Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...
KPMG has identified seven key strategic risks that companies and chief risk officers (CROs) face this year. KPMG partner Kelly Watson recently responded to questions from Bloomberg BNA's Yin Wilczek on the most pressing risks that companies must tackle, including risks arising from technology and third parties.
Kelly Watson is a partner and the National Service Group Leader of KPMG's Risk Consulting Services for the U.S. and the Americas, leading a team of partners and professionals who provide the risk and compliance insights organizations need to protect themselves and grow by helping them transform risk and regulatory compliance into competitive advantage. Kelly previously served as Office Managing Partner of KPMG's Short Hills, N.J., office where she was responsible for leading market development efforts across all functions in New Jersey. She has over 27 years of global auditing and advisory experience serving the pharmaceutical, biotechnology and industrial product industries.
What do you see as the most pressing risks this year that companies must address?Watson:
The key risks that we have identified are consistent with what has been top of mind for CROs, the C-suite, general counsel and the board in recent years. However, some more complex and evolving risk areas including data security, technology risk management and crisis management have been recently escalated. Companies are connected to more organizations than ever and must have a clearer understanding of how their partners and third parties are using and protecting their information, which has driven the heightened data security focus. Greater emphasis is also being placed on data security as attackers become more sophisticated and discover new ways to infiltrate networks, along with recent increased concerns around insider threats. The focus on technology risk management has increased as companies face new risks from adopting emerging technologies such as mobility, social media, connected devices, and cloud computing.
Regarding the elevation of crisis management on the CRO's agenda, while organizations have always faced the possibility of critical or catastrophic events in some form, as companies are now more connected and global, they face even greater threats of disruption to business operations from man-made or natural disasters ranging from cyber-attacks to supply chain disruptions stemming from geopolitical turmoil. And, because organizations are more interconnected, complexities can occur now in a more widespread and rapid fashion in the aftermath of a crisis.BBNA:
What do you see as the most important step risk officers must take to protect their companies from risk this year?Watson:
Companies operate in a complex and increasingly global marketplace and the risks that exist within this environment are equally complex and many cannot always be predicted. To survive and thrive in this environment, it is essential to have an integrated and proactive risk management program in place that reaches across the organization. This entails having a well-established risk management process dictated by a defined risk appetite that is understood and agreed upon across the organization. It is also critical that strong oversight and controls are in place. The CRO should help the company identify all risk areas, formulate a strategy and plan to mitigate them to the greatest extent possible and monitor the company's progress against those plans.BBNA:
As regulators continue to promulgate new requirements, how do companies ensure they effectively are keeping track of the mounting requirements?Watson:
Faced with ever-changing regulatory challenges, some organizations see a strategic opportunity to not only focus on how to comply with existing regulations, but on how to reassess and transform their compliance functions in anticipation of future regulatory developments. This starts with a strong compliance culture with the tone at the top of the organization that reaches across the three lines of defense (the first line is responsible for business monitoring, the second line is responsible for oversight monitoring and the third line is responsible for internal audit).
With clearly defined roles and responsibilities, each line of defense plays an important role within the organization's overall compliance program and activities. An organization also needs to ensure that it has the ability to quickly understand the impact of changing regulations on it, as well as the impact that evolving business processes in an increasingly digital world may have on its continued ability to comply with existing regulations.
One emerging area of risk that we are seeing is in the area of insider threats.
What do you see as the hallmarks of a good corporate compliance program?Watson:
To develop “good corporate compliance programs,” organizations should, and are, first taking a thoughtful step back to judge the effectiveness, efficiency and sustainability of their compliance practices within their business, risk and internal audit areas. They are increasingly taking inventory of compliance obligations and requirements and making sure that they have the processes and controls in place to effectively comply with these requirements. They are then aligning these requirements with their risk assessments as well as ensuring that they have the proper personnel and skills to handle them. Furthermore, they are working to ensure that their policies and procedures, communication and training, and regulatory monitoring and testing are designed to proactively manage and effectively comply with these obligations. It is crucial that organizations move beyond what is required of their compliance programs to what is expected based on their size and complexity.BBNA:
Do you see any emerging issues this year that could introduce new risks for companies?Watson:
One emerging area of risk that we are seeing is in the area of insider threats. While the U.S. government has been focused on this for some time, companies now appear to be waking up to the reality that insiders within their organization can also pose a tremendous risk to their corporate assets. Many forward thinking clients of ours are now starting to build-out insider threat programs to more proactively manage and monitor this risk.
We are also seeing emerging issues within certain industries that are creating new risks for companies including:
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)