internal and external,” he says. “So its priority is more in the monitoring than the advising. This work is critical for ensuring financial transparency, confidence and compliance but does not encompass the broader aspects of business. “However, given the typical composition of the AC, the external non-executives with wide-ranging experience, the effective AC Chairperson draws upon the insights of their members to identify and advise on risk areas and strategies to address them.  “The findings suggest that the things driving the agenda of the AC are big-picture risks that underpin their organisations’ strategies. And four key themes – geopolitical, cyber, AI and ESG – were identified as foremost in the minds of AC members.” Indeed, these four themes don’t come without challenges, but there are ways in which ACs can navigate them in their role, supporting the board and management. The effects of risk on the market “Volatility by its nature creates uncertainty in the market, making it difficult for businesses and their stakeholders to make strategic operational and investment decisions,” says Savage. “For example, consumer sentiment in uncertain times can fall rapidly, with non-essential purchases frequently deferred, impacting large parts of the consumer market and leisure industries. “Geopolitical volatility can also undermine investor confidence, cutting off access to finance and creating barriers for businesses through restricted access to markets, currency fluctuations and shifts in trade policies. There is also a heightened risk of supply chain disruption.” In the last 12 months, ACs have been faced with:  post-lockdown uncertainty, which is driving cashflow forecasts (and risks) of how to meet consumer demands; geopolitical conflicts, such as the Russian invasion of Ukraine, necessitating a rapid response to secure the safety of people and assess the impact on the business in addition to instability in Latin America and the Middle East; rapid and often unexpected inflation across energy, wheat and other commodities, which created unforeseen risks of business failure if these could not be passed on easily; increased interest rate rises and global financial market fluctuations in response to inflation, which changed base case forecasts for investment decisions, funding, and potentially going concerns; ongoing global trade tensions, including those between the US and China, with increasing tariffs, which had ripple effects on global supply chains; and the fallout from COVID and Brexit, which continued to affect the global economy. Geopolitical risks “It is difficult to predict what the next 12 months have in store, but some key actions for AC members to manage these risks include engaging with management and stakeholders to understand their assessment of geopolitical risks and existing strategies to mitigate those risks, and asking management to provide timely updates on geopolitical developments and the organisation’s risk mitigation efforts,” said Savage.   “Also, understanding the geopolitical risks that can impact the organisation and monitoring global political developments, regional tensions, trade disputes, regulatory changes and other geopolitical factors that may have implications for the organisation. “And, staying informed about current events and diplomatic developments that can impact the organisation’s operations – along with knowing if the organisation is especially exposed to certain regions or risks, should the AC consider recruitment or training to ensure that they have the expertise to address any challenges they face, is also important.” Savage also suggests assessing an organisation’s exposure to geopolitical risks, understanding management’s approach to contingency planning, and understanding the full list of regulatory compliance requirements and whether the organisation has processes in place to identify, monitor and adhere to applicable regulations.  ACs must also consider with management the need for scenario planning to model impact and respond to geopolitical events. Cyber risks Advances in modern technology have also brought about a growing number of cyber threats, and in the past 12 months, many Irish businesses and organisations have reported data leaks and thefts as cybercriminals become more sophisticated and professional in their approach to both getting access to systems through ransomware and social engineering but also monetising this access.  As firms try to protect themselves from this, the list of targets and potential weaknesses continues to grow with the proliferation of the internet of things (IoT), which may not have the same level of security and is, therefore, easier to compromise. “For those engaged in public work, there is an additional political dimension and risk to cybercrime with nation state targeting for political gain, which has seen recent coverage of European Commission staff removing certain apps from their phone restrictions on Telco suppliers due to concerns over security,” says Savage. “But there are some essential actions that ACs can take, which include understanding the cyber risk landscape, the type of threats it faces, potential vulnerabilities and the impact of a cyber incident.  “They can also evaluate the organisation’s cybersecurity governance and strategy while focusing on risk assessment, incident response, training and vendor competence. It is important to be informed – stay on top of cybersecurity initiatives and maintain open lines of communication to address any concerns or gaps identified.” He would also encourage organisations to consider engaging external cybersecurity experts or conducting independent audits/penetration testing to assess the effectiveness of these controls, to ensure the AC is informed of cybersecurity incidents and evaluate the organisation’s response and promote cybersecurity awareness through training and incident reporting and ensure that appropriate cybersecurity risk reporting mechanisms are in place. AI risks The advent of AI has brought a new set of risks to business. “Although long discussed and the subject of many films (Terminator 2 springs to mind), the potential impact of AI really hit home late last year with the launch of ChatGPT, which was quickly followed with spectacular claims of cost savings, entire professions wiped out and of course the danger of ‘the rise of the machines’,” says Savage. “Clearly, there are significant risks and opportunities for businesses and ACs to deal with, many of which are ‘unknown unknowns’ to combat this and assess risk.” In the face of this new business landscape, “ACs should understand the concerns and opportunities for people, customers, suppliers and regulators. They should try to understand how best to get the right level of knowledge, evaluate the existing risk management framework to assess whether additional controls are needed, consider policies around the implementation and use of AI and review critical AI implementation projects.” ESG risks The final issue Savage addresses is ESG, which he says has been an “alphabet soup of regulation” for the past few years – and KPMG research indicates compliance with standards is only one of the ESG risks occupying the minds of AC members.  “There is a broader menu of risks to consider, which impact reputation, performance and financial success,” he says. “Failure to address these can lead to reputational damage and financial implications. So, AC members should consider the potential reputational risks associated with the company’s ESG performance and how they are managed. Climate change risks can impact the value of assets, and non-compliance can result in fines or penalties.”  To address these risks, it is important for ACs to understand and work closely with all stakeholders including management and internal auditors. Areas of focus should: ensure the AC has the necessary expertise to effectively assess ESG risks – this may involve recruiting or training existing committee members; engage with investors, regulatory bodies and industry associations to understand their expectations and perspectives on ESG; develop a list and understanding of ESG risks relevant to the company across climate change, labour, data and inclusion and diversity; review how data is currently captured and analysed and how reporting is verified; look at the existing risk management practices and policies and assess the key controls and how the risks are currently monitored and reported; benchmark these to peer groups and industry standards to ascertain whether they align with recognised frameworks; and seek regular updates on ESG initiatives and consider external assurance on related reporting.  “There are more insights to the survey, and it is interesting to benchmark different priorities across the regions, priorities around finance team talent, the need for in-person time with management and a focusing agenda to maximise effectiveness,” says Savage. “However, by elaborating on and identifying some common-sense actions on the four critical themes – geopolitical, cyber, AI and ESG – we have supported AC members for the next, hopefully, less volatile, 12 months.”  

The NATO summit was not only about Ukraine. It was about the role of the past and how it affects NATO and the EU, writes Judy Dempsey By the time you read this, we’ll have all moved on from the NATO summit that took place in the Lithuanian capital of Vilnius in July towards other persistent topics.  There’s Ireland’s housing crisis; the worry that Donald Trump might beat President Joe Biden in the 2024 election for the White House; and Russia’s continuing war against Ukraine, to name a few. The list is long. But a common threat runs through these issues: the enduring role of the past and how societies in the 21st century have to deal with it. The past is a compass. It offers the way to the future if there is a political willingness to deal with history. The past can also be distorted.  That sense of the past was clear when attending the NATO summit.  The summit’s conclusions fell short – for some, way too short – by failing to offer Ukraine membership of the US-led military alliance once the war was over.  Lithuania and the other two Baltic States, Estonia and Latvia, but also Poland and the Czech Republic, were disappointed. They believed that Biden and German Chancellor Olaf Scholz, who led the opposition against a membership date, did not have the political courage or historical compass to offer Ukraine at least a timetable.  The bottom line is that, for different reasons, this decision was about Russia.  Biden, who is facing re-election and simmering unpopularity with American support for Ukraine, does not want to drag NATO into a direct confrontation with Russia. Germany thinks the same but is not committed to admitting Ukraine to NATO. Yet, this war has given Germany a big chance to lead Europe and create a strong NATO caucus inside the alliance. Germany demurred.  This brings us to Lithuania.  It has been a staunch ally of the Belarussian opposition and an unremitting supporter of Ukraine. For Lithuania, it is about Kyiv defeating Russia. But it is more than that. Lithuania and the other Baltic States see the war in Ukraine through the prism of Russia but in a special way, distinct from Western Europe.  For Lithuania, this is about Russia trying to regain control over the countries of Eastern Europe, which include not only Ukraine but also Belarus, Moldova, Georgia and Armenia.  Lithuania also sees Russia aiming to create a new cordon sanitaire between the EU/NATO countries and Eastern Europe – a kind of updated version of the Cold War divisions of Europe.  In the view of the Central Europeans, Russia’s imperial ambitions must be stopped. Eastern Europe must not be turned into a grey Russian-controlled zone. The prospects for instability would be too high and dangerous. Germany and the United States, for their part, see the war in Ukraine through the prism of Russia as a nuclear power and threat – as if Russia is not already threatening the security of Europe. They do not see it in terms of the past but in terms of realpolitik. For Central Europe, the past is the legacy of the violent Soviet occupation of the region that must not be repeated in Ukraine.  The past for Western Europe is how, with huge American support, today’s EU was built. It was a peace project constructed upon the ruins of World War Two. This peace project is now being challenged by Russia. The war in Ukraine is about two different European narratives. It is time to reconcile them.  Judy Dempsey is a Non-Resident Senior Fellow at Carnegie Europe and Editor-in-Chief of Strategic Europe  

As we approach the final months of 2023, three Chartered Accountants take a moment to contemplate the hurdles Ireland has surmounted and share their aspirations for the remainder of the year Sinéad Nolan Financial Accountant AXA Insurance The economy is fine on paper (GDP and domestically); however, housing is a major issue, in both affordability and availability. The cost-of-living crisis is only exacerbating a problem that was already there for young professionals starting off their careers. Paying rent is a continuous challenge, as is looking for an affordable house to purchase. The interest rates keep rising, and house prices don’t seem to be reducing. Many in the country felt the challenge of paying bills in the wintertime. On top of that, there has been a lot of uncertainty with the war in Ukraine.  On the plus side, there has recently been slight moderation in the price of energy and in inflation, and the pleasant weather in June was a bonus! (Less pleasant in July, admittedly.) Also, the unemployment rate in the Republic of Ireland fell to a record low of 3.8 percent in May. To help, my employer has hosted many financial wellness webinars, which, given the current economic crisis, have been great.  We also received a well-being day off, not to mention personal interaction is happening in the office again – we are attending social events, which is brilliant.  As for the rest of the year, I hope the housing crisis settles, and there is more support given to first-time house buyers from the Government. I joined the Young Professionals Committee in July after attending the wonderful Pride BBQ in June. I am looking forward to organising and hosting events, and connecting with other members of the Institute. The Young Professionals Committee is a great networking platform, so I am very excited to get stuck in with it. Jim Stafford Consultant Friel Stafford I work every day at the coalface, advising companies and individuals who are dealing with financial challenges, and thus I appreciate the issues facing the economy.  While there is an economic brew of uncertainty caused by inflation, geopolitical issues, etc., the biggest impact we have seen this year has been the dramatic increase in interest rates, which has shaken some people to the core.  We have observed a noticeable increase in Members Voluntary Liquidations from businesspeople who are deciding to ‘cash in their chips’ now rather than face future uncertainty.   One of the positives that I have always enjoyed when working with people under financial pressure is recognising the levels of resilience people have. On the ‘resilience spectrum’, I am delighted to see some clients who bounce back stronger than ever.   The highlight for me personally this year was the sale of Friel Stafford to Ifac, which will enable us to provide restructuring services such as the Small Company Administrative Rescue Process (SCARP) across Ifac’s 30+ offices.  The association with Ifac has moved us into the top ten accountancy firms in Ireland, which has opened the doors to certain types of work, making it easier for us to attract and retain talent.  A big development during the year was the growth of artificial intelligence (AI). While there is great potential for generative AI to change the workplace, there is also huge scope for more sophisticated fraud.  Looking to the year ahead, a big challenge for some businesses will be the ending of the Revenue warehousing scheme, which was a valuable lifeline for many.  We expect to see an increased number of SCARPs next year.  Another big challenge for some firms will be the Companies Registration Office and the Corporate Enforcement Authority increasing their enforcement activity on companies that are struck off. Gordon Naughton  Chief Executive Officer Tactive   January represented a strange and uncertain time for the Irish and global economy. Many initiatives were placed on hiatus due to significant inflationary, economic and geopolitical concerns.  In January, it was startling to see how quickly the mood had shifted from November and December. Since then, the business community and consumers have learned to live with these concerns and are in a positive state of mind.  Currently, the Irish economy is showing tremendous resilience, with the overall tax intake and consumer spending being unexpectedly high. It seems the country is forging ahead. However, if the past three years are a barometer for future challenges, predicted and day-to-day issues tend to be easy to deal with. It’s the unpredicted challenges that can pose the most difficulty.  My key lesson from this period is that businesses need to be agile, efficient and have contingency plans for the three main ways an economy can move – up, down or steady on.  Luckily, I have great clients, a good support structure and network that has brought me through any uncertainty. I am so lucky to work from home and spend time with my wonderful family.  Continuous learning is a facet of my life, as I simply like reading and expanding my knowledge. This year I obtained a black belt in Lean, which has helped me professionally and personally.  As for the rest of 2023, I hope to continue to work with outstanding clients.   

In today’s rapidly changing world, organisations are embracing inclusive leadership. Karin Lanigan explores what it means, why it matters, and the essential traits of effective inclusive leaders As a result of recent seismic and lasting changes in the workplace, many organisations are now adopting an inclusive approach to leadership. What is inclusive leadership, and why does it matter? A complex and diverse world We are operating in an increasingly complex world that is constantly evolving. The pace and enormity of the changes taking place require a different approach to leadership: inclusive leadership. A new leadership style is required To be an effective leader now requires a move away from a traditional style of leadership to an inclusive leadership approach. This doesn’t mean that the conventional aspects of leadership are defunct. In fact, the core fundamentals of leadership still apply. However, moving to inclusive leadership involves a change from an autocratic, top-down, centralised leadership approach to a more decentralised, democratic, shared and participative process involving employees across all levels of the organisation. Traits of an inclusive leader An inclusive leader is aware of their own biases and proactively seeks out, encourages and considers different perspectives to facilitate better decision making and more effective collaboration. They strive to ensure that colleagues are treated equally, feel a sense of belonging and value, and work in a psychologically safe space where they can contribute and are supported to achieve their full potential. There is no doubt that inclusive leadership is now a critical capability. The core skills and competencies that are typically exhibited by inclusive leaders include: Self-awareness. Inclusive leaders have a strong awareness of their own biases and blind spots. Similarly, a high level of emotional intelligence enabling the effective management of emotions, their own and those of others, is fundamental.  Empathy. Being an inclusive leader requires having both the willingness and capacity to comprehend and acknowledge the emotions and viewpoints of others. Cultural intelligence. Inclusive leaders aim to establish a workplace that welcomes and values all cultures, allowing everyone to make meaningful contributions. This requires a sense of curiosity and a willingness to learn about different cultures and their traditions. Communication. Clear and effective communication supports an inclusive leadership style. Inclusive leaders look to understand and adapt their communication style to be understood by a diverse audience.  Collaboration. Inclusive leaders foster an environment that is psychologically safe, enabling every member to contribute their ideas and innovations to achieve better outcomes. Commitment and courage. Inclusive leaders are role models, challenge the status quo, and advocate for others.   Why does inclusive leadership matter? Much research has been conducted to assess the benefits of inclusive leadership. The results point to increased staff engagement, attraction and retention; improved workplace relations, communication and collaboration; enhanced transparency resulting in higher levels of trust; better decision-making and problem-solving arising from more varied insights and contributions; and increased innovation and creativity by bringing diverse skills and perspectives together. Ultimately, inclusive leaders significantly enhance employee engagement, performance and overall business results. There is no doubt that inclusive leadership is now a critical and unique capability and one that can support career progression and the achievement of personal and corporate potential.  Karin Lanigan is Head of Member Experience at Chartered Accountants Ireland

The Digital Services Act aims to better protect users in the online world, but its requirements will impose many new obligations on service providers, say Mary Loughney, Shane O’Neill and Filipa Sequeira The increased use of digital technology dramatically raises the chances of end users being exposed to illegal or harmful online content. Regulations and laws are catching up with the fast-paced world of emerging digital services and online platforms to ensure online services’ security, accountability and openness.  The Digital Services Act (DSA), an EU regulation, aims to modernise the digital landscape and defend users’ rights. What digital services does the DSA cover? The DSA encompasses a broad range of online intermediaries, including internet service providers, cloud services, messaging platforms, marketplaces and social networks.  Hosting services, such as online platforms (a hosting service provider that “stores and disseminates to the public information, unless that activity is a minor or purely secondary feature of another service”), social networks, content-sharing platforms, online marketplaces and travel/accommodation platforms, have specific due diligence obligations.  The DSA’s most significant regulations target very large online platforms, with a substantial societal and economic impact reaching a minimum of 45 million EU users, representing 10 percent of the population.  Similarly, very large online search engines with over 10 percent of the EU’s 450 million consumers will have greater responsibility for combating illegal content on the internet. Key provisions of the DSA The DSA outlines specific responsibilities for online platforms, including big platforms, intermediaries and hosting service providers.  Due to their significant societal impact, the Act introduces categories called Very Large Online Platforms (VLOP) and Very Large Online Search Engines (VLOSE), which are subject to stricter regulations and audit requirements.  An independent audit must cover all the obligations imposed on VLOPs and VLOSEs by the DSA, including the duties to remove illegal content, provide users with transparency about how their data is used and prevent the spread of disinformation.  The following focus areas are central to the DSA’s requirements: Due diligence around safety and content moderation: The DSA lays out guidelines to address illegal content, such as hate speech, terrorist propaganda and fake goods. Online platforms must set up efficient content moderation systems and offer ways for users to report unlawful content. This may involve using automated tools for detection and removal. User rights and transparency about terms of service, consent, algorithms and advertising practices: Companies must offer more transparency about how their platforms operate, including their terms of service, algorithms and advertising practices. This will help users to understand how their data is being used. Users’ ability to control their privacy settings and flag harmful content: Companies must provide users with tools to manage their privacy settings and flag harmful content. This will help users to protect their personal data and keep themselves safe online. Companies are also required to respond to flagged content within a reasonable timeframe. Measures to prevent the spread of disinformation: Companies must take steps to prevent the spread of disinformation, such as by labelling sponsored content and providing users with access to reliable information. This may involve working with fact-checking organisations or other companies to share information about disinformation. Accountability for the content hosted on platforms: Companies must be accountable for the content hosted on their platforms. This means they must be able to remove illegal content promptly and co-operate with law enforcement authorities. With these provisions in mind, a sensible place to begin your journey may involve conducting a maturity assessment using a risk-based approach so the organisation is aware of the risks that require mitigation: Maturity assessment: The risk assessment should consider a range of factors, such as the nature of the platform, the type of content hosted and the potential for harm to users. Address DSA requirement gaps: As a result of the risk assessment, organisations should identify their exposed risks and implement necessary measures, which include enhancing content moderation tooling, increasing transparency and enabling more robust end-user control mechanisms. Compliance reporting: Organisations would be required to comply with third-party external audits. While that audit would evaluate the platform’s systems and processes, compliance reporting may also include information on overall risk mitigation efforts. The challenging aspects of the DSA’s audit requirements To ensure compliance with the DSA’s provisions, digital service providers, predominantly VLOPs and VLOSEs, will be subject to independent audits. The audit must be conducted in accordance with the methodology and templates established in the delegated regulation, and the audit should review whether the VLOP or VLOSE: has a clear and transparent policy on how it addresses illegal content; has a system in place for detecting and removing illegal content and preventing the spread of disinformation; and provides users with adequate transparency about how their data is used. The audits will evaluate the platform’s efforts to deal with illegal content, the openness of content moderation procedures, adherence to DSA requirements, and the efficiency of user reporting mechanisms. The platform’s practices for data security and privacy will also be examined.  It will be challenging for online intermediaries to comply with some DSA requirements.  Accurate classification of digital services The DSA distinguishes between different types of digital services, such as intermediaries, hosting services and online platforms. Assigning the correct classification to a specific service can be complex, especially for hybrid platforms with multiple functionalities. Accurately defining the obligations and responsibilities associated with each classification requires careful analysis. Removing illegal content in a timely manner The DSA requires the removal of unlawful content in a timely manner after being made aware of its existence. Implementing effective content moderation mechanisms while respecting freedom of expression and avoiding over-removal or under-removal of content is a complex task. Developing sophisticated algorithms and human review processes to strike the right balance poses significant technical and operational challenges.  Further transparency about how content is moderated  The DSA requires more transparency about how online intermediaries moderate content. This includes providing information about the criteria used to moderate content, the processes used to make decisions and the appeals process available to users who flag moderation issues.  It can be difficult to require online intermediaries to disclose sensitive information about their internal operations. Additional steps to protect users’ privacy rights  The DSA requires additional steps to protect users’ privacy and enhance users’ rights. This includes transparency, user control over content and redress mechanisms.  These new provisions can be challenging to implement as they require online intermediaries to change their business practices significantly.  Implementing user-friendly interfaces and operative-complaint resolution mechanisms to ensure seamless user experiences can be technically complex and resource intensive. Compliance with new rules on targeted advertising  The DSA introduces new rules on targeted advertising. These rules prohibit online intermediaries from using sensitive personal data to target users with ads, and they require online intermediaries to give users more control over the ads they see.  Co-operation with authorities The DSA emphasises co-operation between platforms and regulatory authorities.  Ensuring information sharing, responding to legitimate requests and establishing effective communication channels with various national authorities across the EU pose many challenges. Maintaining confidentiality and data protection while complying with these requirements can be tricky. Interpretation of the DSA The interpretation of the DSA may evolve as it undergoes the legislative process. As such, there are themes associated with how one might expect an audit will be conducted: Transparency: The audits must be conducted transparently. Accountability: The audits are designed to ensure that VLOPs and VLOSEs are accountable for compliance with the DSA. Effectiveness: The audits must effectively identify and address any compliance gaps. Proportionality: The audits must be proportionate to the size and complexity of the VLOPS and VLOSEs. Flexibility: The delegated regulation allows auditors to adapt the audit methodology to the specific circumstances of the VLOP or the VLOSE. These are just some specific requirements that are tricky and complicated to implement. However, the DSA is essential to creating a safer and more accountable online environment. Best practice The table above displays exemplary and tactical actions that could be considered when enhancing users’ privacy rights and transparency about terms of service, consent, algorithms and advertising practices. In addition to these specific steps, companies should consider implementing several general best practices: A well-defined risk management framework: Establishing ongoing risk assessment activities will help companies identify and mitigate user risks. A culture of compliance: This will help ensure that all stakeholders are aware of the DSA requirements and committed to complying with them. A robust process for responding to incidents: This will help companies to respond quickly and effectively to any incidents that may arise. An oversight process for monitoring and reporting on compliance: This will help companies track their progress and identify areas where they may need to improve. A trustworthy online environment The DSA represents a significant step toward regulating online platforms and digital services within the EU. By introducing audit requirements, the DSA enhances transparency, accountability and user protection in the digital world. Independent audits will serve as a mechanism to ensure compliance with the DSA’s provisions, thereby fostering a safer, fairer and more trustworthy online environment. Mary Loughney is Director and Head of Technology Risk Consulting at Grant Thornton  Shane O’Neill is Partner and Head  of Technical Change, Financial Services Advisory at Grant Thornton  Filipa Sequeira is Senior Consultant of Financial Services Advisory at Grant Thornton