Raising the Digital Quotient of Boardrooms: Strategy, Audit, Risk, and Compliance Trends

Featuring Ekta Singh-Bushell of Alter Domus

The intersection of data, digital, finance, and talent is where growth companies have the most potential to accelerate further. Ekta Singh-Bushell, a member of Alter Domus’ Supervisory Board of Directors, and Chair of Alter Domus’ Strategy Committee, recently sat down with Sensus Magazine to give her take on how greater technology enablement is transforming companies.

As a lifelong transformation advocate, Ekta has served as a board member and Chair/CEO advisor to global companies, both public and private equity backed, on their value creation journeys. Ekta was formerly COO, Executive Office at the Federal Reserve Bank of New York, interim CEO for a digital analytics start-up, and a senior global partner at EY. She has worked across multiple verticals in over 60 countries with a specific focus on digital transformation and customer experience, reducing risk, improving compliance and driving operational efficiencies.

Q: How has technology evolved to provide companies with greater oversight?

A: The traditional nerve centre for company oversight used to be the CFO and COO offices. These offices were the natural focus of many boards and especially that of Audit, Risk and Compliance Committees (ARCCs).

Over the last two decades, the rapid evolution of technology – specifically with digital transformation – has meant greater technology enablement of business processes in the offices of the CFO and COO. Digital has become a “suitcase” word, encompassing the use of data, analytics, automation, edge computing, SAAS, customer experience and digital interactions. Today, it is much easier to provide deeper and more real-time insights that enable better and more fulsome oversight of companies.

More fundamentally, as technology and digitisation have evolved, they have transformed the board’s role from oversight to providing insight and foresight based on real data. The addition of critical new nerve centres, such as the offices of the Chief Analytics Officer (CAO), Chief Digital Officer (CDO), Chief Product Officer (CPO), and the Chief Innovation Officer (CIO), have added far more science to boardroom oversight and dialog than ever before.

In my numerous experiences as Chair of the Audit Committee and Lead Independent Director, there are three areas where digital transformation has had the greatest functional impact from an audit and risk management and board oversight standpoint:

1. Compliance and Risk Management: Both external and internal audit teams are leveraging robotic process automation, data lakes and platforms to enable more continuous and real-time monitoring of events, risks and insights. Through increased visibility, everyone can better understand the ‘what could go wrongs’ and thereby be more proactive, comprehensive and responsive.
2. Operations: Similarly, edge computing, cloud infrastructure and SAAS applications have allowed both the CFO and COO offices to go deeper, be more self-reliant and leverage data for better insights. The increased understanding has expanded well beyond operational metrics to insights regarding talent utilisation, efficiency, and ultimately experiences.
3. Brand and Reputation: Trust – and safety – with all stakeholders is key. The responsibilities of boards of directors continue to evolve, particularly given the events of recent years. Boards play a critical role in overseeing trust as a corporate asset, so supporting technology is evolving to proactively measure and prioritise trust and its impact on business performance.

Q: What was key for you in transforming your focus from business leader to active director for growth and public companies?

A: I’m fortunate to have been an active director for growth and public companies, especially founder-led companies. Transitioning from being an operational and hands-on business leader meant going from being “the expert” with full responsibility, ownership and management of large global P/Ls, to taking on the role of a trusted advisor.

The key to this change is repackaging three decades of hard-earned lessons and relevant insights to challenge leadership by asking the right questions and motivate the right decisions & actions. The keys to being a good coach in the corporate environment take on even greater meaning in a boardroom, where you have a fraction of the time compared to when you lead a business.

Success in this role comes down to becoming a “Rosetta Stone” – listening, advising, translating and siting at the intersection of those who own the company’s growth transformation, risk management, and stakeholder management.

Q: Do boards need to change their approach or structure to provide greater governance and keep up with evolving digitalization opportunities and risk issues?

A: Yes. In my experience, the best boards are laser focused on strategy, providing not just oversight, but insights and foresight. Excelling at the latter two objectives over the last two years has meant a change in approach and a critical shift in the role.

Success today requires a more nuanced approach with more frequent check-ins with management. Key topics include more dynamic decision making, challenging and figuring out ways for organisations to become more resilient, and planning how to emerge from the pandemic. Those needs, combined with the continuing global discontinuities and the operational risk issues with the increasingly volatile cyber threat landscape, require boards to implement a new approach and new structure. Some of my high growth company boards have formalised the setup of value creation and strategy committees, technology/cyber committees, and have gone deeper into ESG or crisis management.

More fundamentally, the phenotype of US corporate boardrooms has transformed with the addition of more diversity, especially race, age and gender, which has also led to changes in structure, approach and diverse ideas.

Q: How have audit committees for both private and public companies progressed to address risk around fraud, ethics, and conflicts of interest?

A: Over the last few decades, audit committees have developed a robust playbook of actions that are essential for companies to address these risks. We are now living in the Trust Age. This is a time where information – and misinformation – is omnipresent. Perceptions reign supreme, and digital security and data privacy are constantly threatened. The safeguarding of trust and safety of stakeholders has become non-negotiable.

Whistle-blower hotlines and internal code of conduct training must be augmented with sophisticated, various third-party systems that include a set of both preventative controls and detection controls to provide nonstop, real-time monitoring and to flag industry-specific risk alerts.

Table stakes for audit committees now include anonymous reporting, triage, incident response, as well as forensic and legal investigations. These initiatives are supported through sophisticated AI and machine learning software and a network of global service providers with experts on the ground in different jurisdictions. Heads of compliance can quickly scan the global regulatory landscape changes that impact their unique business operations through advanced vendor risk monitoring and politically exposed person (PEP) lists as part of their legal contracting process.

Q: In the wake of SolarWinds and greater supply chain scrutiny, what best practices are you seeing implemented at forward thinking companies?

A: Here are some of the best practices that we have been implementing across my companies:

• Leveraging independent cyber scoring to enable real-time monitoring of supply chain risks.
• A detailed and proactive crisis management framework including retainers with third-party experts for cyber-recovery, forensics, and ransom (especially Bitcoin) negotiations.
• Going beyond the traditional reliance on brand and communications firms and building up core competencies in-house.

Forward thinking companies and boards are challenging themselves to ensure that at least one board member is or has been a cyber/info security practitioner. This ensures that someone on the board team works closely with the Chief Information Security Officer (CISO) and is bringing the latest developments in this very dynamic, high-risk and high-reward area.

Cyber risk poses both an opportunity and a threat. To use a sports analogy, companies need to assess whether they go on the offensive or stay defensive. Offense is demonstrating positive resilience versus only focussing on protection and being reactionary. Forward thinking companies are setting up a separate technology and innovation committees or sub-committees to focus on how cyber can become a strategic and competitive differentiator.