Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Three questions start-ups should ask themselves

Mary Ann De Leon, Associate Director, IT Consulting & Lai Kee Yin, Senior Manager, Internal Audit and Financial Advisory, Protiviti | Aug. 2, 2016
Discussions about integrated internal controls, compliance and risk culture need to happen up front rather than as a final step.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Internal controls, compliance and risk culture are often the last things senior management and boards of start-ups and small to medium companies want to discuss during their strategy and operational meetings. Alternative views on these factors are seen as counterproductive to the organisation's strategic objectives. Indeed, many start-ups spend an inordinate amount of time focusing on the challenges of meeting the expectations of the market and of stakeholders such as investors, customers, financiers and regulators. In the process, they take on new, and sometimes unknown, risks, yet are reticent to address them proactively.

There are reasons, regardless of an organisation's size and geographic reach, that discussions about integrated internal controls, compliance and risk culture need to happen up front rather than as a final step. From our experience working with start-ups in Singapore, we believe that there are three important questions boards and management in start-up organisations should ask themselves:

1. Do our internal processes provide adequate protection if things go wrong?

Many start-ups face intense pressure to grow revenue and market share, and they compete fiercely for investor and financier funds. Some of these factors contribute
to an inclination for management to increase risk appetite and acceptance of risks when making business decisions, especially when it comes to expansion of products and geographies and the possibilities of increased revenues and profitability.

Besides the known risks of such expansion, has executive management considered the impact of noncontrollable external forces in a volatile market environment? Having a robust enterprise risk management framework that challenges the status quo will provide a structure for executives to ask the right questions to ensure that proper discussions are taking place. Senior management and boards should play a key role in these discussions. Is senior management providing sufficient tone-from-the-top leadership in your enterprise risk management program? Does your organisation's board have the right balance/mix and relevant experience in business or corporate governance to advise adequately?

2. Do we have the right systems, processes and technologies in place to control our growing pains?

Whilst enterprise software, applications and database solutions have improved and become more sophisticated, start-ups often face a unique challenge to adopt a solution for their start-up mode and then transform as they scale up. Their enterprise resource planning (ERP) solutions struggle to keep pace with operational and organisational changes, as well as with increased complexities of rapid business growth. For instance, ERP solutions are not designed to cater to new or enhanced business models, or, for some start-ups, system-based controls are not fully implemented, thus causing them to rely too much on manual controls that can be easily circumvented.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.