PracticeConsultingTurnbull report – Making e-commerce less risky.

Turnbull report - Making e-commerce less risky.

Boards may find it difficult to state how they have maintained a sound system of internal control, especially when moving into e-commerce. Kelvin Lack looks at their problems and suggests some coping strategies.

An organisation’s ability to exploit and control market globalisation is inexorably linked to its implementation of e-commerce strategies, but this increasing reliance on technology, combined with regulatory pressure and a shortage of skills has created a multitude of risks, which will only increase with the growth of e-commerce. These could have significant impacts on businesses, such as extreme financial loss, commercial embarrassment or regulatory implications. One serious danger with these new risks is that boards may not make a connection with the Turnbull governance on risk control when implementing e-commerce, particularly where e-commerce has been implemented and controls need to be applied retrospectively. Consequently, the board’s level of understanding of the risks and the ability to manage them may not be commensurate with the perceived opportunities, significantly increasing the likelihood of their being unable to positively demonstrate the ability to manage risks. This will make it difficult to direct the business, damaging the confidence of clients, regulators and staff, as well as significantly impairing their ability to develop and sell new business. The Turnbull Report is the latest corporate guidance for internal control published by the Institute of Chartered Accountants. It places particular emphasis on the discipline of risk management: “A sound system of internal control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which (a company) is exposed. Since profits are the reward for successful risk taking in business, the purpose of the internal control is to help manage and control risk appropriately rather than to eliminate it.” “This (guidance) should be incorporated by the company within its normal management and governance processes. It should not be treated as a separate exercise undertaken to meet regulatory requirements.” All organisations should review their approach to e-commerce from the Turnbull perspective, because it may reveal symptoms that show they are not managing their risks effectively. The following are the symptoms that they should watch for: – the understanding of risk and the level of sophistication towards analysing and managing risk varies across the organisation, and the understanding of risk is localised; – decisions are not based upon a systematic and effective understanding of risk; – responsibility for critical areas is often given to external organisations with little control over risk, or without an assessment of how the external service provider will manage risk; – strategic initiatives and projects are often setting over ambitious schedules, or failing to meet their objectives and targets; – there are marked differences between IT service provision and users’ requirements; – the connection between overall business and IT strategy, and the operational and developmental activities of the organisation, are often not demonstrable. To manage risk effectively in e-commerce, or when, more generally, attempting to conform to the requirements of the Turnbull report, organisations need: – clear understanding and definition for risk across the organisation, which is clearly communicated and understood; – organisational structure conducive to the management and communication of risk; – consistent and systematic approach to managing risk; – understanding of the overall risk faced by the organisation across the numerous areas of risk that it faces; – allocation of sufficient time and resources to give internal control and risk management; – appropriate delegation of authority, with accountability and regard to acceptable risk; – timely identification of key business, operational and financial risks facing the company, including the likelihood of the risks materialising and the potential impact on the business; – risk management through the supply chain, reflected in contracts with suppliers; – use of historical information to improve assessment and management of risk; – commitment to skills and training, ensuring all staff understand and can manage risk; – assessment of staff and external suppliers on their ability to manage risk effectively. Perhaps the most salient question articulated in the Turnbull report, which should focus the board when considering e-commerce strategies, involves “explaining how the company has maintained a sound system of internal control and, in reporting to shareholders, it has reviewed the effectiveness of the system.” The report adds: “The board should, as a minimum, disclose where applicable that there is an ongoing process for identifying, evaluating and managing the company’s key risks that is regularly reviewed by the board and accords with this guidance.” Kelvin Lack is a partner at Insight Consulting. He has managed business and project risk, and has also written and lectured extensively on the subject.

Related Articles

5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

5m Alia Shoaib, Reporter
Tyrie on Finance Bill 2017: ‘Making Tax Policy Better’

Consulting Tyrie on Finance Bill 2017: ‘Making Tax Policy Better’

11m Stephanie Wix, Writer
Managing partner Q&A - the year ahead: Richard Toone, CVR Global

Accounting Firms Managing partner Q&A - the year ahead: Richard Toone, CVR Global

12m Kevin Reed, Writer
Deloitte 'self-imposes exile' on government contracts to defuse PM row

Accounting Firms Deloitte 'self-imposes exile' on government contracts to defuse PM row

12m Kevin Reed, Writer
Managing partner Q&A - the year ahead: Julie Adams, Menzies

Accounting Firms Managing partner Q&A - the year ahead: Julie Adams, Menzies

12m Kevin Reed, Writer
Friday Afternoon Live: Deloitte's tech thing; PAC wants HMRC 'contingencies'; and Sports Direct

Business Regulation Friday Afternoon Live: Deloitte's tech thing; PAC wants HMRC 'contingencies'; and Sports Direct

1y Kevin Reed, Writer
Friday Afternoon Live: HMRC complaints rise; Deloitte scoops big audits; and corporate reporting woes

Audit Friday Afternoon Live: HMRC complaints rise; Deloitte scoops big audits; and corporate reporting woes

1y Kevin Reed, Writer
New head of equity capital markets for KPMG

Accounting Firms New head of equity capital markets for KPMG

1y Stephanie Wix, Writer