Finding the entrepreneurial you
GDPR came into force on the 25th May 2018, demanding good data governance by any firm, regardless of jurisdiction, on the handling of personably identifiable data associated with EU and EEA citizens. One of my previous articles showed that COBIT® 5 really helps in becoming GRPR-ready. If GDPR has been taken seriously, our organizations are much better at data management, making what we do next easier.
We can turn with confidence to addressing other issues, currently ignored by mainstream thinking, but very relevant going forward. Some are:
- The Millennial workforce.
- Digital transformation.
- ePrivacy Regulation.
- Online giants, our new systemic risk.
- Inbuilt insecurity.
The common theme running through them is information systems. Strategic and operational activity must adopt a more ‘entrepreneur’ than ‘mature’ approach to use opportunities as they arise. Governance frameworks must encourage innovation and simultaneously manage associated risks through adaptive policies, procedures and practices. Collaboration is necessary to think ahead and respond swiftly to change.
ISACA’s COBIT 5 provides an overview on enterprise governance. The family of documents includes “COBIT 5, a Business Framework for the Governance and Management of Enterprise IT COBIT 5”. This resource provides a comprehensive guide on where and how to look for evolutionary and revolutionary opportunities in your business.
Look under https://cobitonline.isaca.org/publications to access the scope, providing ways of looking at our organisation and the supply chain from all angles. Access to both the scope and the comprehensive materials HERE , are free to ISACA members. The scope available HERE, is free on a temporary basis to non-ISACA members via a simple registration but there is a fee to access the rest .
Each of the following case studies relate to the list above and have a corresponding useful links associated with them that tells their story - together with ways in which COBIT 5 can address these organizational challenges.
PWC expects intense commitment from the start with career rewards, such as partnerships, coming later. The firm was concerned about the growing number of younger people – the Millennials born between 1980 and 1995 – leaving after a few years. PWC found that the incoming workforce had different expectations, wanting a flexible approach to work with rewards for good performance early on as well as throughout their career.
COBIT 5 via its approach to stakeholder needs and enterprise goals links internal and external stakeholder expectations with the firm’s. Once identified, appropriate changes can be made to policies and practices.
For more on Millennials and Generation Z see:
Digital transformation is pushing firms to adapt business models and focus. Dominos realised they had to move from a fast-food service to an e-digital service. By using data analytics to personalise marketing offers to customers right down to individuals within a household, customers are attracted to a service that matches their lifestyle.
COBIT 5, via its guidance on services, infrastructure and applications, helps firms assess the potential of digital transformation on business. This guidance broadens thinking from defining a single-point solution to implementing a holistic asset, integral and supportive of business objectives.
- Summary of Domino’s transformation: https://www.bernardmarr.com/default.asp?contentID=1264
The ePrivacy Regulation, possibly scheduled for EU adoption at the end of 2018, provides a subtle addition to GDPR covering electronic communications. Additional explicit consents will be needed. Intelligent communications infrastructure carries, generates, uses and stores personally and corporately-identifiable data. Over-the top communications services like WhatsApp are in scope, as are all providers of cookies, IoT devices and direct- and e-marketing.
COBIT 5 provides guidance on how IT and the enterprise need to conform to regulatory requirements and can help reveal where explicit consents could be needed.
- For a summary, look at https://www.alstonprivacy.com/eprivacy-regulation-trilogue-negotiations-pushed-back-fall-2018-final-eprivacy-regulation-may-not-place-2020/
- Another high-level view on e-privacy is here: https://www.theguardian.com/technology/2017/jan/10/whatsapp-facebook-google-privacy-rules-ec-european-directive.
- This one has a list of consents required: https://medium.com/mydata/consent-lost-gdpr-and-found-eprivacy-e85cf881ffb.
- For a deeper dive, try this: https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/epr_-_gutachten-final-4.0_3_.pdf
BREXIT remains inconclusive so firms must define contingency plans to minimise frictions from a ‘no deal’. Even if your organisation has no dealings with the EU27, you will need to check on how BREXIT affects your supply chain and your bank. For some, like Currency Cloud, ‘no deal’ means they need to set up an EU presence now to obtain their EU operational licence just in case.
COBIT 5 covers the need for conformance to regulatory matters and other standards. It helps start the process of where to look. There are sections on business continuity, covering prevention, mitigation and recovering from disruption to help identify the areas of possible friction.
- A contextual overview of the BREXIT issue: https://www.ibtimes.co.uk/why-neither-brexit-nor-loss-passporting-will-stop-uks-fintech-momentum-1659410
Every business is in a market to buy and sell. To operate effectively and efficiently, many of us turn to the IT infrastructure and communication providers offering easy-to-use ‘one-stop-shop’ solutions, such as Facebook, Apple, Microsoft, Google and Amazon. This is a three-edged sword. The big upside, which makes them so attractive, are the easily-obtainable benefits of communications and storage structures with the necessary security and scale. On the downside are 1): with few dominant players, control over markets is theirs not ours; and 2): should one of them fail, either technically or commercially, the adverse impact on business and personal lives will be huge.
COBIT 5 can help define a new approach to dealing with a systemic point of failure. There is also a useful checklist on questions to ask of external stakeholders.
- For views on FAMGA-like firms being a systemic risk see: https://www.forbes.com/sites/quora/2018/04/12/apple-google-facebook-amazon-microsoft-which-tech-giant-will-fall-first/#6b2763485e86.
- Another view is here:
- And here: http://www.tabletmag.com/jewish-news-and-politics/246822/facebook-google-amazon-monopolies
- For a more upbeat article see: https://medium.com/crypto-oracle/facebook-apple-microsoft-google-amazon-aka-famga-is-eating-the-world-d3ba0c62df8b
- or https://medium.com/@loukerner/this-week-in-famgas-march-to-global-domination-e57d86d329aa
A by-product of building business efficiency is inadvertently laying the foundations for insecurity. Expedia discovered its subsidiary had exposed customer data. Data sharing and management, even when within the same corporate group, is hard to control because requirements, accountability and responsibility get diluted, obscured or reinterpreted by the data management partner.
As above, there is a correspondingly useful checklist available of what to ask of internal stakeholders.
COBIT 5 is there to help us think better about the way we govern and operate. So much is demanded of business, it is easy to miss the things we ought to be thinking about. Technology drives both the pace of, and how, we work. Good governance is essential for ensuring businesses continue to thrive. COBIT 5 is essential to governing well.