Today’s businesses operate at the speed of data. A company’s ability to access information; reach people; open markets accessible through phones and tablets; and push data throughout its operations, is essential to effectively operate its business. Systems that track inventory on a real-time basis provide instant customer relationship information, aid in search engine optimization, and process payments efficiently and effectively are worth their weight in Bitcoins. Technology-based companies are often on the leading edge of data movement and storage, which bring up key control issues that are not necessarily unique to technology-based companies, but should weigh heavily in their assessments of risk and design of internal controls.
1: Cyber Security
This has become a major focus for all companies, but it is even more of an issue for technology-based companies. With the ever-increasing push to the cloud, new capabilities and sophistication of software, the better funding of hackers (organized crime, nation states, insiders, etc.), and the inability for companies to monitor and regulate the use of equipment and applications by their staff (e.g. cell phones), it is getting more difficult for companies to protect their data and the data of their customers. A data breach can result in significant losses to a company’s reputation and its bottom line. It is critical that technology companies stay abreast of new emerging threats and protection criteria on the market to avoid costly losses. In developing proper cyber controls, companies need to consider both high-tech and low-tech intrusions and develop systems and controls to protect against these. Limiting access to sites (e.g. Facebook), training staff about phishing scams and other cyber threats, performing regular intrusion detection protocols and running data loss prevention software, implementing and updating firewall securities regularly, performing staff background checks, controlling access management, and ensuring proper encryption and transference of sensitive data are some of the many security issues that need to be reviewed and assessed on a regular basis. You need to consider these and other factors when developing your company’s IT policies, which should also include regular reviews of your systems and your security incident response and communication plans.
2: Data Collection and Usage
They are now the lifeblood of any company. The more real-time and accurate your data flow is, the better decisions your management team can make. Data flows like a stream, so you need to understand its source, how it is flowing, and where the impediments to a steady flow are. In evaluating your data collection and usage systems, you should consider:
- What data you need to collect: The collection and protection of data can be pricey, so it is important to define what source data is going to have the most meaningful impact on your business operations. Things like inventory flow, product sales, customer feedback, etc. are all potentially important factors to capture information on.
- Where this data is coming from: You need to identify what the source of the needed data is, who has access to it, how is it being accumulated, how accurate is it, and how timely is it.
- How the data is being collected: Do you have protocols in place to ensure you are collecting the appropriate data? Who is entering the data into the system or is the data being automatically pulled from a source? How do you ensure proper notification if data entry fields change? Is the data appropriately stored to prevent inappropriate access? And are confidentiality standards in place to ensure security of data?
- How do you validate the quality of the data collected? Have procedures been designed and implemented to ensure validity, reliability, completeness, timeliness, integrity, and confidentiality of the data accumulated? This can include staff communication and training, systems checks, and built-in quality assurance protocols.
- How do you accumulate the data for meaningful reporting? It is great to have data, but data without the ability to manipulate and use it is useless. You need to have the ability to filter the data and pull it into meaningful reporting that can be a tool for management decisions. Reporting should be used to help drive positive results in the areas you chose to measure.
When collecting data, it is important to understand which aspects of your business drive results, such as faster throughput, higher customer loyalty, and satisfaction, meaningful searches, etc. and these are the areas where you want to focus your resources. Remember that this is not a static process; you should constantly rethink the data you are collecting for appropriate decision-making.
3: Staff Acquisition and Retention
Because for all of us, time is finite, you need to leverage the work you perform through others. The goal is to focus your energy on the areas where you can create the most benefit for your company, but this means trusting others to help you in other facets of your operations. When bringing on staff members, you need to create good open communication and develop an appropriate culture, but you also need to develop appropriate documentation and structure, so everyone understands what is appropriate in the workforce. Developing organizational charts, job descriptions, employee handbooks, human resource/benefits policies, performance reviews, conflict of interest policies, covenants not to compete, confidentiality policies, and the like, are helpful in setting an appropriate tone for the workforce. This doesn’t need to squash creativity; it instead should provide a framework for your company and its personnel, which for many companies is its most valuable resource. For many new technology companies, salaries are not always competitive. In order to attract and retain a quality staff, you need to find a way to blend compensation with other work-related factors such as a collaborative and relaxed work environment, learning experiences, extra time off, and maybe even bonuses for reaching production milestones or sales levels. The cost of hiring and retraining new staff gets expensive, so the goal of retention is crucial.
4: Digitization of Processes
In the past, systems, and cycles, including manufacturing processes, while automated, still had a significant level of low-tech labor involved. This created significant risks by way of safety, quality, and slowdowns in the production cycle. Progress only moved as fast as the slowest man or woman on the line. Today, with new developments in intelligent machines, 3-D printing, modeling and simulation, plant and floor analytics, and big data; processes have become much more automated, and the production floor has gotten smarter and more efficient. New concepts can be brought to the production floor so much faster. With that, however, come new challenges. Just like the auto mechanic today needs to understand the complexity of the core processing that runs today’s smart cars, manufacturers need to ensure that staff understands the complexities of today’s production cycle. The concepts have not changed, the level of sophistication has. Ensuring equipment is in working order, with regular maintenance schedules, review of production outputs, and routine diagnostics, can help ensure that a system failure will not wipe out a month’s worth of profits. In addition, with the speed of new product development and bringing those products to market, companies need to make sure that they are doing their due diligence to protect their research and development pipelines through comprehensive development policies and employment contracts, as well as progressive patent practices, to ensure that as products are developed, they can securely get to market in a timely manner.
5: Cloud-Based Services
Data is moving to the cloud at unprecedented levels. Nearly one-third of all corporate data currently resides on the cloud, as more and more companies shift from licensed software to software as a service applications (SaaS apps) through cloud-based alternatives.Controls surrounding cloud alternatives are not as strong as most people believe. Popular sanctioned SaaS apps like Office 365, Salesforce.com, and Workday are just beginning to recognize the need to bring necessary transparency with regard to user activity. Employers utilize SaaS apps because of the: flexibility to access, built-in innovation, automatic maintenance and updates, and the cost, as they tend to be cheaper than traditional licensed software solutions.Unfortunately, according to some studies, only about 6% of SaaS apps are considered enterprise-ready, meaning they have mitigated the high level of security and compliance risk associated with SaaS apps. Unique cloud risks include certifications and standards, data protection, access control, auditability, business continuity, legal, and privacy issues, and vulnerabilities and exploits. For example, a popular SaaS app that many people use instead of PowerPoint states in the fine print of its user agreement, that it owns any of the data uploaded to the site.That should be a red flag to anyone concerned about safeguarding sensitive information. Good housekeeping in the cloud requires you to identify, assess risks, control, and optimize the use of cloud-based services.